chore: bundled more helm charts
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index ac3d06c..a5985f5 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,4 +1,4 @@
-exclude: '^atmosphere/jsonnet/vendor'
+exclude: '^(atmosphere/jsonnet/vendor|charts)'
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
diff --git a/charts/ceph-csi-rbd/.helmignore b/charts/ceph-csi-rbd/.helmignore
new file mode 100644
index 0000000..f0c1319
--- /dev/null
+++ b/charts/ceph-csi-rbd/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/charts/ceph-csi-rbd/Chart.yaml b/charts/ceph-csi-rbd/Chart.yaml
new file mode 100644
index 0000000..df3b99d
--- /dev/null
+++ b/charts/ceph-csi-rbd/Chart.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+appVersion: 3.5.1
+description: Container Storage Interface (CSI) driver, provisioner, snapshotter, and
+ attacher for Ceph RBD
+home: https://github.com/ceph/ceph-csi
+icon: https://raw.githubusercontent.com/ceph/ceph-csi/v3.5.1/assets/ceph-logo.png
+keywords:
+- ceph
+- rbd
+- ceph-csi
+name: ceph-csi-rbd
+sources:
+- https://github.com/ceph/ceph-csi/tree/v3.5.1/charts/ceph-csi-rbd
+version: 3.5.1
diff --git a/charts/ceph-csi-rbd/README.md b/charts/ceph-csi-rbd/README.md
new file mode 100644
index 0000000..117facb
--- /dev/null
+++ b/charts/ceph-csi-rbd/README.md
@@ -0,0 +1,188 @@
+# ceph-csi-rbd
+
+The ceph-csi-rbd chart adds rbd volume support to your cluster.
+
+## Install from release repo
+
+Add chart repository to install helm charts from it
+
+```console
+helm repo add ceph-csi https://ceph.github.io/csi-charts
+```
+
+## Install from local Chart
+
+we need to enter into the directory where all charts are present
+
+```console
+cd charts
+```
+
+**Note:** charts directory is present in root of the ceph-csi project
+
+### Install chart
+
+To install the Chart into your Kubernetes cluster
+
+- For helm 2.x
+
+ ```bash
+ helm install --namespace "ceph-csi-rbd" --name "ceph-csi-rbd" ceph-csi/ceph-csi-rbd
+ ```
+
+- For helm 3.x
+
+ Create the namespace where Helm should install the components with
+
+ ```bash
+ kubectl create namespace "ceph-csi-rbd"
+ ```
+
+ Run the installation
+
+ ```bash
+ helm install --namespace "ceph-csi-rbd" "ceph-csi-rbd" ceph-csi/ceph-csi-rbd
+ ```
+
+After installation succeeds, you can get a status of Chart
+
+```bash
+helm status "ceph-csi-rbd"
+```
+
+### Delete Chart
+
+If you want to delete your Chart, use this command
+
+- For helm 2.x
+
+ ```bash
+ helm delete --purge "ceph-csi-rbd"
+ ```
+
+- For helm 3.x
+
+ ```bash
+ helm uninstall "ceph-csi-rbd" --namespace "ceph-csi-rbd"
+ ```
+
+If you want to delete the namespace, use this command
+
+```bash
+kubectl delete namespace ceph-csi-rbd
+```
+
+### Configuration
+
+The following table lists the configurable parameters of the ceph-csi-cephfs
+charts and their default values.
+
+| Parameter | Description | Default |
+| ---------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- |
+| `rbac.create` | Specifies whether RBAC resources should be created | `true` |
+| `serviceAccounts.nodeplugin.create` | Specifies whether a nodeplugin ServiceAccount should be created | `true` |
+| `serviceAccounts.nodeplugin.name` | The name of the nodeplugin ServiceAccount to use. If not set and create is true, a name is generated using the fullname | "" |
+| `serviceAccounts.provisioner.create` | Specifies whether a provisioner ServiceAccount should be created | `true` |
+| `serviceAccounts.provisioner.name` | The name of the provisioner ServiceAccount to use. If not set and create is true, a name is generated using the fullname | "" |
+| `csiConfig` | Configuration for the CSI to connect to the cluster | [] |
+| `csiMapping` | Configuration details of clusterID,PoolID,FscID mapping | [] |
+| `encryptionKMSConfig` | Configuration for the encryption KMS | `{}` |
+| `logLevel` | Set logging level for csi containers. Supported values from 0 to 5. 0 for general useful logs, 5 for trace level verbosity. | `5` |
+| `nodeplugin.name` | Specifies the nodeplugins name | `nodeplugin` |
+| `nodeplugin.updateStrategy` | Specifies the update Strategy. If you are using ceph-fuse client set this value to OnDelete | `RollingUpdate` |
+| `nodeplugin.priorityClassName` | Set user created priorityclassName for csi plugin pods. default is system-node-critical which is highest priority | `system-node-critical` |
+| `nodeplugin.profiling.enabled` | Specifies whether profiling should be enabled | `false` |
+| `nodeplugin.registrar.image.repository` | Node Registrar image repository URL | `k8s.gcr.io/sig-storage/csi-node-driver-registrar` |
+| `nodeplugin.registrar.image.tag` | Image tag | `v2.2.0` |
+| `nodeplugin.registrar.image.pullPolicy` | Image pull policy | `IfNotPresent` |
+| `nodeplugin.plugin.image.repository` | Nodeplugin image repository URL | `quay.io/cephcsi/cephcsi` |
+| `nodeplugin.plugin.image.tag` | Image tag | `canary` |
+| `nodeplugin.plugin.image.pullPolicy` | Image pull policy | `IfNotPresent` |
+| `nodeplugin.nodeSelector` | Kubernetes `nodeSelector` to add to the Daemonset | `{}` |
+| `nodeplugin.tolerations` | List of Kubernetes `tolerations` to add to the Daemonset | `{}` |
+| `nodeplugin.podSecurityPolicy.enabled` | If true, create & use [Pod Security Policy resources](https://kubernetes.io/docs/concepts/policy/pod-security-policy/). | `false` |
+| `provisioner.name` | Specifies the name of provisioner | `provisioner` |
+| `provisioner.replicaCount` | Specifies the replicaCount | `3` |
+| `provisioner.defaultFSType` | Specifies the default Fstype | `ext4` |
+| `provisioner.deployController` | It enables or disables the deployment of controller which generates the OMAP data if it is not present | `true` |
+| `provisioner.hardMaxCloneDepth` | Hard limit for maximum number of nested volume clones that are taken before a flatten occurs | `8` |
+| `provisioner.softMaxCloneDepth` | Soft limit for maximum number of nested volume clones that are taken before a flatten occurs | `4` |
+| `provisioner.maxSnapshotsOnImage` | Maximum number of snapshots allowed on rbd image without flattening | `450` |
+| `provisioner.minSnapshotsOnImage` | Minimum number of snapshots allowed on rbd image to trigger flattening | `250` |
+| `provisioner.skipForceFlatten` | Skip image flattening if kernel support mapping of rbd images which has the deep-flatten feature | `false` |
+| `provisioner.timeout` | GRPC timeout for waiting for creation or deletion of a volume | `60s` |
+| `provisioner.priorityClassName` | Set user created priorityclassName for csi provisioner pods. Default is `system-cluster-critical` which is less priority than `system-node-critical` | `system-cluster-critical` |
+| `provisioner.profiling.enabled` | Specifies whether profiling should be enabled | `false` |
+| `provisioner.provisioner.image.repository` | Specifies the csi-provisioner image repository URL | `k8s.gcr.io/sig-storage/csi-provisioner` |
+| `provisioner.provisioner.image.tag` | Specifies image tag | `v2.2.2` |
+| `provisioner.provisioner.image.pullPolicy` | Specifies pull policy | `IfNotPresent` |
+| `provisioner.attacher.image.repository` | Specifies the csi-attacher image repository URL | `k8s.gcr.io/sig-storage/csi-attacher` |
+| `provisioner.attacher.image.tag` | Specifies image tag | `v3.2.1` |
+| `provisioner.attacher.image.pullPolicy` | Specifies pull policy | `IfNotPresent` |
+| `provisioner.attacher.name` | Specifies the name of csi-attacher sidecar | `attacher` |
+| `provisioner.attacher.enabled` | Specifies whether attacher sidecar is enabled | `true` |
+| `provisioner.resizer.image.repository` | Specifies the csi-resizer image repository URL | `k8s.gcr.io/sig-storage/csi-resizer` |
+| `provisioner.resizer.image.tag` | Specifies image tag | `v1.2.0` |
+| `provisioner.resizer.image.pullPolicy` | Specifies pull policy | `IfNotPresent` |
+| `provisioner.resizer.name` | Specifies the name of csi-resizer sidecar | `resizer` |
+| `provisioner.resizer.enabled` | Specifies whether resizer sidecar is enabled | `true` |
+| `provisioner.snapshotter.image.repository` | Specifies the csi-snapshotter image repository URL | `k8s.gcr.io/sig-storage/csi-snapshotter` |
+| `provisioner.snapshotter.image.tag` | Specifies image tag | `v4.1.1` |
+| `provisioner.snapshotter.image.pullPolicy` | Specifies pull policy | `IfNotPresent` |
+| `provisioner.nodeSelector` | Specifies the node selector for provisioner deployment | `{}` |
+| `provisioner.tolerations` | Specifies the tolerations for provisioner deployment | `{}` |
+| `provisioner.affinity` | Specifies the affinity for provisioner deployment | `{}` |
+| `provisioner.podSecurityPolicy.enabled` | Specifies whether podSecurityPolicy is enabled | `false` |
+| `topology.enabled` | Specifies whether topology based provisioning support should be exposed by CSI | `false` |
+| `topology.domainLabels` | DomainLabels define which node labels to use as domains for CSI nodeplugins to advertise their domains | `{}` |
+| `provisionerSocketFile` | The filename of the provisioner socket | `csi-provisioner.sock` |
+| `pluginSocketFile` | The filename of the plugin socket | `csi.sock` |
+| `kubeletDir` | kubelet working directory | `/var/lib/kubelet` |
+| `cephLogDirHostPath` | Host path location for ceph client processes logging, ex: rbd-nbd | `/var/log/ceph` |
+| `driverName` | Name of the csi-driver | `rbd.csi.ceph.com` |
+| `configMapName` | Name of the configmap which contains cluster configuration | `ceph-csi-config` |
+| `externallyManagedConfigmap` | Specifies the use of an externally provided configmap | `false` |
+| `kmsConfigMapName` | Name of the configmap used for encryption kms configuration | `ceph-csi-encryption-kms-config` |
+| `storageClass.create` | Specifies whether the StorageClass should be created | `false` |
+| `storageClass.name` | Specifies the rbd StorageClass name | `csi-rbd-sc` |
+| `storageClass.annotations` | Specifies the annotations for the rbd StorageClass | `[]` |
+| `storageClass.clusterID` | String representing a Ceph cluster to provision storage from | `<cluster-ID>` |
+| `storageClass.dataPool` | Specifies the erasure coded pool | `""` |
+| `storageClass.pool` | Ceph pool into which the RBD image shall be created | `replicapool` |
+| `storageClass.thickProvision` | Specifies whether thick provision should be enabled | `false` |
+| `storageclass.imageFeatures` | Specifies RBD image features | `layering` |
+| `storageclass.tryOtherMounters` | Specifies whether to try other mounters in case if the current mounter fails to mount the rbd image for any reason | `false` |
+| `storageClass.mounter` | Specifies RBD mounter | `""` |
+| `storageClass.cephLogDir` | ceph client log location, it is the target bindmount path used inside container | `"/var/log/ceph"` |
+| `storageClass.cephLogStrategy` | ceph client log strategy, available options `remove` or `compress` or `preserve` | `"remove"` |
+| `storageClass.volumeNamePrefix` | Prefix to use for naming RBD images | `""` |
+| `storageClass.encrypted` | Specifies whether volume should be encrypted. Set it to true if you want to enable encryption | `""` |
+| `storageClass.encryptionKMSID` | Specifies the encryption kms id | `""` |
+| `storageClass.topologyConstrainedPools` | Add topology constrained pools configuration, if topology based pools are setup, and topology constrained provisioning is required | `[]` |
+| `storageClass.mapOptions` | Specifies comma-separated list of map options | `""` |
+| `storageClass.unmapOtpions` | Specifies comma-separated list of unmap options | `""` |
+| `storageClass.provisionerSecret` | The secrets have to contain user and/or Ceph admin credentials. | `csi-rbd-secret` |
+| `storageClass.provisionerSecretNamespace` | Specifies the provisioner secret namespace | `""` |
+| `storageClass.controllerExpandSecret` | Specifies the controller expand secret name | `csi-rbd-secret` |
+| `storageClass.controllerExpandSecretNamespace` | Specifies the controller expand secret namespace | `""` |
+| `storageClass.nodeStageSecret` | Specifies the node stage secret name | `csi-rbd-secret` |
+| `storageClass.nodeStageSecretNamespace` | Specifies the node stage secret namespace | `""` |
+| `storageClass.fstype` | Specify the filesystem type of the volume | `ext4` |
+| `storageClass.reclaimPolicy` | Specifies the reclaim policy of the StorageClass | `Delete` |
+| `storageClass.allowVolumeExpansion` | Specifies whether volume expansion should be allowed | `true` |
+| `storageClass.mountOptions` | Specifies the mount options for storageClass | `[]` |
+| `secret.create` | Specifies whether the secret should be created | `false` |
+| `secret.name` | Specifies the rbd secret name | `csi-rbd-secret` |
+| `secret.userID` | Specifies the user ID of the rbd secret | `<plaintext ID>` |
+| `secret.userKey` | Specifies the key that corresponds to the userID | `<Ceph auth key corresponding to ID above>` |
+| `secret.encryptionPassphrase` | Specifies the encryption passphrase of the secret | `test_passphrase` |
+
+### Command Line
+
+You can pass the settings with helm command line parameters.
+Specify each parameter using the --set key=value argument to helm install.
+For Example:
+
+```bash
+helm install --set configMapName=ceph-csi-config --set provisioner.podSecurityPolicy.enabled=true
+```
diff --git a/charts/ceph-csi-rbd/templates/NOTES.txt b/charts/ceph-csi-rbd/templates/NOTES.txt
new file mode 100644
index 0000000..0788c00
--- /dev/null
+++ b/charts/ceph-csi-rbd/templates/NOTES.txt
@@ -0,0 +1,2 @@
+Examples on how to configure a storage class and start using the driver are here:
+https://github.com/ceph/ceph-csi/tree/v3.5.1/examples/rbd
diff --git a/charts/ceph-csi-rbd/templates/_helpers.tpl b/charts/ceph-csi-rbd/templates/_helpers.tpl
new file mode 100644
index 0000000..0a2613d
--- /dev/null
+++ b/charts/ceph-csi-rbd/templates/_helpers.tpl
@@ -0,0 +1,90 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "ceph-csi-rbd.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "ceph-csi-rbd.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "ceph-csi-rbd.nodeplugin.fullname" -}}
+{{- if .Values.nodeplugin.fullnameOverride -}}
+{{- .Values.nodeplugin.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- printf "%s-%s" .Release.Name .Values.nodeplugin.name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s-%s" .Release.Name $name .Values.nodeplugin.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "ceph-csi-rbd.provisioner.fullname" -}}
+{{- if .Values.provisioner.fullnameOverride -}}
+{{- .Values.provisioner.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- printf "%s-%s" .Release.Name .Values.provisioner.name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s-%s" .Release.Name $name .Values.provisioner.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "ceph-csi-rbd.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "ceph-csi-rbd.serviceAccountName.nodeplugin" -}}
+{{- if .Values.serviceAccounts.nodeplugin.create -}}
+ {{ default (include "ceph-csi-rbd.nodeplugin.fullname" .) .Values.serviceAccounts.nodeplugin.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccounts.nodeplugin.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "ceph-csi-rbd.serviceAccountName.provisioner" -}}
+{{- if .Values.serviceAccounts.provisioner.create -}}
+ {{ default (include "ceph-csi-rbd.provisioner.fullname" .) .Values.serviceAccounts.provisioner.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccounts.provisioner.name }}
+{{- end -}}
+{{- end -}}
diff --git a/charts/ceph-csi-rbd/templates/ceph-conf.yaml b/charts/ceph-csi-rbd/templates/ceph-conf.yaml
new file mode 100644
index 0000000..a9a6f00
--- /dev/null
+++ b/charts/ceph-csi-rbd/templates/ceph-conf.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: ceph-config
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ include "ceph-csi-rbd.name" . }}
+ chart: {{ include "ceph-csi-rbd.chart" . }}
+ component: {{ .Values.nodeplugin.name }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+ ceph.conf: |
+{{ tpl .Values.cephconf . | indent 4 }}
+ keyring: ""
diff --git a/charts/ceph-csi-rbd/templates/csidriver-crd.yaml b/charts/ceph-csi-rbd/templates/csidriver-crd.yaml
new file mode 100644
index 0000000..92c3d91
--- /dev/null
+++ b/charts/ceph-csi-rbd/templates/csidriver-crd.yaml
@@ -0,0 +1,11 @@
+{{ if semverCompare ">=1.18.0-beta.1" .Capabilities.KubeVersion.Version }}
+apiVersion: storage.k8s.io/v1
+{{ else }}
+apiVersion: storage.k8s.io/v1beta1
+{{ end }}
+kind: CSIDriver
+metadata:
+ name: {{ .Values.driverName }}
+spec:
+ attachRequired: true
+ podInfoOnMount: false
diff --git a/charts/ceph-csi-rbd/templates/csiplugin-configmap.yaml b/charts/ceph-csi-rbd/templates/csiplugin-configmap.yaml
new file mode 100644
index 0000000..f094402
--- /dev/null
+++ b/charts/ceph-csi-rbd/templates/csiplugin-configmap.yaml
@@ -0,0 +1,18 @@
+{{- if not .Values.externallyManagedConfigmap }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Values.configMapName | quote }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ include "ceph-csi-rbd.name" . }}
+ chart: {{ include "ceph-csi-rbd.chart" . }}
+ component: {{ .Values.nodeplugin.name }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+ config.json: |-
+{{ toJson .Values.csiConfig | indent 4 }}
+ cluster-mapping.json: |-
+{{ toJson .Values.csiMapping | indent 4 }}
+{{- end }}
diff --git a/charts/ceph-csi-rbd/templates/encryptionkms-configmap.yaml b/charts/ceph-csi-rbd/templates/encryptionkms-configmap.yaml
new file mode 100644
index 0000000..47b7d09
--- /dev/null
+++ b/charts/ceph-csi-rbd/templates/encryptionkms-configmap.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Values.kmsConfigMapName | quote }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ include "ceph-csi-rbd.name" . }}
+ chart: {{ include "ceph-csi-rbd.chart" . }}
+ component: {{ .Values.nodeplugin.name }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+ config.json: |-
+{{ toJson .Values.encryptionKMSConfig | indent 4 -}}
diff --git a/charts/ceph-csi-rbd/templates/nodeplugin-clusterrole.yaml b/charts/ceph-csi-rbd/templates/nodeplugin-clusterrole.yaml
new file mode 100644
index 0000000..93ec30e
--- /dev/null
+++ b/charts/ceph-csi-rbd/templates/nodeplugin-clusterrole.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.rbac.create -}}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ include "ceph-csi-rbd.nodeplugin.fullname" . }}
+ labels:
+ app: {{ include "ceph-csi-rbd.name" . }}
+ chart: {{ include "ceph-csi-rbd.chart" . }}
+ component: {{ .Values.nodeplugin.name }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+rules:
+{{- if .Values.topology.enabled }}
+ - apiGroups: [""]
+ resources: ["nodes"]
+ verbs: ["get"]
+{{- end }}
+ # allow to read Vault Token and connection options from the Tenants namespace
+ - apiGroups: [""]
+ resources: ["secrets"]
+ verbs: ["get"]
+ - apiGroups: [""]
+ resources: ["configmaps"]
+ verbs: ["get"]
+ - apiGroups: [""]
+ resources: ["serviceaccounts"]
+ verbs: ["get"]
+ - apiGroups: [""]
+ resources: ["persistentvolumes"]
+ verbs: ["get"]
+ - apiGroups: ["storage.k8s.io"]
+ resources: ["volumeattachments"]
+ verbs: ["list", "get"]
+{{- end -}}
diff --git a/charts/ceph-csi-rbd/templates/nodeplugin-clusterrolebinding.yaml b/charts/ceph-csi-rbd/templates/nodeplugin-clusterrolebinding.yaml
new file mode 100644
index 0000000..bf52865
--- /dev/null
+++ b/charts/ceph-csi-rbd/templates/nodeplugin-clusterrolebinding.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.rbac.create -}}
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ include "ceph-csi-rbd.nodeplugin.fullname" . }}
+ labels:
+ app: {{ include "ceph-csi-rbd.name" . }}
+ chart: {{ include "ceph-csi-rbd.chart" . }}
+ component: {{ .Values.nodeplugin.name }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ include "ceph-csi-rbd.serviceAccountName.nodeplugin" . }}
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: ClusterRole
+ name: {{ include "ceph-csi-rbd.nodeplugin.fullname" . }}
+ apiGroup: rbac.authorization.k8s.io
+{{- end -}}
diff --git a/charts/ceph-csi-rbd/templates/nodeplugin-daemonset.yaml b/charts/ceph-csi-rbd/templates/nodeplugin-daemonset.yaml
new file mode 100644
index 0000000..422ad08
--- /dev/null
+++ b/charts/ceph-csi-rbd/templates/nodeplugin-daemonset.yaml
@@ -0,0 +1,227 @@
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+ name: {{ include "ceph-csi-rbd.nodeplugin.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ include "ceph-csi-rbd.name" . }}
+ chart: {{ include "ceph-csi-rbd.chart" . }}
+ component: {{ .Values.nodeplugin.name }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "ceph-csi-rbd.name" . }}
+ component: {{ .Values.nodeplugin.name }}
+ release: {{ .Release.Name }}
+ updateStrategy:
+ type: {{ .Values.nodeplugin.updateStrategy }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "ceph-csi-rbd.name" . }}
+ chart: {{ include "ceph-csi-rbd.chart" . }}
+ component: {{ .Values.nodeplugin.name }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ spec:
+ serviceAccountName: {{ include "ceph-csi-rbd.serviceAccountName.nodeplugin" . }}
+ hostNetwork: true
+ hostPID: true
+{{- if .Values.nodeplugin.priorityClassName }}
+ priorityClassName: {{ .Values.nodeplugin.priorityClassName }}
+{{- end }}
+ # to use e.g. Rook orchestrated cluster, and mons' FQDN is
+ # resolved through k8s service, set dns policy to cluster first
+ dnsPolicy: ClusterFirstWithHostNet
+ containers:
+ - name: driver-registrar
+ # This is necessary only for systems with SELinux, where
+ # non-privileged sidecar containers cannot access unix domain socket
+ # created by privileged CSI driver container.
+ securityContext:
+ privileged: true
+ image: "{{ .Values.nodeplugin.registrar.image.repository }}:{{ .Values.nodeplugin.registrar.image.tag }}"
+ imagePullPolicy: {{ .Values.nodeplugin.registrar.image.pullPolicy }}
+ args:
+ - "--v={{ .Values.logLevel }}"
+ - "--csi-address=/csi/{{ .Values.pluginSocketFile }}"
+ - "--kubelet-registration-path={{ .Values.kubeletDir }}/plugins/{{ .Values.driverName }}/{{ .Values.pluginSocketFile }}"
+ env:
+ - name: KUBE_NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ volumeMounts:
+ - name: socket-dir
+ mountPath: /csi
+ - name: registration-dir
+ mountPath: /registration
+ resources:
+{{ toYaml .Values.nodeplugin.registrar.resources | indent 12 }}
+ - name: csi-rbdplugin
+ image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}"
+ imagePullPolicy: {{ .Values.nodeplugin.plugin.image.pullPolicy }}
+ args:
+ - "--nodeid=$(NODE_ID)"
+ - "--pluginpath={{ .Values.kubeletDir }}/plugins"
+ - "--stagingpath={{ .Values.kubeletDir }}/plugins/kubernetes.io/csi/pv/"
+ - "--type=rbd"
+ - "--nodeserver=true"
+ - "--pidlimit=-1"
+ - "--endpoint=$(CSI_ENDPOINT)"
+ - "--csi-addons-endpoint=$(CSI_ADDONS_ENDPOINT)"
+ - "--v={{ .Values.logLevel }}"
+ - "--drivername=$(DRIVER_NAME)"
+{{- if .Values.topology.enabled }}
+ - "--domainlabels={{ .Values.topology.domainLabels | join "," }}"
+{{- end }}
+{{- if .Values.nodeplugin.profiling.enabled }}
+ - "--enableprofiling={{ .Values.nodeplugin.profiling.enabled }}"
+{{- end }}
+ env:
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ - name: DRIVER_NAME
+ value: {{ .Values.driverName }}
+ - name: NODE_ID
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: CSI_ENDPOINT
+ value: "unix:///csi/{{ .Values.pluginSocketFile }}"
+ - name: CSI_ADDONS_ENDPOINT
+ value: "unix:///csi/csi-addons.sock"
+ securityContext:
+ privileged: true
+ capabilities:
+ add: ["SYS_ADMIN"]
+ allowPrivilegeEscalation: true
+ volumeMounts:
+ - name: socket-dir
+ mountPath: /csi
+ - mountPath: /dev
+ name: host-dev
+ - mountPath: /run/mount
+ name: host-mount
+ - mountPath: /sys
+ name: host-sys
+ - mountPath: /etc/selinux
+ name: etc-selinux
+ readOnly: true
+ - mountPath: /lib/modules
+ name: lib-modules
+ readOnly: true
+ - name: ceph-csi-config
+ mountPath: /etc/ceph-csi-config/
+ - name: ceph-config
+ mountPath: /etc/ceph/
+ - name: ceph-csi-encryption-kms-config
+ mountPath: /etc/ceph-csi-encryption-kms-config/
+ - name: plugin-dir
+ mountPath: {{ .Values.kubeletDir }}/plugins
+ mountPropagation: "Bidirectional"
+ - name: mountpoint-dir
+ mountPath: {{ .Values.kubeletDir }}/pods
+ mountPropagation: "Bidirectional"
+ - name: keys-tmp-dir
+ mountPath: /tmp/csi/keys
+ - name: ceph-logdir
+ mountPath: /var/log/ceph
+ resources:
+{{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }}
+{{- if .Values.nodeplugin.httpMetrics.enabled }}
+ - name: liveness-prometheus
+ securityContext:
+ privileged: true
+ image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}"
+ imagePullPolicy: {{ .Values.nodeplugin.plugin.image.pullPolicy }}
+ args:
+ - "--type=liveness"
+ - "--endpoint=$(CSI_ENDPOINT)"
+ - "--metricsport={{ .Values.nodeplugin.httpMetrics.containerPort }}"
+ - "--metricspath=/metrics"
+ - "--polltime=60s"
+ - "--timeout=3s"
+ env:
+ - name: CSI_ENDPOINT
+ value: "unix:///csi/{{ .Values.pluginSocketFile }}"
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ volumeMounts:
+ - name: socket-dir
+ mountPath: /csi
+ resources:
+{{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }}
+{{- end }}
+ volumes:
+ - name: socket-dir
+ hostPath:
+ path: "{{ .Values.kubeletDir }}/plugins/{{ .Values.driverName }}"
+ type: DirectoryOrCreate
+ - name: registration-dir
+ hostPath:
+ path: {{ .Values.kubeletDir }}/plugins_registry
+ type: Directory
+ - name: plugin-dir
+ hostPath:
+ path: {{ .Values.kubeletDir }}/plugins
+ type: Directory
+ - name: mountpoint-dir
+ hostPath:
+ path: {{ .Values.kubeletDir }}/pods
+ type: DirectoryOrCreate
+ - name: ceph-logdir
+ hostPath:
+ path: {{ .Values.cephLogDirHostPath }}
+ type: DirectoryOrCreate
+ - name: host-dev
+ hostPath:
+ path: /dev
+ - name: host-mount
+ hostPath:
+ path: /run/mount
+ - name: host-sys
+ hostPath:
+ path: /sys
+ - name: etc-selinux
+ hostPath:
+ path: /etc/selinux
+ - name: lib-modules
+ hostPath:
+ path: /lib/modules
+ - name: ceph-config
+ configMap:
+ name: ceph-config
+ - name: ceph-csi-config
+ configMap:
+ name: {{ .Values.configMapName | quote }}
+{{- if .Values.configMapKey }}
+ items:
+ - key: {{ .Values.configMapKey | quote }}
+ path: config.json
+{{- end }}
+ - name: ceph-csi-encryption-kms-config
+ configMap:
+ name: {{ .Values.kmsConfigMapName | quote }}
+ - name: keys-tmp-dir
+ emptyDir: {
+ medium: "Memory"
+ }
+{{- if .Values.nodeplugin.affinity }}
+ affinity:
+{{ toYaml .Values.nodeplugin.affinity | indent 8 -}}
+{{- end -}}
+{{- if .Values.nodeplugin.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeplugin.nodeSelector | indent 8 -}}
+{{- end -}}
+{{- if .Values.nodeplugin.tolerations }}
+ tolerations:
+{{ toYaml .Values.nodeplugin.tolerations | indent 8 -}}
+{{- end -}}
diff --git a/charts/ceph-csi-rbd/templates/nodeplugin-http-service.yaml b/charts/ceph-csi-rbd/templates/nodeplugin-http-service.yaml
new file mode 100644
index 0000000..68a3942
--- /dev/null
+++ b/charts/ceph-csi-rbd/templates/nodeplugin-http-service.yaml
@@ -0,0 +1,41 @@
+{{- if .Values.nodeplugin.httpMetrics.service.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+{{- if .Values.nodeplugin.httpMetrics.service.annotations }}
+ annotations:
+{{ toYaml .Values.nodeplugin.httpMetrics.service.annotations | indent 4 }}
+{{- end }}
+ name: {{ include "ceph-csi-rbd.nodeplugin.fullname" . }}-http-metrics
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ include "ceph-csi-rbd.fullname" . }}
+ chart: {{ include "ceph-csi-rbd.chart" . }}
+ component: {{ .Values.nodeplugin.name }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+{{- if .Values.nodeplugin.httpMetrics.service.clusterIP }}
+ clusterIP: "{{ .Values.nodeplugin.httpMetrics.service.clusterIP }}"
+{{- end }}
+{{- if .Values.nodeplugin.httpMetrics.service.externalIPs }}
+ externalIPs:
+{{ toYaml .Values.nodeplugin.httpMetrics.service.externalIPs | indent 4 }}
+{{- end }}
+{{- if .Values.nodeplugin.httpMetrics.service.loadBalancerIP }}
+ loadBalancerIP: "{{ .Values.nodeplugin.httpMetrics.service.loadBalancerIP }}"
+{{- end }}
+{{- if .Values.nodeplugin.httpMetrics.service.loadBalancerSourceRanges }}
+ loadBalancerSourceRanges:
+{{ toYaml .Values.nodeplugin.httpMetrics.service.loadBalancerSourceRanges | indent 4 }}
+{{- end }}
+ ports:
+ - name: http-metrics
+ port: {{ .Values.nodeplugin.httpMetrics.service.servicePort }}
+ targetPort: {{ .Values.nodeplugin.httpMetrics.containerPort }}
+ selector:
+ app: {{ include "ceph-csi-rbd.name" . }}
+ component: {{ .Values.nodeplugin.name }}
+ release: {{ .Release.Name }}
+ type: "{{ .Values.nodeplugin.httpMetrics.service.type }}"
+{{- end -}}
diff --git a/charts/ceph-csi-rbd/templates/nodeplugin-psp.yaml b/charts/ceph-csi-rbd/templates/nodeplugin-psp.yaml
new file mode 100644
index 0000000..e4c01cd
--- /dev/null
+++ b/charts/ceph-csi-rbd/templates/nodeplugin-psp.yaml
@@ -0,0 +1,48 @@
+{{- if .Values.nodeplugin.podSecurityPolicy.enabled -}}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ include "ceph-csi-rbd.nodeplugin.fullname" . }}
+ labels:
+ app: {{ include "ceph-csi-rbd.name" . }}
+ chart: {{ include "ceph-csi-rbd.chart" . }}
+ component: {{ .Values.nodeplugin.name }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ allowPrivilegeEscalation: true
+ allowedCapabilities:
+ - 'SYS_ADMIN'
+ fsGroup:
+ rule: RunAsAny
+ privileged: true
+ hostNetwork: true
+ hostPID: true
+ runAsUser:
+ rule: RunAsAny
+ seLinux:
+ rule: RunAsAny
+ supplementalGroups:
+ rule: RunAsAny
+ volumes:
+ - 'configMap'
+ - 'emptyDir'
+ - 'projected'
+ - 'secret'
+ - 'hostPath'
+ allowedHostPaths:
+ - pathPrefix: '/dev'
+ readOnly: false
+ - pathPrefix: '/run/mount'
+ readOnly: false
+ - pathPrefix: '/sys'
+ readOnly: false
+ - pathPrefix: '/etc/selinux'
+ readOnly: true
+ - pathPrefix: '/lib/modules'
+ readOnly: true
+ - pathPrefix: '{{ .Values.cephLogDirHostPath }}'
+ readOnly: false
+ - pathPrefix: '{{ .Values.kubeletDir }}'
+ readOnly: false
+{{- end }}
diff --git a/charts/ceph-csi-rbd/templates/nodeplugin-role.yaml b/charts/ceph-csi-rbd/templates/nodeplugin-role.yaml
new file mode 100644
index 0000000..d9d5a0e
--- /dev/null
+++ b/charts/ceph-csi-rbd/templates/nodeplugin-role.yaml
@@ -0,0 +1,18 @@
+{{- if and .Values.rbac.create .Values.nodeplugin.podSecurityPolicy.enabled -}}
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ include "ceph-csi-rbd.nodeplugin.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ include "ceph-csi-rbd.name" . }}
+ chart: {{ include "ceph-csi-rbd.chart" . }}
+ component: {{ .Values.nodeplugin.name }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+rules:
+ - apiGroups: ['policy']
+ resources: ['podsecuritypolicies']
+ verbs: ['use']
+ resourceNames: ['{{ include "ceph-csi-rbd.nodeplugin.fullname" . }}']
+{{- end -}}
diff --git a/charts/ceph-csi-rbd/templates/nodeplugin-rolebinding.yaml b/charts/ceph-csi-rbd/templates/nodeplugin-rolebinding.yaml
new file mode 100644
index 0000000..f4cce98
--- /dev/null
+++ b/charts/ceph-csi-rbd/templates/nodeplugin-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- if and .Values.rbac.create .Values.nodeplugin.podSecurityPolicy.enabled -}}
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ include "ceph-csi-rbd.nodeplugin.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ include "ceph-csi-rbd.name" . }}
+ chart: {{ include "ceph-csi-rbd.chart" . }}
+ component: {{ .Values.nodeplugin.name }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ include "ceph-csi-rbd.serviceAccountName.nodeplugin" . }}
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: Role
+ name: {{ include "ceph-csi-rbd.nodeplugin.fullname" . }}
+ apiGroup: rbac.authorization.k8s.io
+{{- end -}}
diff --git a/charts/ceph-csi-rbd/templates/nodeplugin-rules-clusterrole.yaml b/charts/ceph-csi-rbd/templates/nodeplugin-rules-clusterrole.yaml
new file mode 100644
index 0000000..802c79c
--- /dev/null
+++ b/charts/ceph-csi-rbd/templates/nodeplugin-rules-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.rbac.create -}}
+{{- if .Values.topology.enabled }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ include "ceph-csi-rbd.nodeplugin.fullname" . }}-rules
+ labels:
+ app: {{ include "ceph-csi-rbd.name" . }}
+ chart: {{ include "ceph-csi-rbd.chart" . }}
+ component: {{ .Values.nodeplugin.name }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ rbac.rbd.csi.ceph.com/aggregate-to-{{ include "ceph-csi-rbd.nodeplugin.fullname" . }}: "true"
+rules:
+ - apiGroups: [""]
+ resources: ["nodes"]
+ verbs: ["get"]
+{{- end }}
+{{- end -}}
diff --git a/charts/ceph-csi-rbd/templates/nodeplugin-serviceaccount.yaml b/charts/ceph-csi-rbd/templates/nodeplugin-serviceaccount.yaml
new file mode 100644
index 0000000..36e1ee7
--- /dev/null
+++ b/charts/ceph-csi-rbd/templates/nodeplugin-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- if .Values.serviceAccounts.nodeplugin.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "ceph-csi-rbd.serviceAccountName.nodeplugin" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ include "ceph-csi-rbd.name" . }}
+ chart: {{ include "ceph-csi-rbd.chart" . }}
+ component: {{ .Values.nodeplugin.name }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+{{- end -}}
diff --git a/charts/ceph-csi-rbd/templates/provisioner-clusterrole.yaml b/charts/ceph-csi-rbd/templates/provisioner-clusterrole.yaml
new file mode 100644
index 0000000..0327057
--- /dev/null
+++ b/charts/ceph-csi-rbd/templates/provisioner-clusterrole.yaml
@@ -0,0 +1,71 @@
+{{- if .Values.rbac.create -}}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ include "ceph-csi-rbd.provisioner.fullname" . }}
+ labels:
+ app: {{ include "ceph-csi-rbd.name" . }}
+ chart: {{ include "ceph-csi-rbd.chart" . }}
+ component: {{ .Values.provisioner.name }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+rules:
+ - apiGroups: [""]
+ resources: ["secrets"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: [""]
+ resources: ["persistentvolumes"]
+ verbs: ["get", "list", "watch", "create", "update", "delete", "patch"]
+ - apiGroups: [""]
+ resources: ["persistentvolumeclaims"]
+ verbs: ["get", "list", "watch", "update"]
+ - apiGroups: ["storage.k8s.io"]
+ resources: ["storageclasses"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: [""]
+ resources: ["events"]
+ verbs: ["list", "watch", "create", "update", "patch"]
+ - apiGroups: [""]
+ resources: ["endpoints"]
+ verbs: ["get", "create", "update"]
+{{- if .Values.provisioner.attacher.enabled }}
+ - apiGroups: ["storage.k8s.io"]
+ resources: ["volumeattachments"]
+ verbs: ["get", "list", "watch", "update", "patch"]
+ - apiGroups: ["storage.k8s.io"]
+ resources: ["volumeattachments/status"]
+ verbs: ["patch"]
+{{- end }}
+ - apiGroups: ["snapshot.storage.k8s.io"]
+ resources: ["volumesnapshots"]
+ verbs: ["get", "list"]
+ - apiGroups: ["snapshot.storage.k8s.io"]
+ resources: ["volumesnapshotcontents"]
+ verbs: ["create", "get", "list", "watch", "update", "delete"]
+ - apiGroups: ["snapshot.storage.k8s.io"]
+ resources: ["volumesnapshotclasses"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["snapshot.storage.k8s.io"]
+ resources: ["volumesnapshotcontents/status"]
+ verbs: ["update"]
+ - apiGroups: [""]
+ resources: ["configmaps"]
+ verbs: ["get"]
+ - apiGroups: [""]
+ resources: ["serviceaccounts"]
+ verbs: ["get"]
+{{- if .Values.provisioner.resizer.enabled }}
+ - apiGroups: [""]
+ resources: ["persistentvolumeclaims/status"]
+ verbs: ["update", "patch"]
+{{- end }}
+{{- if .Values.topology.enabled }}
+ - apiGroups: [""]
+ resources: ["nodes"]
+ verbs: ["get", "list","watch"]
+ - apiGroups: ["storage.k8s.io"]
+ resources: ["csinodes"]
+ verbs: ["get", "list", "watch"]
+{{- end }}
+
+{{- end -}}
diff --git a/charts/ceph-csi-rbd/templates/provisioner-clusterrolebinding.yaml b/charts/ceph-csi-rbd/templates/provisioner-clusterrolebinding.yaml
new file mode 100644
index 0000000..5a08610
--- /dev/null
+++ b/charts/ceph-csi-rbd/templates/provisioner-clusterrolebinding.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.rbac.create -}}
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ include "ceph-csi-rbd.provisioner.fullname" . }}
+ labels:
+ app: {{ include "ceph-csi-rbd.name" . }}
+ chart: {{ include "ceph-csi-rbd.chart" . }}
+ component: {{ .Values.provisioner.name }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ include "ceph-csi-rbd.serviceAccountName.provisioner" . }}
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: ClusterRole
+ name: {{ include "ceph-csi-rbd.provisioner.fullname" . }}
+ apiGroup: rbac.authorization.k8s.io
+{{- end -}}
diff --git a/charts/ceph-csi-rbd/templates/provisioner-deployment.yaml b/charts/ceph-csi-rbd/templates/provisioner-deployment.yaml
new file mode 100644
index 0000000..86a04db
--- /dev/null
+++ b/charts/ceph-csi-rbd/templates/provisioner-deployment.yaml
@@ -0,0 +1,281 @@
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ name: {{ include "ceph-csi-rbd.provisioner.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ include "ceph-csi-rbd.name" . }}
+ chart: {{ include "ceph-csi-rbd.chart" . }}
+ component: {{ .Values.provisioner.name }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.provisioner.replicaCount }}
+ strategy:
+ type: {{ .Values.provisioner.strategy.type }}
+{{- if eq .Values.provisioner.strategy.type "RollingUpdate" }}
+ rollingUpdate:
+ maxUnavailable: {{ .Values.provisioner.strategy.rollingUpdate.maxUnavailable }}
+{{- end }}
+ selector:
+ matchLabels:
+ app: {{ include "ceph-csi-rbd.name" . }}
+ component: {{ .Values.provisioner.name }}
+ release: {{ .Release.Name }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "ceph-csi-rbd.name" . }}
+ chart: {{ include "ceph-csi-rbd.chart" . }}
+ component: {{ .Values.provisioner.name }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ spec:
+{{- if gt (int .Values.provisioner.replicaCount) 1 }}
+ affinity:
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchExpressions:
+ - key: app
+ operator: In
+ values:
+ - {{ include "ceph-csi-rbd.name" . }}
+ - key: component
+ operator: In
+ values:
+ - {{ .Values.provisioner.name }}
+ topologyKey: "kubernetes.io/hostname"
+{{- end }}
+ serviceAccountName: {{ include "ceph-csi-rbd.serviceAccountName.provisioner" . }}
+{{- if .Values.provisioner.priorityClassName }}
+ priorityClassName: {{ .Values.provisioner.priorityClassName }}
+{{- end }}
+ containers:
+ - name: csi-provisioner
+ image: "{{ .Values.provisioner.provisioner.image.repository }}:{{ .Values.provisioner.provisioner.image.tag }}"
+ imagePullPolicy: {{ .Values.provisioner.provisioner.image.pullPolicy }}
+ args:
+ - "--csi-address=$(ADDRESS)"
+ - "--v={{ .Values.logLevel }}"
+ - "--timeout={{ .Values.provisioner.timeout }}"
+ - "--leader-election=true"
+ - "--retry-interval-start=500ms"
+ - "--default-fstype={{ .Values.provisioner.defaultFSType }}"
+ - "--extra-create-metadata=true"
+{{- if .Values.topology.enabled }}
+ - "--feature-gates=Topology=true"
+{{- end }}
+ env:
+ - name: ADDRESS
+ value: "unix:///csi/{{ .Values.provisionerSocketFile }}"
+ volumeMounts:
+ - name: socket-dir
+ mountPath: /csi
+ resources:
+{{ toYaml .Values.provisioner.provisioner.resources | indent 12 }}
+{{- if .Values.provisioner.resizer.enabled }}
+ - name: csi-resizer
+ image: "{{ .Values.provisioner.resizer.image.repository }}:{{ .Values.provisioner.resizer.image.tag }}"
+ imagePullPolicy: {{ .Values.provisioner.resizer.image.pullPolicy }}
+ args:
+ - "--v={{ .Values.logLevel }}"
+ - "--csi-address=$(ADDRESS)"
+ - "--timeout={{ .Values.provisioner.timeout }}"
+ - "--leader-election"
+ - "--retry-interval-start=500ms"
+ - "--handle-volume-inuse-error=false"
+ env:
+ - name: ADDRESS
+ value: "unix:///csi/{{ .Values.provisionerSocketFile }}"
+ volumeMounts:
+ - name: socket-dir
+ mountPath: /csi
+ resources:
+{{ toYaml .Values.provisioner.resizer.resources | indent 12 }}
+{{- end }}
+ - name: csi-snapshotter
+ image: {{ .Values.provisioner.snapshotter.image.repository }}:{{ .Values.provisioner.snapshotter.image.tag }}
+ imagePullPolicy: {{ .Values.provisioner.snapshotter.image.pullPolicy }}
+ args:
+ - "--csi-address=$(ADDRESS)"
+ - "--v={{ .Values.logLevel }}"
+ - "--timeout={{ .Values.provisioner.timeout }}"
+ - "--leader-election=true"
+ env:
+ - name: ADDRESS
+ value: "unix:///csi/{{ .Values.provisionerSocketFile }}"
+ volumeMounts:
+ - name: socket-dir
+ mountPath: /csi
+ resources:
+{{ toYaml .Values.provisioner.snapshotter.resources | indent 12 }}
+{{- if .Values.provisioner.attacher.enabled }}
+ - name: csi-attacher
+ image: "{{ .Values.provisioner.attacher.image.repository }}:{{ .Values.provisioner.attacher.image.tag }}"
+ imagePullPolicy: {{ .Values.provisioner.attacher.image.pullPolicy }}
+ args:
+ - "--v={{ .Values.logLevel }}"
+ - "--csi-address=$(ADDRESS)"
+ - "--leader-election=true"
+ - "--retry-interval-start=500ms"
+ env:
+ - name: ADDRESS
+ value: "unix:///csi/{{ .Values.provisionerSocketFile }}"
+ volumeMounts:
+ - name: socket-dir
+ mountPath: /csi
+ resources:
+{{ toYaml .Values.provisioner.attacher.resources | indent 12 }}
+{{- end }}
+ - name: csi-rbdplugin
+ image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}"
+ imagePullPolicy: {{ .Values.nodeplugin.plugin.image.pullPolicy }}
+ args:
+ - "--nodeid=$(NODE_ID)"
+ - "--type=rbd"
+ - "--controllerserver=true"
+ - "--pidlimit=-1"
+ - "--endpoint=$(CSI_ENDPOINT)"
+ - "--csi-addons-endpoint=$(CSI_ADDONS_ENDPOINT)"
+ - "--v={{ .Values.logLevel }}"
+ - "--drivername=$(DRIVER_NAME)"
+ - "--rbdhardmaxclonedepth={{ .Values.provisioner.hardMaxCloneDepth }}"
+ - "--rbdsoftmaxclonedepth={{ .Values.provisioner.softMaxCloneDepth }}"
+ - "--maxsnapshotsonimage={{ .Values.provisioner.maxSnapshotsOnImage }}"
+ - "--minsnapshotsonimage={{ .Values.provisioner.minSnapshotsOnImage }}"
+ {{- if .Values.provisioner.skipForceFlatten }}
+ - "--skipforceflatten={{ .Values.provisioner.skipForceFlatten }}"
+ {{- end }}
+ {{- if .Values.provisioner.profiling.enabled }}
+ - "--enableprofiling={{ .Values.provisioner.profiling.enabled }}"
+ {{- end }}
+ env:
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ - name: DRIVER_NAME
+ value: {{ .Values.driverName }}
+ - name: NODE_ID
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: CSI_ENDPOINT
+ value: "unix:///csi/{{ .Values.provisionerSocketFile }}"
+ - name: CSI_ADDONS_ENDPOINT
+ value: "unix:///csi/csi-addons.sock"
+ volumeMounts:
+ - name: socket-dir
+ mountPath: /csi
+ - mountPath: /dev
+ name: host-dev
+ - mountPath: /sys
+ name: host-sys
+ - mountPath: /lib/modules
+ name: lib-modules
+ readOnly: true
+ - name: ceph-csi-config
+ mountPath: /etc/ceph-csi-config/
+ - name: ceph-config
+ mountPath: /etc/ceph/
+ - name: ceph-csi-encryption-kms-config
+ mountPath: /etc/ceph-csi-encryption-kms-config/
+ - name: keys-tmp-dir
+ mountPath: /tmp/csi/keys
+ resources:
+{{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }}
+{{- if .Values.provisioner.deployController }}
+ - name: csi-rbdplugin-controller
+ image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}"
+ imagePullPolicy: {{ .Values.nodeplugin.plugin.image.pullPolicy }}
+ args:
+ - "--type=controller"
+ - "--v={{ .Values.logLevel }}"
+ - "--drivername=$(DRIVER_NAME)"
+ - "--drivernamespace=$(DRIVER_NAMESPACE)"
+ env:
+ - name: DRIVER_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: DRIVER_NAME
+ value: {{ .Values.driverName }}
+ volumeMounts:
+ - name: ceph-csi-config
+ mountPath: /etc/ceph-csi-config/
+ - name: keys-tmp-dir
+ mountPath: /tmp/csi/keys
+ - name: ceph-config
+ mountPath: /etc/ceph/
+ resources:
+{{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }}
+{{- end }}
+{{- if .Values.provisioner.httpMetrics.enabled }}
+ - name: liveness-prometheus
+ image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}"
+ imagePullPolicy: {{ .Values.nodeplugin.plugin.image.pullPolicy }}
+ args:
+ - "--type=liveness"
+ - "--endpoint=$(CSI_ENDPOINT)"
+ - "--metricsport={{ .Values.provisioner.httpMetrics.containerPort }}"
+ - "--metricspath=/metrics"
+ - "--polltime=60s"
+ - "--timeout=3s"
+ env:
+ - name: CSI_ENDPOINT
+ value: "unix:///csi/{{ .Values.provisionerSocketFile }}"
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ volumeMounts:
+ - name: socket-dir
+ mountPath: /csi
+ resources:
+{{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }}
+{{- end }}
+ volumes:
+ - name: socket-dir
+ emptyDir: {
+ medium: "Memory"
+ }
+ - name: host-dev
+ hostPath:
+ path: /dev
+ - name: host-sys
+ hostPath:
+ path: /sys
+ - name: lib-modules
+ hostPath:
+ path: /lib/modules
+ - name: ceph-config
+ configMap:
+ name: ceph-config
+ - name: ceph-csi-config
+ configMap:
+ name: {{ .Values.configMapName | quote }}
+{{- if .Values.configMapKey }}
+ items:
+ - key: {{ .Values.configMapKey | quote }}
+ path: config.json
+{{- end }}
+ - name: ceph-csi-encryption-kms-config
+ configMap:
+ name: {{ .Values.kmsConfigMapName | quote }}
+ - name: keys-tmp-dir
+ emptyDir: {
+ medium: "Memory"
+ }
+{{- if .Values.provisioner.affinity }}
+ affinity:
+{{ toYaml .Values.provisioner.affinity | indent 8 -}}
+{{- end -}}
+{{- if .Values.provisioner.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.provisioner.nodeSelector | indent 8 -}}
+{{- end -}}
+{{- if .Values.provisioner.tolerations }}
+ tolerations:
+{{ toYaml .Values.provisioner.tolerations | indent 8 -}}
+{{- end -}}
diff --git a/charts/ceph-csi-rbd/templates/provisioner-http-service.yaml b/charts/ceph-csi-rbd/templates/provisioner-http-service.yaml
new file mode 100644
index 0000000..0d4c925
--- /dev/null
+++ b/charts/ceph-csi-rbd/templates/provisioner-http-service.yaml
@@ -0,0 +1,41 @@
+{{- if .Values.provisioner.httpMetrics.service.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+{{- if .Values.provisioner.httpMetrics.service.annotations }}
+ annotations:
+{{ toYaml .Values.provisioner.httpMetrics.service.annotations | indent 4 }}
+{{- end }}
+ name: {{ include "ceph-csi-rbd.provisioner.fullname" . }}-http-metrics
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ include "ceph-csi-rbd.fullname" . }}
+ chart: {{ include "ceph-csi-rbd.chart" . }}
+ component: {{ .Values.provisioner.name }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+{{- if .Values.provisioner.httpMetrics.service.clusterIP }}
+ clusterIP: "{{ .Values.provisioner.httpMetrics.service.clusterIP }}"
+{{- end }}
+{{- if .Values.provisioner.httpMetrics.service.externalIPs }}
+ externalIPs:
+{{ toYaml .Values.provisioner.httpMetrics.service.externalIPs | indent 4 }}
+{{- end }}
+{{- if .Values.provisioner.httpMetrics.service.loadBalancerIP }}
+ loadBalancerIP: "{{ .Values.provisioner.httpMetrics.service.loadBalancerIP }}"
+{{- end }}
+{{- if .Values.provisioner.httpMetrics.service.loadBalancerSourceRanges }}
+ loadBalancerSourceRanges:
+{{ toYaml .Values.provisioner.httpMetrics.service.loadBalancerSourceRanges | indent 4 }}
+{{- end }}
+ ports:
+ - name: http-metrics
+ port: {{ .Values.provisioner.httpMetrics.service.servicePort }}
+ targetPort: {{ .Values.provisioner.httpMetrics.containerPort }}
+ selector:
+ app: {{ include "ceph-csi-rbd.name" . }}
+ component: {{ .Values.provisioner.name }}
+ release: {{ .Release.Name }}
+ type: "{{ .Values.provisioner.httpMetrics.service.type }}"
+{{- end -}}
diff --git a/charts/ceph-csi-rbd/templates/provisioner-psp.yaml b/charts/ceph-csi-rbd/templates/provisioner-psp.yaml
new file mode 100644
index 0000000..111226e
--- /dev/null
+++ b/charts/ceph-csi-rbd/templates/provisioner-psp.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.provisioner.podSecurityPolicy.enabled -}}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ include "ceph-csi-rbd.provisioner.fullname" . }}
+ labels:
+ app: {{ include "ceph-csi-rbd.name" . }}
+ chart: {{ include "ceph-csi-rbd.chart" . }}
+ component: {{ .Values.provisioner.name }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ fsGroup:
+ rule: RunAsAny
+ runAsUser:
+ rule: RunAsAny
+ seLinux:
+ rule: RunAsAny
+ supplementalGroups:
+ rule: RunAsAny
+ volumes:
+ - 'configMap'
+ - 'emptyDir'
+ - 'projected'
+ - 'secret'
+ - 'hostPath'
+ allowedHostPaths:
+ - pathPrefix: '/dev'
+ readOnly: false
+ - pathPrefix: '/sys'
+ readOnly: false
+ - pathPrefix: '/lib/modules'
+ readOnly: true
+{{- end }}
diff --git a/charts/ceph-csi-rbd/templates/provisioner-role.yaml b/charts/ceph-csi-rbd/templates/provisioner-role.yaml
new file mode 100644
index 0000000..ae16fde
--- /dev/null
+++ b/charts/ceph-csi-rbd/templates/provisioner-role.yaml
@@ -0,0 +1,26 @@
+{{- if .Values.rbac.create -}}
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ include "ceph-csi-rbd.provisioner.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ include "ceph-csi-rbd.name" . }}
+ chart: {{ include "ceph-csi-rbd.chart" . }}
+ component: {{ .Values.provisioner.name }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+rules:
+ - apiGroups: [""]
+ resources: ["configmaps"]
+ verbs: ["get", "list", "watch", "create","update", "delete"]
+ - apiGroups: ["coordination.k8s.io"]
+ resources: ["leases"]
+ verbs: ["get", "watch", "list", "delete", "update", "create"]
+{{- if .Values.provisioner.podSecurityPolicy.enabled }}
+ - apiGroups: ['policy']
+ resources: ['podsecuritypolicies']
+ verbs: ['use']
+ resourceNames: ['{{ include "ceph-csi-rbd.provisioner.fullname" . }}']
+{{- end -}}
+{{- end -}}
diff --git a/charts/ceph-csi-rbd/templates/provisioner-rolebinding.yaml b/charts/ceph-csi-rbd/templates/provisioner-rolebinding.yaml
new file mode 100644
index 0000000..23fa39f
--- /dev/null
+++ b/charts/ceph-csi-rbd/templates/provisioner-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- if .Values.rbac.create -}}
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ include "ceph-csi-rbd.provisioner.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ include "ceph-csi-rbd.name" . }}
+ chart: {{ include "ceph-csi-rbd.chart" . }}
+ component: {{ .Values.provisioner.name }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ include "ceph-csi-rbd.serviceAccountName.provisioner" . }}
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: Role
+ name: {{ include "ceph-csi-rbd.provisioner.fullname" . }}
+ apiGroup: rbac.authorization.k8s.io
+{{- end -}}
diff --git a/charts/ceph-csi-rbd/templates/provisioner-rules-clusterrole.yaml b/charts/ceph-csi-rbd/templates/provisioner-rules-clusterrole.yaml
new file mode 100644
index 0000000..05074df
--- /dev/null
+++ b/charts/ceph-csi-rbd/templates/provisioner-rules-clusterrole.yaml
@@ -0,0 +1,62 @@
+{{- if .Values.rbac.create -}}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ include "ceph-csi-rbd.provisioner.fullname" . }}-rules
+ labels:
+ app: {{ include "ceph-csi-rbd.name" . }}
+ chart: {{ include "ceph-csi-rbd.chart" . }}
+ component: {{ .Values.provisioner.name }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ rbac.rbd.csi.ceph.com/aggregate-to-{{ include "ceph-csi-rbd.provisioner.fullname" . }}: "true"
+rules:
+ - apiGroups: [""]
+ resources: ["secrets"]
+ verbs: ["get", "list"]
+ - apiGroups: [""]
+ resources: ["persistentvolumes"]
+ verbs: ["get", "list", "watch", "create", "update", "delete", "patch"]
+ - apiGroups: [""]
+ resources: ["persistentvolumeclaims"]
+ verbs: ["get", "list", "watch", "update"]
+ - apiGroups: ["storage.k8s.io"]
+ resources: ["storageclasses"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: [""]
+ resources: ["events"]
+ verbs: ["list", "watch", "create", "update", "patch"]
+ - apiGroups: [""]
+ resources: ["endpoints"]
+ verbs: ["get", "create", "update"]
+{{- if .Values.provisioner.attacher.enabled }}
+ - apiGroups: ["storage.k8s.io"]
+ resources: ["volumeattachments"]
+ verbs: ["get", "list", "watch", "update", "patch"]
+{{- end }}
+ - apiGroups: ["snapshot.storage.k8s.io"]
+ resources: ["volumesnapshots"]
+ verbs: ["get", "list"]
+ - apiGroups: ["snapshot.storage.k8s.io"]
+ resources: ["volumesnapshotcontents"]
+ verbs: ["create", "get", "list", "watch", "update", "delete"]
+ - apiGroups: ["snapshot.storage.k8s.io"]
+ resources: ["volumesnapshotclasses"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["snapshot.storage.k8s.io"]
+ resources: ["volumesnapshotcontents/status"]
+ verbs: ["update"]
+{{- if .Values.provisioner.resizer.enabled }}
+ - apiGroups: [""]
+ resources: ["persistentvolumeclaims/status"]
+ verbs: ["update", "patch"]
+{{- end }}
+{{- if .Values.topology.enabled }}
+ - apiGroups: [""]
+ resources: ["nodes"]
+ verbs: ["get", "list", watch"]
+ - apiGroups: ["storage.k8s.io"]
+ resources: ["csinodes"]
+ verbs: ["get", "list", "watch"]
+{{- end }}
+{{- end -}}
diff --git a/charts/ceph-csi-rbd/templates/provisioner-serviceaccount.yaml b/charts/ceph-csi-rbd/templates/provisioner-serviceaccount.yaml
new file mode 100644
index 0000000..893b43a
--- /dev/null
+++ b/charts/ceph-csi-rbd/templates/provisioner-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- if .Values.serviceAccounts.provisioner.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "ceph-csi-rbd.serviceAccountName.provisioner" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ include "ceph-csi-rbd.name" . }}
+ chart: {{ include "ceph-csi-rbd.chart" . }}
+ component: {{ .Values.provisioner.name }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+{{- end -}}
diff --git a/charts/ceph-csi-rbd/templates/secret.yaml b/charts/ceph-csi-rbd/templates/secret.yaml
new file mode 100644
index 0000000..1553cee
--- /dev/null
+++ b/charts/ceph-csi-rbd/templates/secret.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.secret.create -}}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Values.secret.name }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ include "ceph-csi-rbd.name" . }}
+ chart: {{ include "ceph-csi-rbd.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+stringData:
+ userID: {{ .Values.secret.userID }}
+ userKey: {{ .Values.secret.userKey }}
+
+ encryptionPassphrase: {{ .Values.secret.encryptionPassphrase }}
+{{- end -}}
diff --git a/charts/ceph-csi-rbd/templates/storageclass.yaml b/charts/ceph-csi-rbd/templates/storageclass.yaml
new file mode 100644
index 0000000..e4da516
--- /dev/null
+++ b/charts/ceph-csi-rbd/templates/storageclass.yaml
@@ -0,0 +1,83 @@
+{{- if .Values.storageClass.create -}}
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+ name: {{ .Values.storageClass.name }}
+ namespace: {{ .Release.Namespace }}
+{{- if .Values.storageClass.annotations }}
+ annotations:
+{{ toYaml .Values.storageClass.annotations | indent 4 }}
+{{- end }}
+ labels:
+ app: {{ include "ceph-csi-rbd.name" . }}
+ chart: {{ include "ceph-csi-rbd.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+provisioner: {{ .Values.driverName }}
+parameters:
+ clusterID: {{ .Values.storageClass.clusterID }}
+ pool: {{ .Values.storageClass.pool }}
+ imageFeatures: {{ .Values.storageClass.imageFeatures }}
+ thickProvision: {{ .Values.storageClass.thickProvision | quote}}
+{{- if .Values.storageClass.tryOtherMounters }}
+ tryOtherMounters: {{ .Values.storageClass.tryOtherMounters | quote}}
+{{- end }}
+{{- if .Values.storageClass.mounter }}
+ mounter: {{ .Values.storageClass.mounter }}
+{{- end }}
+{{- if .Values.storageClass.cephLogDir }}
+ cephLogDir: {{ .Values.storageClass.cephLogDir }}
+{{- end }}
+{{- if .Values.storageClass.cephLogStrategy }}
+ cephLogStrategy: {{ .Values.storageClass.cephLogStrategy }}
+{{- end }}
+{{- if .Values.storageClass.dataPool }}
+ dataPool: {{ .Values.storageClass.dataPool }}
+{{- end }}
+{{- if .Values.storageClass.volumeNamePrefix }}
+ volumeNamePrefix: "{{ .Values.storageClass.volumeNamePrefix }}"
+{{- end }}
+{{- if .Values.storageClass.encrypted }}
+ encrypted: "{{ .Values.storageClass.encrypted }}"
+{{- end }}
+{{- if .Values.storageClass.encryptionKMSID }}
+ encryptionKMSID: {{ .Values.storageClass.encryptionKMSID }}
+{{- end }}
+{{- if .Values.storageClass.topologyConstrainedPools }}
+ topologyConstrainedPools:
+ {{ toYaml .Values.storageClass.topologyConstrainedPools | indent 4 -}}
+{{- end }}
+{{- if .Values.storageClass.mapOptions }}
+ mapOptions: {{ .Values.storageClass.mapOptions }}
+{{- end }}
+{{- if .Values.storageClass.unmapOptions }}
+ unmapOptions: {{ .Values.storageClass.unmapOptions }}
+{{- end }}
+ csi.storage.k8s.io/provisioner-secret-name: {{ .Values.storageClass.provisionerSecret }}
+{{- if .Values.storageClass.provisionerSecretNamespace }}
+ csi.storage.k8s.io/provisioner-secret-namespace: {{ .Values.storageClass.provisionerSecretNamespace }}
+{{ else }}
+ csi.storage.k8s.io/provisioner-secret-namespace: {{ .Release.Namespace }}
+{{- end }}
+ csi.storage.k8s.io/controller-expand-secret-name: {{ .Values.storageClass.controllerExpandSecret }}
+{{- if .Values.storageClass.controllerExpandSecretNamespace }}
+ csi.storage.k8s.io/controller-expand-secret-namespace: {{ .Values.storageClass.controllerExpandSecretNamespace }}
+{{ else }}
+ csi.storage.k8s.io/controller-expand-secret-namespace: {{ .Release.Namespace }}
+{{- end }}
+ csi.storage.k8s.io/node-stage-secret-name: {{ .Values.storageClass.nodeStageSecret }}
+{{- if .Values.storageClass.nodeStageSecretNamespace }}
+ csi.storage.k8s.io/node-stage-secret-namespace: {{ .Values.storageClass.nodeStageSecretNamespace }}
+{{ else }}
+ csi.storage.k8s.io/node-stage-secret-namespace: {{ .Release.Namespace }}
+{{- end }}
+ csi.storage.k8s.io/fstype: {{ .Values.storageClass.fstype }}
+reclaimPolicy: {{ .Values.storageClass.reclaimPolicy }}
+allowVolumeExpansion: {{ .Values.storageClass.allowVolumeExpansion }}
+{{- if .Values.storageClass.mountOptions }}
+mountOptions:
+ {{- range .Values.storageClass.mountOptions }}
+ - {{ . }}
+ {{- end }}
+{{- end }}
+{{- end -}}
diff --git a/charts/ceph-csi-rbd/values.yaml b/charts/ceph-csi-rbd/values.yaml
new file mode 100644
index 0000000..89e65dd
--- /dev/null
+++ b/charts/ceph-csi-rbd/values.yaml
@@ -0,0 +1,459 @@
+---
+rbac:
+ # Specifies whether RBAC resources should be created
+ create: true
+
+serviceAccounts:
+ nodeplugin:
+ # Specifies whether a ServiceAccount should be created
+ create: true
+ # The name of the ServiceAccount to use.
+ # If not set and create is true, a name is generated using the fullname
+ name:
+ provisioner:
+ # Specifies whether a ServiceAccount should be created
+ create: true
+ # The name of the ServiceAccount to use.
+ # If not set and create is true, a name is generated using the fullname
+ name:
+
+# Configuration for the CSI to connect to the cluster
+# Ref: https://github.com/ceph/ceph-csi/blob/devel/examples/README.md
+# Example:
+# csiConfig:
+# - clusterID: "<cluster-id>"
+# monitors:
+# - "<MONValue1>"
+# - "<MONValue2>"
+csiConfig: []
+
+# Configuration details of clusterID,PoolID and FscID mapping
+# csiMapping:
+# - clusterIDMapping:
+# clusterID on site1: clusterID on site2
+# RBDPoolIDMapping:
+# - poolID on site1: poolID on site2
+# CephFSFscIDMapping:
+# - CephFS FscID on site1: CephFS FscID on site2
+csiMapping: []
+
+# Configuration for the encryption KMS
+# Ref: https://github.com/ceph/ceph-csi/blob/devel/docs/deploy-rbd.md
+# Example:
+# encryptionKMSConfig:
+# vault-unique-id-1:
+# encryptionKMSType: vault
+# vaultAddress: https://vault.example.com
+# vaultAuthPath: /v1/auth/kubernetes/login
+# vaultRole: csi-kubernetes
+# vaultPassphraseRoot: /v1/secret
+# vaultPassphrasePath: ceph-csi/
+# vaultCAVerify: "false"
+encryptionKMSConfig: {}
+
+# Set logging level for csi containers.
+# Supported values from 0 to 5. 0 for general useful logs,
+# 5 for trace level verbosity.
+logLevel: 5
+
+nodeplugin:
+ name: nodeplugin
+ # set user created priorityclassName for csi plugin pods. default is
+ # system-node-critical which is high priority
+ priorityClassName: system-node-critical
+ # if you are using rbd-nbd client set this value to OnDelete
+ updateStrategy: RollingUpdate
+
+ httpMetrics:
+ # Metrics only available for cephcsi/cephcsi => 1.2.0
+ # Specifies whether http metrics should be exposed
+ enabled: true
+ # The port of the container to expose the metrics
+ containerPort: 8080
+
+ service:
+ # Specifies whether a service should be created for the metrics
+ enabled: true
+ # The port to use for the service
+ servicePort: 8080
+ type: ClusterIP
+
+ # Annotations for the service
+ # Example:
+ # annotations:
+ # prometheus.io/scrape: "true"
+ # prometheus.io/port: "8080"
+ annotations: {}
+
+ clusterIP: ""
+
+ ## List of IP addresses at which the stats-exporter service is available
+ ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
+ ##
+ externalIPs: []
+
+ loadBalancerIP: ""
+ loadBalancerSourceRanges: []
+
+ profiling:
+ # enable profiling to check for memory leaks
+ enabled: false
+
+ registrar:
+ image:
+ repository: k8s.gcr.io/sig-storage/csi-node-driver-registrar
+ tag: v2.4.0
+ pullPolicy: IfNotPresent
+ resources: {}
+
+ plugin:
+ image:
+ repository: quay.io/cephcsi/cephcsi
+ tag: v3.5.1
+ pullPolicy: IfNotPresent
+ resources: {}
+
+ nodeSelector: {}
+
+ tolerations: []
+
+ affinity: {}
+
+ # If true, create & use Pod Security Policy resources
+ # https://kubernetes.io/docs/concepts/policy/pod-security-policy/
+ podSecurityPolicy:
+ enabled: false
+
+provisioner:
+ name: provisioner
+ replicaCount: 3
+ strategy:
+ # RollingUpdate strategy replaces old pods with new ones gradually,
+ # without incurring downtime.
+ type: RollingUpdate
+ rollingUpdate:
+ # maxUnavailable is the maximum number of pods that can be
+ # unavailable during the update process.
+ maxUnavailable: 50%
+ # if fstype is not specified in storageclass, ext4 is default
+ defaultFSType: ext4
+ # deployController to enable or disable the deployment of controller which
+ # generates the OMAP data if its not Present.
+ deployController: true
+ # Timeout for waiting for creation or deletion of a volume
+ timeout: 60s
+ # Hard limit for maximum number of nested volume clones that are taken before
+ # a flatten occurs
+ hardMaxCloneDepth: 8
+ # Soft limit for maximum number of nested volume clones that are taken before
+ # a flatten occurs
+ softMaxCloneDepth: 4
+ # Maximum number of snapshots allowed on rbd image without flattening
+ maxSnapshotsOnImage: 450
+ # Minimum number of snapshots allowed on rbd image to trigger flattening
+ minSnapshotsOnImage: 250
+ # skip image flattening if kernel support mapping of rbd images
+ # which has the deep-flatten feature
+ # skipForceFlatten: false
+
+ # set user created priorityclassName for csi provisioner pods. default is
+ # system-cluster-critical which is less priority than system-node-critical
+ priorityClassName: system-cluster-critical
+
+ httpMetrics:
+ # Metrics only available for cephcsi/cephcsi => 1.2.0
+ # Specifies whether http metrics should be exposed
+ enabled: true
+ # The port of the container to expose the metrics
+ containerPort: 8080
+
+ service:
+ # Specifies whether a service should be created for the metrics
+ enabled: true
+ # The port to use for the service
+ servicePort: 8080
+ type: ClusterIP
+
+ # Annotations for the service
+ # Example:
+ # annotations:
+ # prometheus.io/scrape: "true"
+ # prometheus.io/port: "8080"
+ annotations: {}
+
+ clusterIP: ""
+
+ ## List of IP addresses at which the stats-exporter service is available
+ ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
+ ##
+ externalIPs: []
+
+ loadBalancerIP: ""
+ loadBalancerSourceRanges: []
+
+ profiling:
+ # enable profiling to check for memory leaks
+ enabled: false
+
+ provisioner:
+ image:
+ repository: k8s.gcr.io/sig-storage/csi-provisioner
+ tag: v3.1.0
+ pullPolicy: IfNotPresent
+ resources: {}
+
+ attacher:
+ name: attacher
+ enabled: true
+ image:
+ repository: k8s.gcr.io/sig-storage/csi-attacher
+ tag: v3.4.0
+ pullPolicy: IfNotPresent
+ resources: {}
+
+ resizer:
+ name: resizer
+ enabled: true
+ image:
+ repository: k8s.gcr.io/sig-storage/csi-resizer
+ tag: v1.3.0
+ pullPolicy: IfNotPresent
+ resources: {}
+
+ snapshotter:
+ image:
+ repository: k8s.gcr.io/sig-storage/csi-snapshotter
+ tag: v4.2.0
+ pullPolicy: IfNotPresent
+ resources: {}
+
+ nodeSelector: {}
+
+ tolerations: []
+
+ affinity: {}
+
+ # If true, create & use Pod Security Policy resources
+ # https://kubernetes.io/docs/concepts/policy/pod-security-policy/
+ podSecurityPolicy:
+ enabled: false
+
+topology:
+ # Specifies whether topology based provisioning support should
+ # be exposed by CSI
+ enabled: false
+ # domainLabels define which node labels to use as domains
+ # for CSI nodeplugins to advertise their domains
+ # NOTE: the value here serves as an example and needs to be
+ # updated with node labels that define domains of interest
+ domainLabels:
+ - failure-domain/region
+ - failure-domain/zone
+
+storageClass:
+ # Specifies whether the storageclass should be created
+ create: false
+ name: csi-rbd-sc
+
+ # Annotations for the storage class
+ # Example:
+ # annotations:
+ # storageclass.kubernetes.io/is-default-class: "true"
+ annotations: {}
+
+ # (required) String representing a Ceph cluster to provision storage from.
+ # Should be unique across all Ceph clusters in use for provisioning,
+ # cannot be greater than 36 bytes in length, and should remain immutable for
+ # the lifetime of the StorageClass in use.
+ clusterID: <cluster-ID>
+
+ # (optional) If you want to use erasure coded pool with RBD, you need to
+ # create two pools. one erasure coded and one replicated.
+ # You need to specify the replicated pool here in the `pool` parameter, it is
+ # used for the metadata of the images.
+ # The erasure coded pool must be set as the `dataPool` parameter below.
+ # dataPool: <ec-data-pool>
+ dataPool: ""
+
+ # (required) Ceph pool into which the RBD image shall be created
+ # eg: pool: replicapool
+ pool: replicapool
+
+ # Set thickProvision to true if you want RBD images to be fully allocated on
+ # creation (thin provisioning is the default).
+ thickProvision: false
+
+ # (required) RBD image features, CSI creates image with image-format 2
+ # CSI RBD currently supports `layering`, `journaling`, `exclusive-lock`,
+ # `object-map`, `fast-diff` features. If `journaling` is enabled, must
+ # enable `exclusive-lock` too.
+ # imageFeatures: layering,journaling,exclusive-lock,object-map,fast-diff
+ imageFeatures: "layering"
+
+ # (optional) Specifies whether to try other mounters in case if the current
+ # mounter fails to mount the rbd image for any reason. True means fallback
+ # to next mounter, default is set to false.
+ # Note: tryOtherMounters is currently useful to fallback from krbd to rbd-nbd
+ # in case if any of the specified imageFeatures is not supported by krbd
+ # driver on node scheduled for application pod launch, but in the future this
+ # should work with any mounter type.
+ # tryOtherMounters: false
+
+ # (optional) uncomment the following to use rbd-nbd as mounter
+ # on supported nodes
+ # mounter: rbd-nbd
+ mounter: ""
+
+ # (optional) ceph client log location, eg: rbd-nbd
+ # By default host-path /var/log/ceph of node is bind-mounted into
+ # csi-rbdplugin pod at /var/log/ceph mount path. This is to configure
+ # target bindmount path used inside container for ceph clients logging.
+ # See docs/rbd-nbd.md for available configuration options.
+ # cephLogDir: /var/log/ceph
+ cephLogDir: ""
+
+ # (optional) ceph client log strategy
+ # By default, log file belonging to a particular volume will be deleted
+ # on unmap, but you can choose to just compress instead of deleting it
+ # or even preserve the log file in text format as it is.
+ # Available options `remove` or `compress` or `preserve`
+ # cephLogStrategy: remove
+ cephLogStrategy: ""
+
+ # (optional) Prefix to use for naming RBD images.
+ # If omitted, defaults to "csi-vol-".
+ # volumeNamePrefix: "foo-bar-"
+ volumeNamePrefix: ""
+
+ # (optional) Instruct the plugin it has to encrypt the volume
+ # By default it is disabled. Valid values are "true" or "false".
+ # A string is expected here, i.e. "true", not true.
+ # encrypted: "true"
+ encrypted: ""
+
+ # (optional) Use external key management system for encryption passphrases by
+ # specifying a unique ID matching KMS ConfigMap. The ID is only used for
+ # correlation to configmap entry.
+ encryptionKMSID: ""
+
+ # Add topology constrained pools configuration, if topology based pools
+ # are setup, and topology constrained provisioning is required.
+ # For further information read TODO<doc>
+ # topologyConstrainedPools: |
+ # [{"poolName":"pool0",
+ # "dataPool":"ec-pool0" # optional, erasure-coded pool for data
+ # "domainSegments":[
+ # {"domainLabel":"region","value":"east"},
+ # {"domainLabel":"zone","value":"zone1"}]},
+ # {"poolName":"pool1",
+ # "dataPool":"ec-pool1" # optional, erasure-coded pool for data
+ # "domainSegments":[
+ # {"domainLabel":"region","value":"east"},
+ # {"domainLabel":"zone","value":"zone2"}]},
+ # {"poolName":"pool2",
+ # "dataPool":"ec-pool2" # optional, erasure-coded pool for data
+ # "domainSegments":[
+ # {"domainLabel":"region","value":"west"},
+ # {"domainLabel":"zone","value":"zone1"}]}
+ # ]
+ topologyConstrainedPools: []
+
+ # (optional) mapOptions is a comma-separated list of map options.
+ # For krbd options refer
+ # https://docs.ceph.com/docs/master/man/8/rbd/#kernel-rbd-krbd-options
+ # For nbd options refer
+ # https://docs.ceph.com/docs/master/man/8/rbd-nbd/#options
+ # Format:
+ # mapOptions: "<mounter>:op1,op2;<mounter>:op1,op2"
+ # An empty mounter field is treated as krbd type for compatibility.
+ # eg:
+ # mapOptions: "krbd:lock_on_read,queue_depth=1024;nbd:try-netlink"
+ mapOptions: ""
+
+ # (optional) unmapOptions is a comma-separated list of unmap options.
+ # For krbd options refer
+ # https://docs.ceph.com/docs/master/man/8/rbd/#kernel-rbd-krbd-options
+ # For nbd options refer
+ # https://docs.ceph.com/docs/master/man/8/rbd-nbd/#options
+ # Format:
+ # unmapOptions: "<mounter>:op1,op2;<mounter>:op1,op2"
+ # An empty mounter field is treated as krbd type for compatibility.
+ # eg:
+ # unmapOptions: "krbd:force;nbd:force"
+ unmapOptions: ""
+
+ # The secrets have to contain Ceph credentials with required access
+ # to the 'pool'.
+ provisionerSecret: csi-rbd-secret
+ # If Namespaces are left empty, the secrets are assumed to be in the
+ # Release namespace.
+ provisionerSecretNamespace: ""
+ controllerExpandSecret: csi-rbd-secret
+ controllerExpandSecretNamespace: ""
+ nodeStageSecret: csi-rbd-secret
+ nodeStageSecretNamespace: ""
+ # Specify the filesystem type of the volume. If not specified,
+ # csi-provisioner will set default as `ext4`.
+ fstype: ext4
+ reclaimPolicy: Delete
+ allowVolumeExpansion: true
+ mountOptions: []
+ # Mount Options
+ # Example:
+ # mountOptions:
+ # - discard
+
+secret:
+ # Specifies whether the secret should be created
+ create: false
+ name: csi-rbd-secret
+ # Key values correspond to a user name and its key, as defined in the
+ # ceph cluster. User ID should have required access to the 'pool'
+ # specified in the storage class
+ userID: <plaintext ID>
+ userKey: <Ceph auth key corresponding to userID above>
+ # Encryption passphrase
+ encryptionPassphrase: test_passphrase
+
+# This is a sample configmap that helps define a Ceph configuration as required
+# by the CSI plugins.
+# Sample ceph.conf available at
+# https://github.com/ceph/ceph/blob/master/src/sample.ceph.conf Detailed
+# documentation is available at
+# https://docs.ceph.com/en/latest/rados/configuration/ceph-conf/
+cephconf: |
+ [global]
+ auth_cluster_required = cephx
+ auth_service_required = cephx
+ auth_client_required = cephx
+
+ # Workaround for http://tracker.ceph.com/issues/23446
+ fuse_set_user_groups = false
+
+ # ceph-fuse which uses libfuse2 by default has write buffer size of 2KiB
+ # adding 'fuse_big_writes = true' option by default to override this limit
+ # see https://github.com/ceph/ceph-csi/issues/1928
+ fuse_big_writes = true
+
+#########################################################
+# Variables for 'internal' use please use with caution! #
+#########################################################
+
+# The filename of the provisioner socket
+provisionerSocketFile: csi-provisioner.sock
+# The filename of the plugin socket
+pluginSocketFile: csi.sock
+# kubelet working directory,can be set using `--root-dir` when starting kubelet.
+kubeletDir: /var/lib/kubelet
+# Host path location for ceph client processes logging, ex: rbd-nbd
+cephLogDirHostPath: /var/log/ceph
+# Name of the csi-driver
+driverName: rbd.csi.ceph.com
+# Name of the configmap used for state
+configMapName: ceph-csi-config
+# Key to use in the Configmap if not config.json
+# configMapKey:
+# Use an externally provided configmap
+externallyManagedConfigmap: false
+# Name of the configmap used for encryption kms configuration
+kmsConfigMapName: ceph-csi-encryption-kms-config
diff --git a/charts/cert-manager/Chart.yaml b/charts/cert-manager/Chart.yaml
new file mode 100644
index 0000000..41cbbed
--- /dev/null
+++ b/charts/cert-manager/Chart.yaml
@@ -0,0 +1,19 @@
+annotations:
+ artifacthub.io/prerelease: "false"
+apiVersion: v1
+appVersion: v1.7.1
+description: A Helm chart for cert-manager
+home: https://github.com/jetstack/cert-manager
+icon: https://raw.githubusercontent.com/jetstack/cert-manager/master/logo/logo.png
+keywords:
+- cert-manager
+- kube-lego
+- letsencrypt
+- tls
+maintainers:
+- email: cert-manager-maintainers@googlegroups.com
+ name: cert-manager-maintainers
+name: cert-manager
+sources:
+- https://github.com/jetstack/cert-manager
+version: v1.7.1
diff --git a/charts/cert-manager/README.md b/charts/cert-manager/README.md
new file mode 100644
index 0000000..d0971e1
--- /dev/null
+++ b/charts/cert-manager/README.md
@@ -0,0 +1,220 @@
+# cert-manager
+
+cert-manager is a Kubernetes addon to automate the management and issuance of
+TLS certificates from various issuing sources.
+
+It will ensure certificates are valid and up to date periodically, and attempt
+to renew certificates at an appropriate time before expiry.
+
+## Prerequisites
+
+- Kubernetes 1.18+
+
+## Installing the Chart
+
+Full installation instructions, including details on how to configure extra
+functionality in cert-manager can be found in the [installation docs](https://cert-manager.io/docs/installation/kubernetes/).
+
+Before installing the chart, you must first install the cert-manager CustomResourceDefinition resources.
+This is performed in a separate step to allow you to easily uninstall and reinstall cert-manager without deleting your installed custom resources.
+
+```bash
+$ kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.7.1/cert-manager.crds.yaml
+```
+
+To install the chart with the release name `my-release`:
+
+```console
+## Add the Jetstack Helm repository
+$ helm repo add jetstack https://charts.jetstack.io
+
+## Install the cert-manager helm chart
+$ helm install my-release --namespace cert-manager --version v1.7.1 jetstack/cert-manager
+```
+
+In order to begin issuing certificates, you will need to set up a ClusterIssuer
+or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer).
+
+More information on the different types of issuers and how to configure them
+can be found in [our documentation](https://cert-manager.io/docs/configuration/).
+
+For information on how to configure cert-manager to automatically provision
+Certificates for Ingress resources, take a look at the
+[Securing Ingresses documentation](https://cert-manager.io/docs/usage/ingress/).
+
+> **Tip**: List all releases using `helm list`
+
+## Upgrading the Chart
+
+Special considerations may be required when upgrading the Helm chart, and these
+are documented in our full [upgrading guide](https://cert-manager.io/docs/installation/upgrading/).
+
+**Please check here before performing upgrades!**
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+$ helm delete my-release
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+If you want to completely uninstall cert-manager from your cluster, you will also need to
+delete the previously installed CustomResourceDefinition resources:
+
+```console
+$ kubectl delete -f https://github.com/jetstack/cert-manager/releases/download/v1.7.1/cert-manager.crds.yaml
+```
+
+## Configuration
+
+The following table lists the configurable parameters of the cert-manager chart and their default values.
+
+| Parameter | Description | Default |
+| --------- | ----------- | ------- |
+| `global.imagePullSecrets` | Reference to one or more secrets to be used when pulling images | `[]` |
+| `global.rbac.create` | If `true`, create and use RBAC resources (includes sub-charts) | `true` |
+| `global.priorityClassName`| Priority class name for cert-manager and webhook pods | `""` |
+| `global.podSecurityPolicy.enabled` | If `true`, create and use PodSecurityPolicy (includes sub-charts) | `false` |
+| `global.podSecurityPolicy.useAppArmor` | If `true`, use Apparmor seccomp profile in PSP | `true` |
+| `global.leaderElection.namespace` | Override the namespace used to store the ConfigMap for leader election | `kube-system` |
+| `global.leaderElection.leaseDuration` | The duration that non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate | |
+| `global.leaderElection.renewDeadline` | The interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than or equal to the lease duration | |
+| `global.leaderElection.retryPeriod` | The duration the clients should wait between attempting acquisition and renewal of a leadership | |
+| `installCRDs` | If true, CRD resources will be installed as part of the Helm chart. If enabled, when uninstalling CRD resources will be deleted causing all installed custom resources to be DELETED | `false` |
+| `image.repository` | Image repository | `quay.io/jetstack/cert-manager-controller` |
+| `image.tag` | Image tag | `v1.7.1` |
+| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
+| `replicaCount` | Number of cert-manager replicas | `1` |
+| `clusterResourceNamespace` | Override the namespace used to store DNS provider credentials etc. for ClusterIssuer resources | Same namespace as cert-manager pod |
+| `featureGates` | Comma-separated list of feature gates to enable on the controller pod | `` |
+| `extraArgs` | Optional flags for cert-manager | `[]` |
+| `extraEnv` | Optional environment variables for cert-manager | `[]` |
+| `serviceAccount.create` | If `true`, create a new service account | `true` |
+| `serviceAccount.name` | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the fullname template | |
+| `serviceAccount.annotations` | Annotations to add to the service account | |
+| `serviceAccount.automountServiceAccountToken` | Automount API credentials for the Service Account | `true` |
+| `volumes` | Optional volumes for cert-manager | `[]` |
+| `volumeMounts` | Optional volume mounts for cert-manager | `[]` |
+| `resources` | CPU/memory resource requests/limits | `{}` |
+| `securityContext` | Optional security context. The yaml block should adhere to the [SecurityContext spec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#securitycontext-v1-core) | `{}` |
+| `securityContext.enabled` | Deprecated (use `securityContext`) - Enable security context | `false` |
+| `containerSecurityContext` | Security context to be set on the controller component container | `{}` |
+| `nodeSelector` | Node labels for pod assignment | `{}` |
+| `affinity` | Node affinity for pod assignment | `{}` |
+| `tolerations` | Node tolerations for pod assignment | `[]` |
+| `ingressShim.defaultIssuerName` | Optional default issuer to use for ingress resources | |
+| `ingressShim.defaultIssuerKind` | Optional default issuer kind to use for ingress resources | |
+| `ingressShim.defaultIssuerGroup` | Optional default issuer group to use for ingress resources | |
+| `prometheus.enabled` | Enable Prometheus monitoring | `true` |
+| `prometheus.servicemonitor.enabled` | Enable Prometheus Operator ServiceMonitor monitoring | `false` |
+| `prometheus.servicemonitor.namespace` | Define namespace where to deploy the ServiceMonitor resource | (namespace where you are deploying) |
+| `prometheus.servicemonitor.prometheusInstance` | Prometheus Instance definition | `default` |
+| `prometheus.servicemonitor.targetPort` | Prometheus scrape port | `9402` |
+| `prometheus.servicemonitor.path` | Prometheus scrape path | `/metrics` |
+| `prometheus.servicemonitor.interval` | Prometheus scrape interval | `60s` |
+| `prometheus.servicemonitor.labels` | Add custom labels to ServiceMonitor | |
+| `prometheus.servicemonitor.scrapeTimeout` | Prometheus scrape timeout | `30s` |
+| `prometheus.servicemonitor.honorLabels` | Enable label honoring for metrics scraped by Prometheus (see [Prometheus scrape config docs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config) for details). By setting `honorLabels` to `true`, Prometheus will prefer label contents given by cert-manager on conflicts. Can be used to remove the "exported_namespace" label for example. | `false` |
+| `podAnnotations` | Annotations to add to the cert-manager pod | `{}` |
+| `deploymentAnnotations` | Annotations to add to the cert-manager deployment | `{}` |
+| `podDnsPolicy` | Optional cert-manager pod [DNS policy](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pods-dns-policy) | |
+| `podDnsConfig` | Optional cert-manager pod [DNS configurations](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pods-dns-config) | |
+| `podLabels` | Labels to add to the cert-manager pod | `{}` |
+| `serviceLabels` | Labels to add to the cert-manager controller service | `{}` |
+| `serviceAnnotations` | Annotations to add to the cert-manager service | `{}` |
+| `http_proxy` | Value of the `HTTP_PROXY` environment variable in the cert-manager pod | |
+| `https_proxy` | Value of the `HTTPS_PROXY` environment variable in the cert-manager pod | |
+| `no_proxy` | Value of the `NO_PROXY` environment variable in the cert-manager pod | |
+| `webhook.replicaCount` | Number of cert-manager webhook replicas | `1` |
+| `webhook.timeoutSeconds` | Seconds the API server should wait the webhook to respond before treating the call as a failure. | `10` |
+| `webhook.podAnnotations` | Annotations to add to the webhook pods | `{}` |
+| `webhook.podLabels` | Labels to add to the cert-manager webhook pod | `{}` |
+| `webhook.serviceLabels` | Labels to add to the cert-manager webhook service | `{}` |
+| `webhook.deploymentAnnotations` | Annotations to add to the webhook deployment | `{}` |
+| `webhook.mutatingWebhookConfigurationAnnotations` | Annotations to add to the mutating webhook configuration | `{}` |
+| `webhook.validatingWebhookConfigurationAnnotations` | Annotations to add to the validating webhook configuration | `{}` |
+| `webhook.serviceAnnotations` | Annotations to add to the webhook service | `{}` |
+| `webhook.config` | WebhookConfiguration YAML used to configure flags for the webhook. Generates a ConfigMap containing contents of the field. See `values.yaml` for example. | `{}` |
+| `webhook.extraArgs` | Optional flags for cert-manager webhook component | `[]` |
+| `webhook.serviceAccount.create` | If `true`, create a new service account for the webhook component | `true` |
+| `webhook.serviceAccount.name` | Service account for the webhook component to be used. If not set and `webhook.serviceAccount.create` is `true`, a name is generated using the fullname template | |
+| `webhook.serviceAccount.annotations` | Annotations to add to the service account for the webhook component | |
+| `webhook.serviceAccount.automountServiceAccountToken` | Automount API credentials for the webhook Service Account | |
+| `webhook.resources` | CPU/memory resource requests/limits for the webhook pods | `{}` |
+| `webhook.nodeSelector` | Node labels for webhook pod assignment | `{}` |
+| `webhook.affinity` | Node affinity for webhook pod assignment | `{}` |
+| `webhook.tolerations` | Node tolerations for webhook pod assignment | `[]` |
+| `webhook.image.repository` | Webhook image repository | `quay.io/jetstack/cert-manager-webhook` |
+| `webhook.image.tag` | Webhook image tag | `v1.7.1` |
+| `webhook.image.pullPolicy` | Webhook image pull policy | `IfNotPresent` |
+| `webhook.securePort` | The port that the webhook should listen on for requests. | `10250` |
+| `webhook.securityContext` | Security context for webhook pod assignment | `{}` |
+| `webhook.containerSecurityContext` | Security context to be set on the webhook component container | `{}` |
+| `webhook.hostNetwork` | If `true`, run the Webhook on the host network. | `false` |
+| `webhook.serviceType` | The type of the `Service`. | `ClusterIP` |
+| `webhook.loadBalancerIP` | The specific load balancer IP to use (when `serviceType` is `LoadBalancer`). | |
+| `webhook.url.host` | The host to use to reach the webhook, instead of using internal cluster DNS for the service. | |
+| `webhook.livenessProbe.failureThreshold` | The liveness probe failure threshold | `3` |
+| `webhook.livenessProbe.initialDelaySeconds` | The liveness probe initial delay (in seconds) | `60` |
+| `webhook.livenessProbe.periodSeconds` | The liveness probe period (in seconds) | `10` |
+| `webhook.livenessProbe.successThreshold` | The liveness probe success threshold | `1` |
+| `webhook.livenessProbe.timeoutSeconds` | The liveness probe timeout (in seconds) | `1` |
+| `webhook.readinessProbe.failureThreshold` | The readiness probe failure threshold | `3` |
+| `webhook.readinessProbe.initialDelaySeconds` | The readiness probe initial delay (in seconds) | `5` |
+| `webhook.readinessProbe.periodSeconds` | The readiness probe period (in seconds) | `5` |
+| `webhook.readinessProbe.successThreshold` | The readiness probe success threshold | `1` |
+| `webhook.readinessProbe.timeoutSeconds` | The readiness probe timeout (in seconds) | `1` |
+| `cainjector.enabled` | Toggles whether the cainjector component should be installed (required for the webhook component to work) | `true` |
+| `cainjector.replicaCount` | Number of cert-manager cainjector replicas | `1` |
+| `cainjector.podAnnotations` | Annotations to add to the cainjector pods | `{}` |
+| `cainjector.podLabels` | Labels to add to the cert-manager cainjector pod | `{}` |
+| `cainjector.deploymentAnnotations` | Annotations to add to the cainjector deployment | `{}` |
+| `cainjector.extraArgs` | Optional flags for cert-manager cainjector component | `[]` |
+| `cainjector.serviceAccount.create` | If `true`, create a new service account for the cainjector component | `true` |
+| `cainjector.serviceAccount.name` | Service account for the cainjector component to be used. If not set and `cainjector.serviceAccount.create` is `true`, a name is generated using the fullname template | |
+| `cainjector.serviceAccount.annotations` | Annotations to add to the service account for the cainjector component | |
+| `cainjector.serviceAccount.automountServiceAccountToken` | Automount API credentials for the cainjector Service Account | `true` |
+| `cainjector.resources` | CPU/memory resource requests/limits for the cainjector pods | `{}` |
+| `cainjector.nodeSelector` | Node labels for cainjector pod assignment | `{}` |
+| `cainjector.affinity` | Node affinity for cainjector pod assignment | `{}` |
+| `cainjector.tolerations` | Node tolerations for cainjector pod assignment | `[]` |
+| `cainjector.image.repository` | cainjector image repository | `quay.io/jetstack/cert-manager-cainjector` |
+| `cainjector.image.tag` | cainjector image tag | `v1.7.1` |
+| `cainjector.image.pullPolicy` | cainjector image pull policy | `IfNotPresent` |
+| `cainjector.securityContext` | Security context for cainjector pod assignment | `{}` |
+| `cainjector.containerSecurityContext` | Security context to be set on cainjector component container | `{}` |
+| `startupapicheck.enabled` | Toggles whether the startupapicheck Job should be installed | `true` |
+| `startupapicheck.securityContext` | Pod Security Context to be set on the startupapicheck component Pod | `{}` |
+| `startupapicheck.timeout` | Timeout for 'kubectl check api' command | `1m` |
+| `startupapicheck.backoffLimit` | Job backoffLimit | `4` |
+| `startupapicheck.jobAnnotations` | Optional additional annotations to add to the startupapicheck Job | `{}` |
+| `startupapicheck.podAnnotations` | Optional additional annotations to add to the startupapicheck Pods | `{}` |
+| `startupapicheck.extraArgs` | Optional additional arguments for startupapicheck | `[]` |
+| `startupapicheck.resources` | CPU/memory resource requests/limits for the startupapicheck pod | `{}` |
+| `startupapicheck.nodeSelector` | Node labels for startupapicheck pod assignment | `{}` |
+| `startupapicheck.affinity` | Node affinity for startupapicheck pod assignment | `{}` |
+| `startupapicheck.tolerations` | Node tolerations for startupapicheck pod assignment | `[]` |
+| `startupapicheck.podLabels` | Optional additional labels to add to the startupapicheck Pods | `{}` |
+| `startupapicheck.image.repository` | startupapicheck image repository | `quay.io/jetstack/cert-manager-ctl` |
+| `startupapicheck.image.tag` | startupapicheck image tag | `v1.7.1` |
+| `startupapicheck.image.pullPolicy` | startupapicheck image pull policy | `IfNotPresent` |
+| `startupapicheck.serviceAccount.create` | If `true`, create a new service account for the startupapicheck component | `true` |
+| `startupapicheck.serviceAccount.name` | Service account for the startupapicheck component to be used. If not set and `startupapicheck.serviceAccount.create` is `true`, a name is generated using the fullname template | |
+| `startupapicheck.serviceAccount.annotations` | Annotations to add to the service account for the startupapicheck component | |
+| `startupapicheck.serviceAccount.automountServiceAccountToken` | Automount API credentials for the startupapicheck Service Account | `true` |
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
+
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
+
+```console
+$ helm install my-release -f values.yaml .
+```
+> **Tip**: You can use the default [values.yaml](https://github.com/jetstack/cert-manager/blob/master/deploy/charts/cert-manager/values.yaml)
+
+## Contributing
+
+This chart is maintained at [github.com/jetstack/cert-manager](https://github.com/jetstack/cert-manager/tree/master/deploy/charts/cert-manager).
diff --git a/charts/cert-manager/templates/NOTES.txt b/charts/cert-manager/templates/NOTES.txt
new file mode 100644
index 0000000..1025354
--- /dev/null
+++ b/charts/cert-manager/templates/NOTES.txt
@@ -0,0 +1,15 @@
+cert-manager {{ .Chart.AppVersion }} has been deployed successfully!
+
+In order to begin issuing certificates, you will need to set up a ClusterIssuer
+or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer).
+
+More information on the different types of issuers and how to configure them
+can be found in our documentation:
+
+https://cert-manager.io/docs/configuration/
+
+For information on how to configure cert-manager to automatically provision
+Certificates for Ingress resources, take a look at the `ingress-shim`
+documentation:
+
+https://cert-manager.io/docs/usage/ingress/
diff --git a/charts/cert-manager/templates/_helpers.tpl b/charts/cert-manager/templates/_helpers.tpl
new file mode 100644
index 0000000..2b6ee7f
--- /dev/null
+++ b/charts/cert-manager/templates/_helpers.tpl
@@ -0,0 +1,159 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cert-manager.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "cert-manager.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "cert-manager.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+ {{ default (include "cert-manager.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Webhook templates
+*/}}
+
+{{/*
+Expand the name of the chart.
+Manually fix the 'app' and 'name' labels to 'webhook' to maintain
+compatibility with the v0.9 deployment selector.
+*/}}
+{{- define "webhook.name" -}}
+{{- printf "webhook" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "webhook.fullname" -}}
+{{- $trimmedName := printf "%s" (include "cert-manager.fullname" .) | trunc 55 | trimSuffix "-" -}}
+{{- printf "%s-webhook" $trimmedName | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "webhook.caRef" -}}
+{{ .Release.Namespace }}/{{ template "webhook.fullname" . }}-ca
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "webhook.serviceAccountName" -}}
+{{- if .Values.webhook.serviceAccount.create -}}
+ {{ default (include "webhook.fullname" .) .Values.webhook.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.webhook.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+cainjector templates
+*/}}
+
+{{/*
+Expand the name of the chart.
+Manually fix the 'app' and 'name' labels to 'cainjector' to maintain
+compatibility with the v0.9 deployment selector.
+*/}}
+{{- define "cainjector.name" -}}
+{{- printf "cainjector" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "cainjector.fullname" -}}
+{{- $trimmedName := printf "%s" (include "cert-manager.fullname" .) | trunc 52 | trimSuffix "-" -}}
+{{- printf "%s-cainjector" $trimmedName | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "cainjector.serviceAccountName" -}}
+{{- if .Values.cainjector.serviceAccount.create -}}
+ {{ default (include "cainjector.fullname" .) .Values.cainjector.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.cainjector.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+startupapicheck templates
+*/}}
+
+{{/*
+Expand the name of the chart.
+Manually fix the 'app' and 'name' labels to 'startupapicheck' to maintain
+compatibility with the v0.9 deployment selector.
+*/}}
+{{- define "startupapicheck.name" -}}
+{{- printf "startupapicheck" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "startupapicheck.fullname" -}}
+{{- $trimmedName := printf "%s" (include "cert-manager.fullname" .) | trunc 52 | trimSuffix "-" -}}
+{{- printf "%s-startupapicheck" $trimmedName | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "startupapicheck.serviceAccountName" -}}
+{{- if .Values.startupapicheck.serviceAccount.create -}}
+ {{ default (include "startupapicheck.fullname" .) .Values.startupapicheck.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.startupapicheck.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "chartName" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Labels that should be added on each resource
+*/}}
+{{- define "labels" -}}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- if eq (default "helm" .Values.creator) "helm" }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+helm.sh/chart: {{ include "chartName" . }}
+{{- end -}}
+{{- end -}}
diff --git a/charts/cert-manager/templates/cainjector-deployment.yaml b/charts/cert-manager/templates/cainjector-deployment.yaml
new file mode 100644
index 0000000..b617527
--- /dev/null
+++ b/charts/cert-manager/templates/cainjector-deployment.yaml
@@ -0,0 +1,102 @@
+{{- if .Values.cainjector.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "cainjector.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ include "cainjector.name" . }}
+ app.kubernetes.io/name: {{ include "cainjector.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "cainjector"
+ {{- include "labels" . | nindent 4 }}
+ {{- with .Values.cainjector.deploymentAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ replicas: {{ .Values.cainjector.replicaCount }}
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: {{ include "cainjector.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "cainjector"
+ {{- with .Values.cainjector.strategy }}
+ strategy:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "cainjector.name" . }}
+ app.kubernetes.io/name: {{ include "cainjector.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "cainjector"
+ {{- include "labels" . | nindent 8 }}
+ {{- with .Values.cainjector.podLabels }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.cainjector.podAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ spec:
+ serviceAccountName: {{ template "cainjector.serviceAccountName" . }}
+ {{- with .Values.global.priorityClassName }}
+ priorityClassName: {{ . | quote }}
+ {{- end }}
+ {{- with .Values.cainjector.securityContext }}
+ securityContext:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ containers:
+ - name: {{ .Chart.Name }}
+ {{- with .Values.cainjector.image }}
+ image: "{{- if .registry -}}{{ .registry }}/{{- end -}}{{ .repository }}{{- if (.digest) -}} @{{ .digest }}{{- else -}}:{{ default $.Chart.AppVersion .tag }} {{- end -}}"
+ {{- end }}
+ imagePullPolicy: {{ .Values.cainjector.image.pullPolicy }}
+ args:
+ {{- if .Values.global.logLevel }}
+ - --v={{ .Values.global.logLevel }}
+ {{- end }}
+ {{- with .Values.global.leaderElection }}
+ - --leader-election-namespace={{ .namespace }}
+ {{- if .leaseDuration }}
+ - --leader-election-lease-duration={{ .leaseDuration }}
+ {{- end }}
+ {{- if .renewDeadline }}
+ - --leader-election-renew-deadline={{ .renewDeadline }}
+ {{- end }}
+ {{- if .retryPeriod }}
+ - --leader-election-retry-period={{ .retryPeriod }}
+ {{- end }}
+ {{- end }}
+ {{- with .Values.cainjector.extraArgs }}
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ {{- with .Values.cainjector.containerSecurityContext }}
+ securityContext:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ {{- with .Values.cainjector.resources }}
+ resources:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ {{- with .Values.cainjector.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.cainjector.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.cainjector.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/cert-manager/templates/cainjector-psp-clusterrole.yaml b/charts/cert-manager/templates/cainjector-psp-clusterrole.yaml
new file mode 100644
index 0000000..b75b9eb
--- /dev/null
+++ b/charts/cert-manager/templates/cainjector-psp-clusterrole.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.cainjector.enabled }}
+{{- if .Values.global.podSecurityPolicy.enabled }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ template "cainjector.fullname" . }}-psp
+ labels:
+ app: {{ include "cainjector.name" . }}
+ app.kubernetes.io/name: {{ include "cainjector.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "cainjector"
+ {{- include "labels" . | nindent 4 }}
+rules:
+- apiGroups: ['policy']
+ resources: ['podsecuritypolicies']
+ verbs: ['use']
+ resourceNames:
+ - {{ template "cainjector.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/cert-manager/templates/cainjector-psp-clusterrolebinding.yaml b/charts/cert-manager/templates/cainjector-psp-clusterrolebinding.yaml
new file mode 100644
index 0000000..b287802
--- /dev/null
+++ b/charts/cert-manager/templates/cainjector-psp-clusterrolebinding.yaml
@@ -0,0 +1,22 @@
+{{- if .Values.cainjector.enabled }}
+{{- if .Values.global.podSecurityPolicy.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ template "cainjector.fullname" . }}-psp
+ labels:
+ app: {{ include "cainjector.name" . }}
+ app.kubernetes.io/name: {{ include "cainjector.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "cainjector"
+ {{- include "labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "cainjector.fullname" . }}-psp
+subjects:
+ - kind: ServiceAccount
+ name: {{ template "cainjector.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
diff --git a/charts/cert-manager/templates/cainjector-psp.yaml b/charts/cert-manager/templates/cainjector-psp.yaml
new file mode 100644
index 0000000..24f01da
--- /dev/null
+++ b/charts/cert-manager/templates/cainjector-psp.yaml
@@ -0,0 +1,51 @@
+{{- if .Values.cainjector.enabled }}
+{{- if .Values.global.podSecurityPolicy.enabled }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ template "cainjector.fullname" . }}
+ labels:
+ app: {{ include "cainjector.name" . }}
+ app.kubernetes.io/name: {{ include "cainjector.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "cainjector"
+ {{- include "labels" . | nindent 4 }}
+ annotations:
+ seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default'
+ seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
+ {{- if .Values.global.podSecurityPolicy.useAppArmor }}
+ apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
+ apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
+ {{- end }}
+spec:
+ privileged: false
+ allowPrivilegeEscalation: false
+ allowedCapabilities: [] # default set of capabilities are implicitly allowed
+ volumes:
+ - 'configMap'
+ - 'emptyDir'
+ - 'projected'
+ - 'secret'
+ - 'downwardAPI'
+ hostNetwork: false
+ hostIPC: false
+ hostPID: false
+ runAsUser:
+ rule: 'MustRunAs'
+ ranges:
+ - min: 1000
+ max: 1000
+ seLinux:
+ rule: 'RunAsAny'
+ supplementalGroups:
+ rule: 'MustRunAs'
+ ranges:
+ - min: 1000
+ max: 1000
+ fsGroup:
+ rule: 'MustRunAs'
+ ranges:
+ - min: 1000
+ max: 1000
+{{- end }}
+{{- end }}
diff --git a/charts/cert-manager/templates/cainjector-rbac.yaml b/charts/cert-manager/templates/cainjector-rbac.yaml
new file mode 100644
index 0000000..922d702
--- /dev/null
+++ b/charts/cert-manager/templates/cainjector-rbac.yaml
@@ -0,0 +1,114 @@
+{{- if .Values.cainjector.enabled }}
+{{- if .Values.global.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "cainjector.fullname" . }}
+ labels:
+ app: {{ include "cainjector.name" . }}
+ app.kubernetes.io/name: {{ include "cainjector.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "cainjector"
+ {{- include "labels" . | nindent 4 }}
+rules:
+ - apiGroups: ["cert-manager.io"]
+ resources: ["certificates"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: [""]
+ resources: ["secrets"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: [""]
+ resources: ["events"]
+ verbs: ["get", "create", "update", "patch"]
+ - apiGroups: ["admissionregistration.k8s.io"]
+ resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"]
+ verbs: ["get", "list", "watch", "update"]
+ - apiGroups: ["apiregistration.k8s.io"]
+ resources: ["apiservices"]
+ verbs: ["get", "list", "watch", "update"]
+ - apiGroups: ["apiextensions.k8s.io"]
+ resources: ["customresourcedefinitions"]
+ verbs: ["get", "list", "watch", "update"]
+ - apiGroups: ["auditregistration.k8s.io"]
+ resources: ["auditsinks"]
+ verbs: ["get", "list", "watch", "update"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ template "cainjector.fullname" . }}
+ labels:
+ app: {{ include "cainjector.name" . }}
+ app.kubernetes.io/name: {{ include "cainjector.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "cainjector"
+ {{- include "labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "cainjector.fullname" . }}
+subjects:
+ - name: {{ template "cainjector.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ kind: ServiceAccount
+
+---
+# leader election rules
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ template "cainjector.fullname" . }}:leaderelection
+ namespace: {{ .Values.global.leaderElection.namespace }}
+ labels:
+ app: {{ include "cainjector.name" . }}
+ app.kubernetes.io/name: {{ include "cainjector.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "cainjector"
+ {{- include "labels" . | nindent 4 }}
+rules:
+ # Used for leader election by the controller
+ # cert-manager-cainjector-leader-election is used by the CertificateBased injector controller
+ # see cmd/cainjector/start.go#L113
+ # cert-manager-cainjector-leader-election-core is used by the SecretBased injector controller
+ # see cmd/cainjector/start.go#L137
+ # See also: https://github.com/kubernetes-sigs/controller-runtime/pull/1144#discussion_r480173688
+ - apiGroups: [""]
+ resources: ["configmaps"]
+ resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"]
+ verbs: ["get", "update", "patch"]
+ - apiGroups: [""]
+ resources: ["configmaps"]
+ verbs: ["create"]
+ - apiGroups: ["coordination.k8s.io"]
+ resources: ["leases"]
+ resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"]
+ verbs: ["get", "update", "patch"]
+ - apiGroups: ["coordination.k8s.io"]
+ resources: ["leases"]
+ verbs: ["create"]
+
+---
+
+# grant cert-manager permission to manage the leaderelection configmap in the
+# leader election namespace
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ include "cainjector.fullname" . }}:leaderelection
+ namespace: {{ .Values.global.leaderElection.namespace }}
+ labels:
+ app: {{ include "cainjector.name" . }}
+ app.kubernetes.io/name: {{ include "cainjector.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "cainjector"
+ {{- include "labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ template "cainjector.fullname" . }}:leaderelection
+subjects:
+ - kind: ServiceAccount
+ name: {{ template "cainjector.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
diff --git a/charts/cert-manager/templates/cainjector-serviceaccount.yaml b/charts/cert-manager/templates/cainjector-serviceaccount.yaml
new file mode 100644
index 0000000..683ec1d
--- /dev/null
+++ b/charts/cert-manager/templates/cainjector-serviceaccount.yaml
@@ -0,0 +1,24 @@
+{{- if .Values.cainjector.enabled }}
+{{- if .Values.cainjector.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: {{ .Values.cainjector.serviceAccount.automountServiceAccountToken }}
+metadata:
+ name: {{ template "cainjector.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ {{- with .Values.cainjector.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ labels:
+ app: {{ include "cainjector.name" . }}
+ app.kubernetes.io/name: {{ include "cainjector.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "cainjector"
+ {{- include "labels" . | nindent 4 }}
+{{- with .Values.global.imagePullSecrets }}
+imagePullSecrets:
+ {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/cert-manager/templates/crds.yaml b/charts/cert-manager/templates/crds.yaml
new file mode 100644
index 0000000..f3d22af
--- /dev/null
+++ b/charts/cert-manager/templates/crds.yaml
@@ -0,0 +1,4154 @@
+{{- if .Values.installCRDs }}
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: certificaterequests.cert-manager.io
+ annotations:
+ cert-manager.io/inject-ca-from-secret: '{{ template "webhook.caRef" . }}'
+ labels:
+ app: '{{ template "cert-manager.name" . }}'
+ app.kubernetes.io/name: '{{ template "cert-manager.name" . }}'
+ app.kubernetes.io/instance: '{{ .Release.Name }}'
+ # Generated labels {{- include "labels" . | nindent 4 }}
+spec:
+ group: cert-manager.io
+ names:
+ kind: CertificateRequest
+ listKind: CertificateRequestList
+ plural: certificaterequests
+ shortNames:
+ - cr
+ - crs
+ singular: certificaterequest
+ categories:
+ - cert-manager
+ scope: Namespaced
+ versions:
+ - name: v1
+ subresources:
+ status: {}
+ additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=="Approved")].status
+ name: Approved
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Denied")].status
+ name: Denied
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .spec.issuerRef.name
+ name: Issuer
+ type: string
+ - jsonPath: .spec.username
+ name: Requestor
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ priority: 1
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
+ name: Age
+ type: date
+ schema:
+ openAPIV3Schema:
+ description: "A CertificateRequest is used to request a signed certificate from one of the configured issuers. \n All fields within the CertificateRequest's `spec` are immutable after creation. A CertificateRequest will either succeed or fail, as denoted by its `status.state` field. \n A CertificateRequest is a one-shot resource, meaning it represents a single point in time request for a certificate and cannot be re-used."
+ type: object
+ required:
+ - spec
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Desired state of the CertificateRequest resource.
+ type: object
+ required:
+ - issuerRef
+ - request
+ properties:
+ duration:
+ description: The requested 'duration' (i.e. lifetime) of the Certificate. This option may be ignored/overridden by some issuer types.
+ type: string
+ extra:
+ description: Extra contains extra attributes of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable.
+ type: object
+ additionalProperties:
+ type: array
+ items:
+ type: string
+ groups:
+ description: Groups contains group membership of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable.
+ type: array
+ items:
+ type: string
+ x-kubernetes-list-type: atomic
+ isCA:
+ description: IsCA will request to mark the certificate as valid for certificate signing when submitting to the issuer. This will automatically add the `cert sign` usage to the list of `usages`.
+ type: boolean
+ issuerRef:
+ description: IssuerRef is a reference to the issuer for this CertificateRequest. If the `kind` field is not set, or set to `Issuer`, an Issuer resource with the given name in the same namespace as the CertificateRequest will be used. If the `kind` field is set to `ClusterIssuer`, a ClusterIssuer with the provided name will be used. The `name` field in this stanza is required at all times. The group field refers to the API group of the issuer which defaults to `cert-manager.io` if empty.
+ type: object
+ required:
+ - name
+ properties:
+ group:
+ description: Group of the resource being referred to.
+ type: string
+ kind:
+ description: Kind of the resource being referred to.
+ type: string
+ name:
+ description: Name of the resource being referred to.
+ type: string
+ request:
+ description: The PEM-encoded x509 certificate signing request to be submitted to the CA for signing.
+ type: string
+ format: byte
+ uid:
+ description: UID contains the uid of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable.
+ type: string
+ usages:
+ description: Usages is the set of x509 usages that are requested for the certificate. If usages are set they SHOULD be encoded inside the CSR spec Defaults to `digital signature` and `key encipherment` if not specified.
+ type: array
+ items:
+ description: 'KeyUsage specifies valid usage contexts for keys. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 Valid KeyUsage values are as follows: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher only", "any", "server auth", "client auth", "code signing", "email protection", "s/mime", "ipsec end system", "ipsec tunnel", "ipsec user", "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc"'
+ type: string
+ enum:
+ - signing
+ - digital signature
+ - content commitment
+ - key encipherment
+ - key agreement
+ - data encipherment
+ - cert sign
+ - crl sign
+ - encipher only
+ - decipher only
+ - any
+ - server auth
+ - client auth
+ - code signing
+ - email protection
+ - s/mime
+ - ipsec end system
+ - ipsec tunnel
+ - ipsec user
+ - timestamping
+ - ocsp signing
+ - microsoft sgc
+ - netscape sgc
+ username:
+ description: Username contains the name of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable.
+ type: string
+ status:
+ description: Status of the CertificateRequest. This is set and managed automatically.
+ type: object
+ properties:
+ ca:
+ description: The PEM encoded x509 certificate of the signer, also known as the CA (Certificate Authority). This is set on a best-effort basis by different issuers. If not set, the CA is assumed to be unknown/not available.
+ type: string
+ format: byte
+ certificate:
+ description: The PEM encoded x509 certificate resulting from the certificate signing request. If not set, the CertificateRequest has either not been completed or has failed. More information on failure can be found by checking the `conditions` field.
+ type: string
+ format: byte
+ conditions:
+ description: List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready` and `InvalidRequest`.
+ type: array
+ items:
+ description: CertificateRequestCondition contains condition information for a CertificateRequest.
+ type: object
+ required:
+ - status
+ - type
+ properties:
+ lastTransitionTime:
+ description: LastTransitionTime is the timestamp corresponding to the last status change of this condition.
+ type: string
+ format: date-time
+ message:
+ description: Message is a human readable description of the details of the last transition, complementing reason.
+ type: string
+ reason:
+ description: Reason is a brief machine readable explanation for the condition's last transition.
+ type: string
+ status:
+ description: Status of the condition, one of (`True`, `False`, `Unknown`).
+ type: string
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type:
+ description: Type of the condition, known values are (`Ready`, `InvalidRequest`, `Approved`, `Denied`).
+ type: string
+ failureTime:
+ description: FailureTime stores the time that this CertificateRequest failed. This is used to influence garbage collection and back-off.
+ type: string
+ format: date-time
+ served: true
+ storage: true
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: certificates.cert-manager.io
+ annotations:
+ cert-manager.io/inject-ca-from-secret: '{{ template "webhook.caRef" . }}'
+ labels:
+ app: '{{ template "cert-manager.name" . }}'
+ app.kubernetes.io/name: '{{ template "cert-manager.name" . }}'
+ app.kubernetes.io/instance: '{{ .Release.Name }}'
+ # Generated labels {{- include "labels" . | nindent 4 }}
+spec:
+ group: cert-manager.io
+ names:
+ kind: Certificate
+ listKind: CertificateList
+ plural: certificates
+ shortNames:
+ - cert
+ - certs
+ singular: certificate
+ categories:
+ - cert-manager
+ scope: Namespaced
+ versions:
+ - name: v1
+ subresources:
+ status: {}
+ additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .spec.secretName
+ name: Secret
+ type: string
+ - jsonPath: .spec.issuerRef.name
+ name: Issuer
+ priority: 1
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ priority: 1
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
+ name: Age
+ type: date
+ schema:
+ openAPIV3Schema:
+ description: "A Certificate resource should be created to ensure an up to date and signed x509 certificate is stored in the Kubernetes Secret resource named in `spec.secretName`. \n The stored certificate will be renewed before it expires (as configured by `spec.renewBefore`)."
+ type: object
+ required:
+ - spec
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Desired state of the Certificate resource.
+ type: object
+ required:
+ - issuerRef
+ - secretName
+ properties:
+ additionalOutputFormats:
+ description: AdditionalOutputFormats defines extra output formats of the private key and signed certificate chain to be written to this Certificate's target Secret. This is an Alpha Feature and is only enabled with the `--feature-gates=AdditionalCertificateOutputFormats=true` option on both the controller and webhook components.
+ type: array
+ items:
+ description: CertificateAdditionalOutputFormat defines an additional output format of a Certificate resource. These contain supplementary data formats of the signed certificate chain and paired private key.
+ type: object
+ required:
+ - type
+ properties:
+ type:
+ description: Type is the name of the format type that should be written to the Certificate's target Secret.
+ type: string
+ enum:
+ - DER
+ - CombinedPEM
+ commonName:
+ description: 'CommonName is a common name to be used on the Certificate. The CommonName should have a length of 64 characters or fewer to avoid generating invalid CSRs. This value is ignored by TLS clients when any subject alt name is set. This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4'
+ type: string
+ dnsNames:
+ description: DNSNames is a list of DNS subjectAltNames to be set on the Certificate.
+ type: array
+ items:
+ type: string
+ duration:
+ description: The requested 'duration' (i.e. lifetime) of the Certificate. This option may be ignored/overridden by some issuer types. If unset this defaults to 90 days. Certificate will be renewed either 2/3 through its duration or `renewBefore` period before its expiry, whichever is later. Minimum accepted duration is 1 hour. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration
+ type: string
+ emailAddresses:
+ description: EmailAddresses is a list of email subjectAltNames to be set on the Certificate.
+ type: array
+ items:
+ type: string
+ encodeUsagesInRequest:
+ description: EncodeUsagesInRequest controls whether key usages should be present in the CertificateRequest
+ type: boolean
+ ipAddresses:
+ description: IPAddresses is a list of IP address subjectAltNames to be set on the Certificate.
+ type: array
+ items:
+ type: string
+ isCA:
+ description: IsCA will mark this Certificate as valid for certificate signing. This will automatically add the `cert sign` usage to the list of `usages`.
+ type: boolean
+ issuerRef:
+ description: IssuerRef is a reference to the issuer for this certificate. If the `kind` field is not set, or set to `Issuer`, an Issuer resource with the given name in the same namespace as the Certificate will be used. If the `kind` field is set to `ClusterIssuer`, a ClusterIssuer with the provided name will be used. The `name` field in this stanza is required at all times.
+ type: object
+ required:
+ - name
+ properties:
+ group:
+ description: Group of the resource being referred to.
+ type: string
+ kind:
+ description: Kind of the resource being referred to.
+ type: string
+ name:
+ description: Name of the resource being referred to.
+ type: string
+ keystores:
+ description: Keystores configures additional keystore output formats stored in the `secretName` Secret resource.
+ type: object
+ properties:
+ jks:
+ description: JKS configures options for storing a JKS keystore in the `spec.secretName` Secret resource.
+ type: object
+ required:
+ - create
+ - passwordSecretRef
+ properties:
+ create:
+ description: Create enables JKS keystore creation for the Certificate. If true, a file named `keystore.jks` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will only be updated upon re-issuance. A file named `truststore.jks` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority
+ type: boolean
+ passwordSecretRef:
+ description: PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the JKS keystore.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ pkcs12:
+ description: PKCS12 configures options for storing a PKCS12 keystore in the `spec.secretName` Secret resource.
+ type: object
+ required:
+ - create
+ - passwordSecretRef
+ properties:
+ create:
+ description: Create enables PKCS12 keystore creation for the Certificate. If true, a file named `keystore.p12` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will only be updated upon re-issuance. A file named `truststore.p12` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority
+ type: boolean
+ passwordSecretRef:
+ description: PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the PKCS12 keystore.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ privateKey:
+ description: Options to control private keys used for the Certificate.
+ type: object
+ properties:
+ algorithm:
+ description: Algorithm is the private key algorithm of the corresponding private key for this certificate. If provided, allowed values are either `RSA`,`Ed25519` or `ECDSA` If `algorithm` is specified and `size` is not provided, key size of 256 will be used for `ECDSA` key algorithm and key size of 2048 will be used for `RSA` key algorithm. key size is ignored when using the `Ed25519` key algorithm.
+ type: string
+ enum:
+ - RSA
+ - ECDSA
+ - Ed25519
+ encoding:
+ description: The private key cryptography standards (PKCS) encoding for this certificate's private key to be encoded in. If provided, allowed values are `PKCS1` and `PKCS8` standing for PKCS#1 and PKCS#8, respectively. Defaults to `PKCS1` if not specified.
+ type: string
+ enum:
+ - PKCS1
+ - PKCS8
+ rotationPolicy:
+ description: RotationPolicy controls how private keys should be regenerated when a re-issuance is being processed. If set to Never, a private key will only be generated if one does not already exist in the target `spec.secretName`. If one does exists but it does not have the correct algorithm or size, a warning will be raised to await user intervention. If set to Always, a private key matching the specified requirements will be generated whenever a re-issuance occurs. Default is 'Never' for backward compatibility.
+ type: string
+ size:
+ description: Size is the key bit size of the corresponding private key for this certificate. If `algorithm` is set to `RSA`, valid values are `2048`, `4096` or `8192`, and will default to `2048` if not specified. If `algorithm` is set to `ECDSA`, valid values are `256`, `384` or `521`, and will default to `256` if not specified. If `algorithm` is set to `Ed25519`, Size is ignored. No other values are allowed.
+ type: integer
+ renewBefore:
+ description: How long before the currently issued certificate's expiry cert-manager should renew the certificate. The default is 2/3 of the issued certificate's duration. Minimum accepted value is 5 minutes. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration
+ type: string
+ revisionHistoryLimit:
+ description: revisionHistoryLimit is the maximum number of CertificateRequest revisions that are maintained in the Certificate's history. Each revision represents a single `CertificateRequest` created by this Certificate, either when it was created, renewed, or Spec was changed. Revisions will be removed by oldest first if the number of revisions exceeds this number. If set, revisionHistoryLimit must be a value of `1` or greater. If unset (`nil`), revisions will not be garbage collected. Default value is `nil`.
+ type: integer
+ format: int32
+ secretName:
+ description: SecretName is the name of the secret resource that will be automatically created and managed by this Certificate resource. It will be populated with a private key and certificate, signed by the denoted issuer.
+ type: string
+ secretTemplate:
+ description: SecretTemplate defines annotations and labels to be copied to the Certificate's Secret. Labels and annotations on the Secret will be changed as they appear on the SecretTemplate when added or removed. SecretTemplate annotations are added in conjunction with, and cannot overwrite, the base set of annotations cert-manager sets on the Certificate's Secret.
+ type: object
+ properties:
+ annotations:
+ description: Annotations is a key value map to be copied to the target Kubernetes Secret.
+ type: object
+ additionalProperties:
+ type: string
+ labels:
+ description: Labels is a key value map to be copied to the target Kubernetes Secret.
+ type: object
+ additionalProperties:
+ type: string
+ subject:
+ description: Full X509 name specification (https://golang.org/pkg/crypto/x509/pkix/#Name).
+ type: object
+ properties:
+ countries:
+ description: Countries to be used on the Certificate.
+ type: array
+ items:
+ type: string
+ localities:
+ description: Cities to be used on the Certificate.
+ type: array
+ items:
+ type: string
+ organizationalUnits:
+ description: Organizational Units to be used on the Certificate.
+ type: array
+ items:
+ type: string
+ organizations:
+ description: Organizations to be used on the Certificate.
+ type: array
+ items:
+ type: string
+ postalCodes:
+ description: Postal codes to be used on the Certificate.
+ type: array
+ items:
+ type: string
+ provinces:
+ description: State/Provinces to be used on the Certificate.
+ type: array
+ items:
+ type: string
+ serialNumber:
+ description: Serial number to be used on the Certificate.
+ type: string
+ streetAddresses:
+ description: Street addresses to be used on the Certificate.
+ type: array
+ items:
+ type: string
+ uris:
+ description: URIs is a list of URI subjectAltNames to be set on the Certificate.
+ type: array
+ items:
+ type: string
+ usages:
+ description: Usages is the set of x509 usages that are requested for the certificate. Defaults to `digital signature` and `key encipherment` if not specified.
+ type: array
+ items:
+ description: 'KeyUsage specifies valid usage contexts for keys. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 Valid KeyUsage values are as follows: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher only", "any", "server auth", "client auth", "code signing", "email protection", "s/mime", "ipsec end system", "ipsec tunnel", "ipsec user", "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc"'
+ type: string
+ enum:
+ - signing
+ - digital signature
+ - content commitment
+ - key encipherment
+ - key agreement
+ - data encipherment
+ - cert sign
+ - crl sign
+ - encipher only
+ - decipher only
+ - any
+ - server auth
+ - client auth
+ - code signing
+ - email protection
+ - s/mime
+ - ipsec end system
+ - ipsec tunnel
+ - ipsec user
+ - timestamping
+ - ocsp signing
+ - microsoft sgc
+ - netscape sgc
+ status:
+ description: Status of the Certificate. This is set and managed automatically.
+ type: object
+ properties:
+ conditions:
+ description: List of status conditions to indicate the status of certificates. Known condition types are `Ready` and `Issuing`.
+ type: array
+ items:
+ description: CertificateCondition contains condition information for an Certificate.
+ type: object
+ required:
+ - status
+ - type
+ properties:
+ lastTransitionTime:
+ description: LastTransitionTime is the timestamp corresponding to the last status change of this condition.
+ type: string
+ format: date-time
+ message:
+ description: Message is a human readable description of the details of the last transition, complementing reason.
+ type: string
+ observedGeneration:
+ description: If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Certificate.
+ type: integer
+ format: int64
+ reason:
+ description: Reason is a brief machine readable explanation for the condition's last transition.
+ type: string
+ status:
+ description: Status of the condition, one of (`True`, `False`, `Unknown`).
+ type: string
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type:
+ description: Type of the condition, known values are (`Ready`, `Issuing`).
+ type: string
+ lastFailureTime:
+ description: LastFailureTime is the time as recorded by the Certificate controller of the most recent failure to complete a CertificateRequest for this Certificate resource. If set, cert-manager will not re-request another Certificate until 1 hour has elapsed from this time.
+ type: string
+ format: date-time
+ nextPrivateKeySecretName:
+ description: The name of the Secret resource containing the private key to be used for the next certificate iteration. The keymanager controller will automatically set this field if the `Issuing` condition is set to `True`. It will automatically unset this field when the Issuing condition is not set or False.
+ type: string
+ notAfter:
+ description: The expiration time of the certificate stored in the secret named by this resource in `spec.secretName`.
+ type: string
+ format: date-time
+ notBefore:
+ description: The time after which the certificate stored in the secret named by this resource in spec.secretName is valid.
+ type: string
+ format: date-time
+ renewalTime:
+ description: RenewalTime is the time at which the certificate will be next renewed. If not set, no upcoming renewal is scheduled.
+ type: string
+ format: date-time
+ revision:
+ description: "The current 'revision' of the certificate as issued. \n When a CertificateRequest resource is created, it will have the `cert-manager.io/certificate-revision` set to one greater than the current value of this field. \n Upon issuance, this field will be set to the value of the annotation on the CertificateRequest resource used to issue the certificate. \n Persisting the value on the CertificateRequest resource allows the certificates controller to know whether a request is part of an old issuance or if it is part of the ongoing revision's issuance by checking if the revision value in the annotation is greater than this field."
+ type: integer
+ served: true
+ storage: true
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: challenges.acme.cert-manager.io
+ annotations:
+ cert-manager.io/inject-ca-from-secret: '{{ template "webhook.caRef" . }}'
+ labels:
+ app: '{{ template "cert-manager.name" . }}'
+ app.kubernetes.io/name: '{{ template "cert-manager.name" . }}'
+ app.kubernetes.io/instance: '{{ .Release.Name }}'
+ # Generated labels {{- include "labels" . | nindent 4 }}
+spec:
+ group: acme.cert-manager.io
+ names:
+ kind: Challenge
+ listKind: ChallengeList
+ plural: challenges
+ singular: challenge
+ categories:
+ - cert-manager
+ - cert-manager-acme
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.state
+ name: State
+ type: string
+ - jsonPath: .spec.dnsName
+ name: Domain
+ type: string
+ - jsonPath: .status.reason
+ name: Reason
+ priority: 1
+ type: string
+ - description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: Challenge is a type to represent a Challenge request with an ACME server
+ type: object
+ required:
+ - metadata
+ - spec
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ type: object
+ required:
+ - authorizationURL
+ - dnsName
+ - issuerRef
+ - key
+ - solver
+ - token
+ - type
+ - url
+ properties:
+ authorizationURL:
+ description: The URL to the ACME Authorization resource that this challenge is a part of.
+ type: string
+ dnsName:
+ description: dnsName is the identifier that this challenge is for, e.g. example.com. If the requested DNSName is a 'wildcard', this field MUST be set to the non-wildcard domain, e.g. for `*.example.com`, it must be `example.com`.
+ type: string
+ issuerRef:
+ description: References a properly configured ACME-type Issuer which should be used to create this Challenge. If the Issuer does not exist, processing will be retried. If the Issuer is not an 'ACME' Issuer, an error will be returned and the Challenge will be marked as failed.
+ type: object
+ required:
+ - name
+ properties:
+ group:
+ description: Group of the resource being referred to.
+ type: string
+ kind:
+ description: Kind of the resource being referred to.
+ type: string
+ name:
+ description: Name of the resource being referred to.
+ type: string
+ key:
+ description: 'The ACME challenge key for this challenge For HTTP01 challenges, this is the value that must be responded with to complete the HTTP01 challenge in the format: `<private key JWK thumbprint>.<key from acme server for challenge>`. For DNS01 challenges, this is the base64 encoded SHA256 sum of the `<private key JWK thumbprint>.<key from acme server for challenge>` text that must be set as the TXT record content.'
+ type: string
+ solver:
+ description: Contains the domain solving configuration that should be used to solve this challenge resource.
+ type: object
+ properties:
+ dns01:
+ description: Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow.
+ type: object
+ properties:
+ acmeDNS:
+ description: Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records.
+ type: object
+ required:
+ - accountSecretRef
+ - host
+ properties:
+ accountSecretRef:
+ description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ host:
+ type: string
+ akamai:
+ description: Use the Akamai DNS zone management API to manage DNS01 challenge records.
+ type: object
+ required:
+ - accessTokenSecretRef
+ - clientSecretSecretRef
+ - clientTokenSecretRef
+ - serviceConsumerDomain
+ properties:
+ accessTokenSecretRef:
+ description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ clientSecretSecretRef:
+ description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ clientTokenSecretRef:
+ description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ serviceConsumerDomain:
+ type: string
+ azureDNS:
+ description: Use the Microsoft Azure DNS API to manage DNS01 challenge records.
+ type: object
+ required:
+ - resourceGroupName
+ - subscriptionID
+ properties:
+ clientID:
+ description: if both this and ClientSecret are left unset MSI will be used
+ type: string
+ clientSecretSecretRef:
+ description: if both this and ClientID are left unset MSI will be used
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ environment:
+ description: name of the Azure environment (default AzurePublicCloud)
+ type: string
+ enum:
+ - AzurePublicCloud
+ - AzureChinaCloud
+ - AzureGermanCloud
+ - AzureUSGovernmentCloud
+ hostedZoneName:
+ description: name of the DNS zone that should be used
+ type: string
+ managedIdentity:
+ description: managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID
+ type: object
+ properties:
+ clientID:
+ description: client ID of the managed identity, can not be used at the same time as resourceID
+ type: string
+ resourceID:
+ description: resource ID of the managed identity, can not be used at the same time as clientID
+ type: string
+ resourceGroupName:
+ description: resource group the DNS zone is located in
+ type: string
+ subscriptionID:
+ description: ID of the Azure subscription
+ type: string
+ tenantID:
+ description: when specifying ClientID and ClientSecret then this field is also needed
+ type: string
+ cloudDNS:
+ description: Use the Google Cloud DNS API to manage DNS01 challenge records.
+ type: object
+ required:
+ - project
+ properties:
+ hostedZoneName:
+ description: HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone.
+ type: string
+ project:
+ type: string
+ serviceAccountSecretRef:
+ description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ cloudflare:
+ description: Use the Cloudflare API to manage DNS01 challenge records.
+ type: object
+ properties:
+ apiKeySecretRef:
+ description: 'API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions.'
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ apiTokenSecretRef:
+ description: API token used to authenticate with Cloudflare.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ email:
+ description: Email of the account, only required when using API key based authentication.
+ type: string
+ cnameStrategy:
+ description: CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones.
+ type: string
+ enum:
+ - None
+ - Follow
+ digitalocean:
+ description: Use the DigitalOcean DNS API to manage DNS01 challenge records.
+ type: object
+ required:
+ - tokenSecretRef
+ properties:
+ tokenSecretRef:
+ description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ rfc2136:
+ description: Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records.
+ type: object
+ required:
+ - nameserver
+ properties:
+ nameserver:
+ description: The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required.
+ type: string
+ tsigAlgorithm:
+ description: 'The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.'
+ type: string
+ tsigKeyName:
+ description: The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required.
+ type: string
+ tsigSecretSecretRef:
+ description: The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ route53:
+ description: Use the AWS Route53 API to manage DNS01 challenge records.
+ type: object
+ required:
+ - region
+ properties:
+ accessKeyID:
+ description: 'The AccessKeyID is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
+ type: string
+ hostedZoneID:
+ description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call.
+ type: string
+ region:
+ description: Always set the region when using AccessKeyID and SecretAccessKey
+ type: string
+ role:
+ description: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata
+ type: string
+ secretAccessKeySecretRef:
+ description: The SecretAccessKey is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ webhook:
+ description: Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records.
+ type: object
+ required:
+ - groupName
+ - solverName
+ properties:
+ config:
+ description: Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation.
+ x-kubernetes-preserve-unknown-fields: true
+ groupName:
+ description: The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation.
+ type: string
+ solverName:
+ description: The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'.
+ type: string
+ http01:
+ description: Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism.
+ type: object
+ properties:
+ gatewayHTTPRoute:
+ description: The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future.
+ type: object
+ properties:
+ labels:
+ description: The labels that cert-manager will use when creating the temporary HTTPRoute needed for solving the HTTP-01 challenge. These labels must match the label selector of at least one Gateway.
+ type: object
+ additionalProperties:
+ type: string
+ serviceType:
+ description: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort.
+ type: string
+ ingress:
+ description: The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed.
+ type: object
+ properties:
+ class:
+ description: The ingress class to use when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of 'class' or 'name' may be specified.
+ type: string
+ ingressTemplate:
+ description: Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges.
+ type: object
+ properties:
+ metadata:
+ description: ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values.
+ type: object
+ properties:
+ annotations:
+ description: Annotations that should be added to the created ACME HTTP01 solver ingress.
+ type: object
+ additionalProperties:
+ type: string
+ labels:
+ description: Labels that should be added to the created ACME HTTP01 solver ingress.
+ type: object
+ additionalProperties:
+ type: string
+ name:
+ description: The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources.
+ type: string
+ podTemplate:
+ description: Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges.
+ type: object
+ properties:
+ metadata:
+ description: ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values.
+ type: object
+ properties:
+ annotations:
+ description: Annotations that should be added to the create ACME HTTP01 solver pods.
+ type: object
+ additionalProperties:
+ type: string
+ labels:
+ description: Labels that should be added to the created ACME HTTP01 solver pods.
+ type: object
+ additionalProperties:
+ type: string
+ spec:
+ description: PodSpec defines overrides for the HTTP01 challenge solver pod. Only the 'priorityClassName', 'nodeSelector', 'affinity', 'serviceAccountName' and 'tolerations' fields are supported currently. All other fields will be ignored.
+ type: object
+ properties:
+ affinity:
+ description: If specified, the pod's scheduling constraints
+ type: object
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for the pod.
+ type: object
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
+ type: array
+ items:
+ description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ type: object
+ required:
+ - preference
+ - weight
+ properties:
+ preference:
+ description: A node selector term, associated with the corresponding weight.
+ type: object
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements by node's labels.
+ type: array
+ items:
+ description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ type: object
+ required:
+ - key
+ - operator
+ properties:
+ key:
+ description: The label key that the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ matchFields:
+ description: A list of node selector requirements by node's fields.
+ type: array
+ items:
+ description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ type: object
+ required:
+ - key
+ - operator
+ properties:
+ key:
+ description: The label key that the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ weight:
+ description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
+ type: integer
+ format: int32
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
+ type: object
+ required:
+ - nodeSelectorTerms
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms. The terms are ORed.
+ type: array
+ items:
+ description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ type: object
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements by node's labels.
+ type: array
+ items:
+ description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ type: object
+ required:
+ - key
+ - operator
+ properties:
+ key:
+ description: The label key that the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ matchFields:
+ description: A list of node selector requirements by node's fields.
+ type: array
+ items:
+ description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ type: object
+ required:
+ - key
+ - operator
+ properties:
+ key:
+ description: The label key that the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
+ type: object
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+ type: array
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
+ type: object
+ required:
+ - podAffinityTerm
+ - weight
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated with the corresponding weight.
+ type: object
+ required:
+ - topologyKey
+ properties:
+ labelSelector:
+ description: A label query over a set of resources, in this case pods.
+ type: object
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ type: array
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ type: object
+ required:
+ - key
+ - operator
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ matchLabels:
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ additionalProperties:
+ type: string
+ namespaceSelector:
+ description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
+ type: object
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ type: array
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ type: object
+ required:
+ - key
+ - operator
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ matchLabels:
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ additionalProperties:
+ type: string
+ namespaces:
+ description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace"
+ type: array
+ items:
+ type: string
+ topologyKey:
+ description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ type: string
+ weight:
+ description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+ type: integer
+ format: int32
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ type: array
+ items:
+ description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+ type: object
+ required:
+ - topologyKey
+ properties:
+ labelSelector:
+ description: A label query over a set of resources, in this case pods.
+ type: object
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ type: array
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ type: object
+ required:
+ - key
+ - operator
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ matchLabels:
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ additionalProperties:
+ type: string
+ namespaceSelector:
+ description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
+ type: object
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ type: array
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ type: object
+ required:
+ - key
+ - operator
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ matchLabels:
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ additionalProperties:
+ type: string
+ namespaces:
+ description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace"
+ type: array
+ items:
+ type: string
+ topologyKey:
+ description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ type: string
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
+ type: object
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+ type: array
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
+ type: object
+ required:
+ - podAffinityTerm
+ - weight
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated with the corresponding weight.
+ type: object
+ required:
+ - topologyKey
+ properties:
+ labelSelector:
+ description: A label query over a set of resources, in this case pods.
+ type: object
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ type: array
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ type: object
+ required:
+ - key
+ - operator
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ matchLabels:
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ additionalProperties:
+ type: string
+ namespaceSelector:
+ description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
+ type: object
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ type: array
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ type: object
+ required:
+ - key
+ - operator
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ matchLabels:
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ additionalProperties:
+ type: string
+ namespaces:
+ description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace"
+ type: array
+ items:
+ type: string
+ topologyKey:
+ description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ type: string
+ weight:
+ description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+ type: integer
+ format: int32
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ type: array
+ items:
+ description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+ type: object
+ required:
+ - topologyKey
+ properties:
+ labelSelector:
+ description: A label query over a set of resources, in this case pods.
+ type: object
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ type: array
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ type: object
+ required:
+ - key
+ - operator
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ matchLabels:
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ additionalProperties:
+ type: string
+ namespaceSelector:
+ description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
+ type: object
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ type: array
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ type: object
+ required:
+ - key
+ - operator
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ matchLabels:
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ additionalProperties:
+ type: string
+ namespaces:
+ description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace"
+ type: array
+ items:
+ type: string
+ topologyKey:
+ description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ type: string
+ nodeSelector:
+ description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
+ type: object
+ additionalProperties:
+ type: string
+ priorityClassName:
+ description: If specified, the pod's priorityClassName.
+ type: string
+ serviceAccountName:
+ description: If specified, the pod's service account
+ type: string
+ tolerations:
+ description: If specified, the pod's tolerations.
+ type: array
+ items:
+ description: The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
+ type: object
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
+ type: integer
+ format: int64
+ value:
+ description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ serviceType:
+ description: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort.
+ type: string
+ selector:
+ description: Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead.
+ type: object
+ properties:
+ dnsNames:
+ description: List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected.
+ type: array
+ items:
+ type: string
+ dnsZones:
+ description: List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected.
+ type: array
+ items:
+ type: string
+ matchLabels:
+ description: A label selector that is used to refine the set of certificate's that this challenge solver will apply to.
+ type: object
+ additionalProperties:
+ type: string
+ token:
+ description: The ACME challenge token for this challenge. This is the raw value returned from the ACME server.
+ type: string
+ type:
+ description: The type of ACME challenge this resource represents. One of "HTTP-01" or "DNS-01".
+ type: string
+ enum:
+ - HTTP-01
+ - DNS-01
+ url:
+ description: The URL of the ACME Challenge resource for this challenge. This can be used to lookup details about the status of this challenge.
+ type: string
+ wildcard:
+ description: wildcard will be true if this challenge is for a wildcard identifier, for example '*.example.com'.
+ type: boolean
+ status:
+ type: object
+ properties:
+ presented:
+ description: presented will be set to true if the challenge values for this challenge are currently 'presented'. This *does not* imply the self check is passing. Only that the values have been 'submitted' for the appropriate challenge mechanism (i.e. the DNS01 TXT record has been presented, or the HTTP01 configuration has been configured).
+ type: boolean
+ processing:
+ description: Used to denote whether this challenge should be processed or not. This field will only be set to true by the 'scheduling' component. It will only be set to false by the 'challenges' controller, after the challenge has reached a final state or timed out. If this field is set to false, the challenge controller will not take any more action.
+ type: boolean
+ reason:
+ description: Contains human readable information on why the Challenge is in the current state.
+ type: string
+ state:
+ description: Contains the current 'state' of the challenge. If not set, the state of the challenge is unknown.
+ type: string
+ enum:
+ - valid
+ - ready
+ - pending
+ - processing
+ - invalid
+ - expired
+ - errored
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: clusterissuers.cert-manager.io
+ annotations:
+ cert-manager.io/inject-ca-from-secret: '{{ template "webhook.caRef" . }}'
+ labels:
+ app: '{{ template "cert-manager.name" . }}'
+ app.kubernetes.io/name: '{{ template "cert-manager.name" . }}'
+ app.kubernetes.io/instance: '{{ .Release.Name }}'
+ # Generated labels {{- include "labels" . | nindent 4 }}
+spec:
+ group: cert-manager.io
+ names:
+ kind: ClusterIssuer
+ listKind: ClusterIssuerList
+ plural: clusterissuers
+ singular: clusterissuer
+ categories:
+ - cert-manager
+ scope: Cluster
+ versions:
+ - name: v1
+ subresources:
+ status: {}
+ additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ priority: 1
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
+ name: Age
+ type: date
+ schema:
+ openAPIV3Schema:
+ description: A ClusterIssuer represents a certificate issuing authority which can be referenced as part of `issuerRef` fields. It is similar to an Issuer, however it is cluster-scoped and therefore can be referenced by resources that exist in *any* namespace, not just the same namespace as the referent.
+ type: object
+ required:
+ - spec
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Desired state of the ClusterIssuer resource.
+ type: object
+ properties:
+ acme:
+ description: ACME configures this issuer to communicate with a RFC8555 (ACME) server to obtain signed x509 certificates.
+ type: object
+ required:
+ - privateKeySecretRef
+ - server
+ properties:
+ disableAccountKeyGeneration:
+ description: Enables or disables generating a new ACME account key. If true, the Issuer resource will *not* request a new account but will expect the account key to be supplied via an existing secret. If false, the cert-manager system will generate a new ACME account key for the Issuer. Defaults to false.
+ type: boolean
+ email:
+ description: Email is the email address to be associated with the ACME account. This field is optional, but it is strongly recommended to be set. It will be used to contact you in case of issues with your account or certificates, including expiry notification emails. This field may be updated after the account is initially registered.
+ type: string
+ enableDurationFeature:
+ description: Enables requesting a Not After date on certificates that matches the duration of the certificate. This is not supported by all ACME servers like Let's Encrypt. If set to true when the ACME server does not support it it will create an error on the Order. Defaults to false.
+ type: boolean
+ externalAccountBinding:
+ description: ExternalAccountBinding is a reference to a CA external account of the ACME server. If set, upon registration cert-manager will attempt to associate the given external account credentials with the registered ACME account.
+ type: object
+ required:
+ - keyID
+ - keySecretRef
+ properties:
+ keyAlgorithm:
+ description: 'Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme.'
+ type: string
+ enum:
+ - HS256
+ - HS384
+ - HS512
+ keyID:
+ description: keyID is the ID of the CA key that the External Account is bound to.
+ type: string
+ keySecretRef:
+ description: keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes Secret which holds the symmetric MAC key of the External Account Binding. The `key` is the index string that is paired with the key data in the Secret and should not be confused with the key data itself, or indeed with the External Account Binding keyID above. The secret key stored in the Secret **must** be un-padded, base64 URL encoded data.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ preferredChain:
+ description: 'PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let''s Encrypt''s DST crosssign you would use: "DST Root CA X3" or "ISRG Root X1" for the newer Let''s Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer''s CN'
+ type: string
+ maxLength: 64
+ privateKeySecretRef:
+ description: PrivateKey is the name of a Kubernetes Secret resource that will be used to store the automatically generated ACME account private key. Optionally, a `key` may be specified to select a specific entry within the named Secret resource. If `key` is not specified, a default of `tls.key` will be used.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ server:
+ description: 'Server is the URL used to access the ACME server''s ''directory'' endpoint. For example, for Let''s Encrypt''s staging endpoint, you would use: "https://acme-staging-v02.api.letsencrypt.org/directory". Only ACME v2 endpoints (i.e. RFC 8555) are supported.'
+ type: string
+ skipTLSVerify:
+ description: Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have their TLS certificate validated (i.e. insecure connections will be allowed). Only enable this option in development environments. The cert-manager system installed roots will be used to verify connections to the ACME server if this is false. Defaults to false.
+ type: boolean
+ solvers:
+ description: 'Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/'
+ type: array
+ items:
+ description: An ACMEChallengeSolver describes how to solve ACME challenges for the issuer it is part of. A selector may be provided to use different solving strategies for different DNS names. Only one of HTTP01 or DNS01 must be provided.
+ type: object
+ properties:
+ dns01:
+ description: Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow.
+ type: object
+ properties:
+ acmeDNS:
+ description: Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records.
+ type: object
+ required:
+ - accountSecretRef
+ - host
+ properties:
+ accountSecretRef:
+ description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ host:
+ type: string
+ akamai:
+ description: Use the Akamai DNS zone management API to manage DNS01 challenge records.
+ type: object
+ required:
+ - accessTokenSecretRef
+ - clientSecretSecretRef
+ - clientTokenSecretRef
+ - serviceConsumerDomain
+ properties:
+ accessTokenSecretRef:
+ description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ clientSecretSecretRef:
+ description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ clientTokenSecretRef:
+ description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ serviceConsumerDomain:
+ type: string
+ azureDNS:
+ description: Use the Microsoft Azure DNS API to manage DNS01 challenge records.
+ type: object
+ required:
+ - resourceGroupName
+ - subscriptionID
+ properties:
+ clientID:
+ description: if both this and ClientSecret are left unset MSI will be used
+ type: string
+ clientSecretSecretRef:
+ description: if both this and ClientID are left unset MSI will be used
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ environment:
+ description: name of the Azure environment (default AzurePublicCloud)
+ type: string
+ enum:
+ - AzurePublicCloud
+ - AzureChinaCloud
+ - AzureGermanCloud
+ - AzureUSGovernmentCloud
+ hostedZoneName:
+ description: name of the DNS zone that should be used
+ type: string
+ managedIdentity:
+ description: managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID
+ type: object
+ properties:
+ clientID:
+ description: client ID of the managed identity, can not be used at the same time as resourceID
+ type: string
+ resourceID:
+ description: resource ID of the managed identity, can not be used at the same time as clientID
+ type: string
+ resourceGroupName:
+ description: resource group the DNS zone is located in
+ type: string
+ subscriptionID:
+ description: ID of the Azure subscription
+ type: string
+ tenantID:
+ description: when specifying ClientID and ClientSecret then this field is also needed
+ type: string
+ cloudDNS:
+ description: Use the Google Cloud DNS API to manage DNS01 challenge records.
+ type: object
+ required:
+ - project
+ properties:
+ hostedZoneName:
+ description: HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone.
+ type: string
+ project:
+ type: string
+ serviceAccountSecretRef:
+ description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ cloudflare:
+ description: Use the Cloudflare API to manage DNS01 challenge records.
+ type: object
+ properties:
+ apiKeySecretRef:
+ description: 'API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions.'
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ apiTokenSecretRef:
+ description: API token used to authenticate with Cloudflare.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ email:
+ description: Email of the account, only required when using API key based authentication.
+ type: string
+ cnameStrategy:
+ description: CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones.
+ type: string
+ enum:
+ - None
+ - Follow
+ digitalocean:
+ description: Use the DigitalOcean DNS API to manage DNS01 challenge records.
+ type: object
+ required:
+ - tokenSecretRef
+ properties:
+ tokenSecretRef:
+ description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ rfc2136:
+ description: Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records.
+ type: object
+ required:
+ - nameserver
+ properties:
+ nameserver:
+ description: The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required.
+ type: string
+ tsigAlgorithm:
+ description: 'The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.'
+ type: string
+ tsigKeyName:
+ description: The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required.
+ type: string
+ tsigSecretSecretRef:
+ description: The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ route53:
+ description: Use the AWS Route53 API to manage DNS01 challenge records.
+ type: object
+ required:
+ - region
+ properties:
+ accessKeyID:
+ description: 'The AccessKeyID is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
+ type: string
+ hostedZoneID:
+ description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call.
+ type: string
+ region:
+ description: Always set the region when using AccessKeyID and SecretAccessKey
+ type: string
+ role:
+ description: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata
+ type: string
+ secretAccessKeySecretRef:
+ description: The SecretAccessKey is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ webhook:
+ description: Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records.
+ type: object
+ required:
+ - groupName
+ - solverName
+ properties:
+ config:
+ description: Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation.
+ x-kubernetes-preserve-unknown-fields: true
+ groupName:
+ description: The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation.
+ type: string
+ solverName:
+ description: The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'.
+ type: string
+ http01:
+ description: Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism.
+ type: object
+ properties:
+ gatewayHTTPRoute:
+ description: The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future.
+ type: object
+ properties:
+ labels:
+ description: The labels that cert-manager will use when creating the temporary HTTPRoute needed for solving the HTTP-01 challenge. These labels must match the label selector of at least one Gateway.
+ type: object
+ additionalProperties:
+ type: string
+ serviceType:
+ description: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort.
+ type: string
+ ingress:
+ description: The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed.
+ type: object
+ properties:
+ class:
+ description: The ingress class to use when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of 'class' or 'name' may be specified.
+ type: string
+ ingressTemplate:
+ description: Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges.
+ type: object
+ properties:
+ metadata:
+ description: ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values.
+ type: object
+ properties:
+ annotations:
+ description: Annotations that should be added to the created ACME HTTP01 solver ingress.
+ type: object
+ additionalProperties:
+ type: string
+ labels:
+ description: Labels that should be added to the created ACME HTTP01 solver ingress.
+ type: object
+ additionalProperties:
+ type: string
+ name:
+ description: The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources.
+ type: string
+ podTemplate:
+ description: Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges.
+ type: object
+ properties:
+ metadata:
+ description: ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values.
+ type: object
+ properties:
+ annotations:
+ description: Annotations that should be added to the create ACME HTTP01 solver pods.
+ type: object
+ additionalProperties:
+ type: string
+ labels:
+ description: Labels that should be added to the created ACME HTTP01 solver pods.
+ type: object
+ additionalProperties:
+ type: string
+ spec:
+ description: PodSpec defines overrides for the HTTP01 challenge solver pod. Only the 'priorityClassName', 'nodeSelector', 'affinity', 'serviceAccountName' and 'tolerations' fields are supported currently. All other fields will be ignored.
+ type: object
+ properties:
+ affinity:
+ description: If specified, the pod's scheduling constraints
+ type: object
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for the pod.
+ type: object
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
+ type: array
+ items:
+ description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ type: object
+ required:
+ - preference
+ - weight
+ properties:
+ preference:
+ description: A node selector term, associated with the corresponding weight.
+ type: object
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements by node's labels.
+ type: array
+ items:
+ description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ type: object
+ required:
+ - key
+ - operator
+ properties:
+ key:
+ description: The label key that the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ matchFields:
+ description: A list of node selector requirements by node's fields.
+ type: array
+ items:
+ description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ type: object
+ required:
+ - key
+ - operator
+ properties:
+ key:
+ description: The label key that the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ weight:
+ description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
+ type: integer
+ format: int32
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
+ type: object
+ required:
+ - nodeSelectorTerms
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms. The terms are ORed.
+ type: array
+ items:
+ description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ type: object
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements by node's labels.
+ type: array
+ items:
+ description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ type: object
+ required:
+ - key
+ - operator
+ properties:
+ key:
+ description: The label key that the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ matchFields:
+ description: A list of node selector requirements by node's fields.
+ type: array
+ items:
+ description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ type: object
+ required:
+ - key
+ - operator
+ properties:
+ key:
+ description: The label key that the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
+ type: object
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+ type: array
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
+ type: object
+ required:
+ - podAffinityTerm
+ - weight
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated with the corresponding weight.
+ type: object
+ required:
+ - topologyKey
+ properties:
+ labelSelector:
+ description: A label query over a set of resources, in this case pods.
+ type: object
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ type: array
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ type: object
+ required:
+ - key
+ - operator
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ matchLabels:
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ additionalProperties:
+ type: string
+ namespaceSelector:
+ description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
+ type: object
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ type: array
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ type: object
+ required:
+ - key
+ - operator
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ matchLabels:
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ additionalProperties:
+ type: string
+ namespaces:
+ description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace"
+ type: array
+ items:
+ type: string
+ topologyKey:
+ description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ type: string
+ weight:
+ description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+ type: integer
+ format: int32
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ type: array
+ items:
+ description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+ type: object
+ required:
+ - topologyKey
+ properties:
+ labelSelector:
+ description: A label query over a set of resources, in this case pods.
+ type: object
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ type: array
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ type: object
+ required:
+ - key
+ - operator
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ matchLabels:
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ additionalProperties:
+ type: string
+ namespaceSelector:
+ description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
+ type: object
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ type: array
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ type: object
+ required:
+ - key
+ - operator
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ matchLabels:
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ additionalProperties:
+ type: string
+ namespaces:
+ description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace"
+ type: array
+ items:
+ type: string
+ topologyKey:
+ description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ type: string
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
+ type: object
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+ type: array
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
+ type: object
+ required:
+ - podAffinityTerm
+ - weight
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated with the corresponding weight.
+ type: object
+ required:
+ - topologyKey
+ properties:
+ labelSelector:
+ description: A label query over a set of resources, in this case pods.
+ type: object
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ type: array
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ type: object
+ required:
+ - key
+ - operator
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ matchLabels:
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ additionalProperties:
+ type: string
+ namespaceSelector:
+ description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
+ type: object
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ type: array
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ type: object
+ required:
+ - key
+ - operator
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ matchLabels:
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ additionalProperties:
+ type: string
+ namespaces:
+ description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace"
+ type: array
+ items:
+ type: string
+ topologyKey:
+ description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ type: string
+ weight:
+ description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+ type: integer
+ format: int32
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ type: array
+ items:
+ description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+ type: object
+ required:
+ - topologyKey
+ properties:
+ labelSelector:
+ description: A label query over a set of resources, in this case pods.
+ type: object
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ type: array
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ type: object
+ required:
+ - key
+ - operator
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ matchLabels:
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ additionalProperties:
+ type: string
+ namespaceSelector:
+ description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
+ type: object
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ type: array
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ type: object
+ required:
+ - key
+ - operator
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ matchLabels:
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ additionalProperties:
+ type: string
+ namespaces:
+ description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace"
+ type: array
+ items:
+ type: string
+ topologyKey:
+ description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ type: string
+ nodeSelector:
+ description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
+ type: object
+ additionalProperties:
+ type: string
+ priorityClassName:
+ description: If specified, the pod's priorityClassName.
+ type: string
+ serviceAccountName:
+ description: If specified, the pod's service account
+ type: string
+ tolerations:
+ description: If specified, the pod's tolerations.
+ type: array
+ items:
+ description: The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
+ type: object
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
+ type: integer
+ format: int64
+ value:
+ description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ serviceType:
+ description: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort.
+ type: string
+ selector:
+ description: Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead.
+ type: object
+ properties:
+ dnsNames:
+ description: List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected.
+ type: array
+ items:
+ type: string
+ dnsZones:
+ description: List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected.
+ type: array
+ items:
+ type: string
+ matchLabels:
+ description: A label selector that is used to refine the set of certificate's that this challenge solver will apply to.
+ type: object
+ additionalProperties:
+ type: string
+ ca:
+ description: CA configures this issuer to sign certificates using a signing CA keypair stored in a Secret resource. This is used to build internal PKIs that are managed by cert-manager.
+ type: object
+ required:
+ - secretName
+ properties:
+ crlDistributionPoints:
+ description: The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set, certificates will be issued without distribution points set.
+ type: array
+ items:
+ type: string
+ ocspServers:
+ description: The OCSP server list is an X.509 v3 extension that defines a list of URLs of OCSP responders. The OCSP responders can be queried for the revocation status of an issued certificate. If not set, the certificate will be issued with no OCSP servers set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org".
+ type: array
+ items:
+ type: string
+ secretName:
+ description: SecretName is the name of the secret used to sign Certificates issued by this Issuer.
+ type: string
+ selfSigned:
+ description: SelfSigned configures this issuer to 'self sign' certificates using the private key used to create the CertificateRequest object.
+ type: object
+ properties:
+ crlDistributionPoints:
+ description: The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set certificate will be issued without CDP. Values are strings.
+ type: array
+ items:
+ type: string
+ vault:
+ description: Vault configures this issuer to sign certificates using a HashiCorp Vault PKI backend.
+ type: object
+ required:
+ - auth
+ - path
+ - server
+ properties:
+ auth:
+ description: Auth configures how cert-manager authenticates with the Vault server.
+ type: object
+ properties:
+ appRole:
+ description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
+ type: object
+ required:
+ - path
+ - roleId
+ - secretRef
+ properties:
+ path:
+ description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"'
+ type: string
+ roleId:
+ description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.
+ type: string
+ secretRef:
+ description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ kubernetes:
+ description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.
+ type: object
+ required:
+ - role
+ - secretRef
+ properties:
+ mountPath:
+ description: The Vault mountPath here is the mount path to use when authenticating with Vault. For example, setting a value to `/v1/auth/foo`, will use the path `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the default value "/v1/auth/kubernetes" will be used.
+ type: string
+ role:
+ description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.
+ type: string
+ secretRef:
+ description: The required Secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. Use of 'ambient credentials' is not supported.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ tokenSecretRef:
+ description: TokenSecretRef authenticates with Vault by presenting a token.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ caBundle:
+ description: PEM-encoded CA bundle (base64-encoded) used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+ type: string
+ format: byte
+ namespace:
+ description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1" More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces'
+ type: string
+ path:
+ description: 'Path is the mount path of the Vault PKI backend''s `sign` endpoint, e.g: "my_pki_mount/sign/my-role-name".'
+ type: string
+ server:
+ description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".'
+ type: string
+ venafi:
+ description: Venafi configures this issuer to sign certificates using a Venafi TPP or Venafi Cloud policy zone.
+ type: object
+ required:
+ - zone
+ properties:
+ cloud:
+ description: Cloud specifies the Venafi cloud configuration settings. Only one of TPP or Cloud may be specified.
+ type: object
+ required:
+ - apiTokenSecretRef
+ properties:
+ apiTokenSecretRef:
+ description: APITokenSecretRef is a secret key selector for the Venafi Cloud API token.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ url:
+ description: URL is the base URL for Venafi Cloud. Defaults to "https://api.venafi.cloud/v1".
+ type: string
+ tpp:
+ description: TPP specifies Trust Protection Platform configuration settings. Only one of TPP or Cloud may be specified.
+ type: object
+ required:
+ - credentialsRef
+ - url
+ properties:
+ caBundle:
+ description: CABundle is a PEM encoded TLS certificate to use to verify connections to the TPP instance. If specified, system roots will not be used and the issuing CA for the TPP instance must be verifiable using the provided root. If not specified, the connection will be verified using the cert-manager system root certificates.
+ type: string
+ format: byte
+ credentialsRef:
+ description: CredentialsRef is a reference to a Secret containing the username and password for the TPP server. The secret must contain two keys, 'username' and 'password'.
+ type: object
+ required:
+ - name
+ properties:
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ url:
+ description: 'URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, for example: "https://tpp.example.com/vedsdk".'
+ type: string
+ zone:
+ description: Zone is the Venafi Policy Zone to use for this issuer. All requests made to the Venafi platform will be restricted by the named zone policy. This field is required.
+ type: string
+ status:
+ description: Status of the ClusterIssuer. This is set and managed automatically.
+ type: object
+ properties:
+ acme:
+ description: ACME specific status options. This field should only be set if the Issuer is configured to use an ACME server to issue certificates.
+ type: object
+ properties:
+ lastRegisteredEmail:
+ description: LastRegisteredEmail is the email associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer
+ type: string
+ uri:
+ description: URI is the unique account identifier, which can also be used to retrieve account details from the CA
+ type: string
+ conditions:
+ description: List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready`.
+ type: array
+ items:
+ description: IssuerCondition contains condition information for an Issuer.
+ type: object
+ required:
+ - status
+ - type
+ properties:
+ lastTransitionTime:
+ description: LastTransitionTime is the timestamp corresponding to the last status change of this condition.
+ type: string
+ format: date-time
+ message:
+ description: Message is a human readable description of the details of the last transition, complementing reason.
+ type: string
+ observedGeneration:
+ description: If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Issuer.
+ type: integer
+ format: int64
+ reason:
+ description: Reason is a brief machine readable explanation for the condition's last transition.
+ type: string
+ status:
+ description: Status of the condition, one of (`True`, `False`, `Unknown`).
+ type: string
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type:
+ description: Type of the condition, known values are (`Ready`).
+ type: string
+ served: true
+ storage: true
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: issuers.cert-manager.io
+ annotations:
+ cert-manager.io/inject-ca-from-secret: '{{ template "webhook.caRef" . }}'
+ labels:
+ app: '{{ template "cert-manager.name" . }}'
+ app.kubernetes.io/name: '{{ template "cert-manager.name" . }}'
+ app.kubernetes.io/instance: '{{ .Release.Name }}'
+ # Generated labels {{- include "labels" . | nindent 4 }}
+spec:
+ group: cert-manager.io
+ names:
+ kind: Issuer
+ listKind: IssuerList
+ plural: issuers
+ singular: issuer
+ categories:
+ - cert-manager
+ scope: Namespaced
+ versions:
+ - name: v1
+ subresources:
+ status: {}
+ additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ priority: 1
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
+ name: Age
+ type: date
+ schema:
+ openAPIV3Schema:
+ description: An Issuer represents a certificate issuing authority which can be referenced as part of `issuerRef` fields. It is scoped to a single namespace and can therefore only be referenced by resources within the same namespace.
+ type: object
+ required:
+ - spec
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Desired state of the Issuer resource.
+ type: object
+ properties:
+ acme:
+ description: ACME configures this issuer to communicate with a RFC8555 (ACME) server to obtain signed x509 certificates.
+ type: object
+ required:
+ - privateKeySecretRef
+ - server
+ properties:
+ disableAccountKeyGeneration:
+ description: Enables or disables generating a new ACME account key. If true, the Issuer resource will *not* request a new account but will expect the account key to be supplied via an existing secret. If false, the cert-manager system will generate a new ACME account key for the Issuer. Defaults to false.
+ type: boolean
+ email:
+ description: Email is the email address to be associated with the ACME account. This field is optional, but it is strongly recommended to be set. It will be used to contact you in case of issues with your account or certificates, including expiry notification emails. This field may be updated after the account is initially registered.
+ type: string
+ enableDurationFeature:
+ description: Enables requesting a Not After date on certificates that matches the duration of the certificate. This is not supported by all ACME servers like Let's Encrypt. If set to true when the ACME server does not support it it will create an error on the Order. Defaults to false.
+ type: boolean
+ externalAccountBinding:
+ description: ExternalAccountBinding is a reference to a CA external account of the ACME server. If set, upon registration cert-manager will attempt to associate the given external account credentials with the registered ACME account.
+ type: object
+ required:
+ - keyID
+ - keySecretRef
+ properties:
+ keyAlgorithm:
+ description: 'Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme.'
+ type: string
+ enum:
+ - HS256
+ - HS384
+ - HS512
+ keyID:
+ description: keyID is the ID of the CA key that the External Account is bound to.
+ type: string
+ keySecretRef:
+ description: keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes Secret which holds the symmetric MAC key of the External Account Binding. The `key` is the index string that is paired with the key data in the Secret and should not be confused with the key data itself, or indeed with the External Account Binding keyID above. The secret key stored in the Secret **must** be un-padded, base64 URL encoded data.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ preferredChain:
+ description: 'PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let''s Encrypt''s DST crosssign you would use: "DST Root CA X3" or "ISRG Root X1" for the newer Let''s Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer''s CN'
+ type: string
+ maxLength: 64
+ privateKeySecretRef:
+ description: PrivateKey is the name of a Kubernetes Secret resource that will be used to store the automatically generated ACME account private key. Optionally, a `key` may be specified to select a specific entry within the named Secret resource. If `key` is not specified, a default of `tls.key` will be used.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ server:
+ description: 'Server is the URL used to access the ACME server''s ''directory'' endpoint. For example, for Let''s Encrypt''s staging endpoint, you would use: "https://acme-staging-v02.api.letsencrypt.org/directory". Only ACME v2 endpoints (i.e. RFC 8555) are supported.'
+ type: string
+ skipTLSVerify:
+ description: Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have their TLS certificate validated (i.e. insecure connections will be allowed). Only enable this option in development environments. The cert-manager system installed roots will be used to verify connections to the ACME server if this is false. Defaults to false.
+ type: boolean
+ solvers:
+ description: 'Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/'
+ type: array
+ items:
+ description: An ACMEChallengeSolver describes how to solve ACME challenges for the issuer it is part of. A selector may be provided to use different solving strategies for different DNS names. Only one of HTTP01 or DNS01 must be provided.
+ type: object
+ properties:
+ dns01:
+ description: Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow.
+ type: object
+ properties:
+ acmeDNS:
+ description: Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records.
+ type: object
+ required:
+ - accountSecretRef
+ - host
+ properties:
+ accountSecretRef:
+ description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ host:
+ type: string
+ akamai:
+ description: Use the Akamai DNS zone management API to manage DNS01 challenge records.
+ type: object
+ required:
+ - accessTokenSecretRef
+ - clientSecretSecretRef
+ - clientTokenSecretRef
+ - serviceConsumerDomain
+ properties:
+ accessTokenSecretRef:
+ description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ clientSecretSecretRef:
+ description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ clientTokenSecretRef:
+ description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ serviceConsumerDomain:
+ type: string
+ azureDNS:
+ description: Use the Microsoft Azure DNS API to manage DNS01 challenge records.
+ type: object
+ required:
+ - resourceGroupName
+ - subscriptionID
+ properties:
+ clientID:
+ description: if both this and ClientSecret are left unset MSI will be used
+ type: string
+ clientSecretSecretRef:
+ description: if both this and ClientID are left unset MSI will be used
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ environment:
+ description: name of the Azure environment (default AzurePublicCloud)
+ type: string
+ enum:
+ - AzurePublicCloud
+ - AzureChinaCloud
+ - AzureGermanCloud
+ - AzureUSGovernmentCloud
+ hostedZoneName:
+ description: name of the DNS zone that should be used
+ type: string
+ managedIdentity:
+ description: managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID
+ type: object
+ properties:
+ clientID:
+ description: client ID of the managed identity, can not be used at the same time as resourceID
+ type: string
+ resourceID:
+ description: resource ID of the managed identity, can not be used at the same time as clientID
+ type: string
+ resourceGroupName:
+ description: resource group the DNS zone is located in
+ type: string
+ subscriptionID:
+ description: ID of the Azure subscription
+ type: string
+ tenantID:
+ description: when specifying ClientID and ClientSecret then this field is also needed
+ type: string
+ cloudDNS:
+ description: Use the Google Cloud DNS API to manage DNS01 challenge records.
+ type: object
+ required:
+ - project
+ properties:
+ hostedZoneName:
+ description: HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone.
+ type: string
+ project:
+ type: string
+ serviceAccountSecretRef:
+ description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ cloudflare:
+ description: Use the Cloudflare API to manage DNS01 challenge records.
+ type: object
+ properties:
+ apiKeySecretRef:
+ description: 'API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions.'
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ apiTokenSecretRef:
+ description: API token used to authenticate with Cloudflare.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ email:
+ description: Email of the account, only required when using API key based authentication.
+ type: string
+ cnameStrategy:
+ description: CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones.
+ type: string
+ enum:
+ - None
+ - Follow
+ digitalocean:
+ description: Use the DigitalOcean DNS API to manage DNS01 challenge records.
+ type: object
+ required:
+ - tokenSecretRef
+ properties:
+ tokenSecretRef:
+ description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ rfc2136:
+ description: Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records.
+ type: object
+ required:
+ - nameserver
+ properties:
+ nameserver:
+ description: The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required.
+ type: string
+ tsigAlgorithm:
+ description: 'The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.'
+ type: string
+ tsigKeyName:
+ description: The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required.
+ type: string
+ tsigSecretSecretRef:
+ description: The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ route53:
+ description: Use the AWS Route53 API to manage DNS01 challenge records.
+ type: object
+ required:
+ - region
+ properties:
+ accessKeyID:
+ description: 'The AccessKeyID is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
+ type: string
+ hostedZoneID:
+ description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call.
+ type: string
+ region:
+ description: Always set the region when using AccessKeyID and SecretAccessKey
+ type: string
+ role:
+ description: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata
+ type: string
+ secretAccessKeySecretRef:
+ description: The SecretAccessKey is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ webhook:
+ description: Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records.
+ type: object
+ required:
+ - groupName
+ - solverName
+ properties:
+ config:
+ description: Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation.
+ x-kubernetes-preserve-unknown-fields: true
+ groupName:
+ description: The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation.
+ type: string
+ solverName:
+ description: The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'.
+ type: string
+ http01:
+ description: Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism.
+ type: object
+ properties:
+ gatewayHTTPRoute:
+ description: The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future.
+ type: object
+ properties:
+ labels:
+ description: The labels that cert-manager will use when creating the temporary HTTPRoute needed for solving the HTTP-01 challenge. These labels must match the label selector of at least one Gateway.
+ type: object
+ additionalProperties:
+ type: string
+ serviceType:
+ description: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort.
+ type: string
+ ingress:
+ description: The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed.
+ type: object
+ properties:
+ class:
+ description: The ingress class to use when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of 'class' or 'name' may be specified.
+ type: string
+ ingressTemplate:
+ description: Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges.
+ type: object
+ properties:
+ metadata:
+ description: ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values.
+ type: object
+ properties:
+ annotations:
+ description: Annotations that should be added to the created ACME HTTP01 solver ingress.
+ type: object
+ additionalProperties:
+ type: string
+ labels:
+ description: Labels that should be added to the created ACME HTTP01 solver ingress.
+ type: object
+ additionalProperties:
+ type: string
+ name:
+ description: The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources.
+ type: string
+ podTemplate:
+ description: Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges.
+ type: object
+ properties:
+ metadata:
+ description: ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values.
+ type: object
+ properties:
+ annotations:
+ description: Annotations that should be added to the create ACME HTTP01 solver pods.
+ type: object
+ additionalProperties:
+ type: string
+ labels:
+ description: Labels that should be added to the created ACME HTTP01 solver pods.
+ type: object
+ additionalProperties:
+ type: string
+ spec:
+ description: PodSpec defines overrides for the HTTP01 challenge solver pod. Only the 'priorityClassName', 'nodeSelector', 'affinity', 'serviceAccountName' and 'tolerations' fields are supported currently. All other fields will be ignored.
+ type: object
+ properties:
+ affinity:
+ description: If specified, the pod's scheduling constraints
+ type: object
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for the pod.
+ type: object
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
+ type: array
+ items:
+ description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ type: object
+ required:
+ - preference
+ - weight
+ properties:
+ preference:
+ description: A node selector term, associated with the corresponding weight.
+ type: object
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements by node's labels.
+ type: array
+ items:
+ description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ type: object
+ required:
+ - key
+ - operator
+ properties:
+ key:
+ description: The label key that the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ matchFields:
+ description: A list of node selector requirements by node's fields.
+ type: array
+ items:
+ description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ type: object
+ required:
+ - key
+ - operator
+ properties:
+ key:
+ description: The label key that the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ weight:
+ description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
+ type: integer
+ format: int32
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
+ type: object
+ required:
+ - nodeSelectorTerms
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms. The terms are ORed.
+ type: array
+ items:
+ description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ type: object
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements by node's labels.
+ type: array
+ items:
+ description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ type: object
+ required:
+ - key
+ - operator
+ properties:
+ key:
+ description: The label key that the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ matchFields:
+ description: A list of node selector requirements by node's fields.
+ type: array
+ items:
+ description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ type: object
+ required:
+ - key
+ - operator
+ properties:
+ key:
+ description: The label key that the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
+ type: object
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+ type: array
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
+ type: object
+ required:
+ - podAffinityTerm
+ - weight
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated with the corresponding weight.
+ type: object
+ required:
+ - topologyKey
+ properties:
+ labelSelector:
+ description: A label query over a set of resources, in this case pods.
+ type: object
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ type: array
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ type: object
+ required:
+ - key
+ - operator
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ matchLabels:
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ additionalProperties:
+ type: string
+ namespaceSelector:
+ description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
+ type: object
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ type: array
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ type: object
+ required:
+ - key
+ - operator
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ matchLabels:
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ additionalProperties:
+ type: string
+ namespaces:
+ description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace"
+ type: array
+ items:
+ type: string
+ topologyKey:
+ description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ type: string
+ weight:
+ description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+ type: integer
+ format: int32
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ type: array
+ items:
+ description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+ type: object
+ required:
+ - topologyKey
+ properties:
+ labelSelector:
+ description: A label query over a set of resources, in this case pods.
+ type: object
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ type: array
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ type: object
+ required:
+ - key
+ - operator
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ matchLabels:
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ additionalProperties:
+ type: string
+ namespaceSelector:
+ description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
+ type: object
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ type: array
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ type: object
+ required:
+ - key
+ - operator
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ matchLabels:
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ additionalProperties:
+ type: string
+ namespaces:
+ description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace"
+ type: array
+ items:
+ type: string
+ topologyKey:
+ description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ type: string
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
+ type: object
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+ type: array
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
+ type: object
+ required:
+ - podAffinityTerm
+ - weight
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated with the corresponding weight.
+ type: object
+ required:
+ - topologyKey
+ properties:
+ labelSelector:
+ description: A label query over a set of resources, in this case pods.
+ type: object
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ type: array
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ type: object
+ required:
+ - key
+ - operator
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ matchLabels:
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ additionalProperties:
+ type: string
+ namespaceSelector:
+ description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
+ type: object
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ type: array
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ type: object
+ required:
+ - key
+ - operator
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ matchLabels:
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ additionalProperties:
+ type: string
+ namespaces:
+ description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace"
+ type: array
+ items:
+ type: string
+ topologyKey:
+ description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ type: string
+ weight:
+ description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+ type: integer
+ format: int32
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ type: array
+ items:
+ description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+ type: object
+ required:
+ - topologyKey
+ properties:
+ labelSelector:
+ description: A label query over a set of resources, in this case pods.
+ type: object
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ type: array
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ type: object
+ required:
+ - key
+ - operator
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ matchLabels:
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ additionalProperties:
+ type: string
+ namespaceSelector:
+ description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
+ type: object
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ type: array
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ type: object
+ required:
+ - key
+ - operator
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ type: array
+ items:
+ type: string
+ matchLabels:
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ additionalProperties:
+ type: string
+ namespaces:
+ description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace"
+ type: array
+ items:
+ type: string
+ topologyKey:
+ description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ type: string
+ nodeSelector:
+ description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
+ type: object
+ additionalProperties:
+ type: string
+ priorityClassName:
+ description: If specified, the pod's priorityClassName.
+ type: string
+ serviceAccountName:
+ description: If specified, the pod's service account
+ type: string
+ tolerations:
+ description: If specified, the pod's tolerations.
+ type: array
+ items:
+ description: The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
+ type: object
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
+ type: integer
+ format: int64
+ value:
+ description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ serviceType:
+ description: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort.
+ type: string
+ selector:
+ description: Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead.
+ type: object
+ properties:
+ dnsNames:
+ description: List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected.
+ type: array
+ items:
+ type: string
+ dnsZones:
+ description: List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected.
+ type: array
+ items:
+ type: string
+ matchLabels:
+ description: A label selector that is used to refine the set of certificate's that this challenge solver will apply to.
+ type: object
+ additionalProperties:
+ type: string
+ ca:
+ description: CA configures this issuer to sign certificates using a signing CA keypair stored in a Secret resource. This is used to build internal PKIs that are managed by cert-manager.
+ type: object
+ required:
+ - secretName
+ properties:
+ crlDistributionPoints:
+ description: The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set, certificates will be issued without distribution points set.
+ type: array
+ items:
+ type: string
+ ocspServers:
+ description: The OCSP server list is an X.509 v3 extension that defines a list of URLs of OCSP responders. The OCSP responders can be queried for the revocation status of an issued certificate. If not set, the certificate will be issued with no OCSP servers set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org".
+ type: array
+ items:
+ type: string
+ secretName:
+ description: SecretName is the name of the secret used to sign Certificates issued by this Issuer.
+ type: string
+ selfSigned:
+ description: SelfSigned configures this issuer to 'self sign' certificates using the private key used to create the CertificateRequest object.
+ type: object
+ properties:
+ crlDistributionPoints:
+ description: The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set certificate will be issued without CDP. Values are strings.
+ type: array
+ items:
+ type: string
+ vault:
+ description: Vault configures this issuer to sign certificates using a HashiCorp Vault PKI backend.
+ type: object
+ required:
+ - auth
+ - path
+ - server
+ properties:
+ auth:
+ description: Auth configures how cert-manager authenticates with the Vault server.
+ type: object
+ properties:
+ appRole:
+ description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
+ type: object
+ required:
+ - path
+ - roleId
+ - secretRef
+ properties:
+ path:
+ description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"'
+ type: string
+ roleId:
+ description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.
+ type: string
+ secretRef:
+ description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ kubernetes:
+ description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.
+ type: object
+ required:
+ - role
+ - secretRef
+ properties:
+ mountPath:
+ description: The Vault mountPath here is the mount path to use when authenticating with Vault. For example, setting a value to `/v1/auth/foo`, will use the path `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the default value "/v1/auth/kubernetes" will be used.
+ type: string
+ role:
+ description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.
+ type: string
+ secretRef:
+ description: The required Secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. Use of 'ambient credentials' is not supported.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ tokenSecretRef:
+ description: TokenSecretRef authenticates with Vault by presenting a token.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ caBundle:
+ description: PEM-encoded CA bundle (base64-encoded) used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+ type: string
+ format: byte
+ namespace:
+ description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1" More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces'
+ type: string
+ path:
+ description: 'Path is the mount path of the Vault PKI backend''s `sign` endpoint, e.g: "my_pki_mount/sign/my-role-name".'
+ type: string
+ server:
+ description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".'
+ type: string
+ venafi:
+ description: Venafi configures this issuer to sign certificates using a Venafi TPP or Venafi Cloud policy zone.
+ type: object
+ required:
+ - zone
+ properties:
+ cloud:
+ description: Cloud specifies the Venafi cloud configuration settings. Only one of TPP or Cloud may be specified.
+ type: object
+ required:
+ - apiTokenSecretRef
+ properties:
+ apiTokenSecretRef:
+ description: APITokenSecretRef is a secret key selector for the Venafi Cloud API token.
+ type: object
+ required:
+ - name
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ url:
+ description: URL is the base URL for Venafi Cloud. Defaults to "https://api.venafi.cloud/v1".
+ type: string
+ tpp:
+ description: TPP specifies Trust Protection Platform configuration settings. Only one of TPP or Cloud may be specified.
+ type: object
+ required:
+ - credentialsRef
+ - url
+ properties:
+ caBundle:
+ description: CABundle is a PEM encoded TLS certificate to use to verify connections to the TPP instance. If specified, system roots will not be used and the issuing CA for the TPP instance must be verifiable using the provided root. If not specified, the connection will be verified using the cert-manager system root certificates.
+ type: string
+ format: byte
+ credentialsRef:
+ description: CredentialsRef is a reference to a Secret containing the username and password for the TPP server. The secret must contain two keys, 'username' and 'password'.
+ type: object
+ required:
+ - name
+ properties:
+ name:
+ description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ url:
+ description: 'URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, for example: "https://tpp.example.com/vedsdk".'
+ type: string
+ zone:
+ description: Zone is the Venafi Policy Zone to use for this issuer. All requests made to the Venafi platform will be restricted by the named zone policy. This field is required.
+ type: string
+ status:
+ description: Status of the Issuer. This is set and managed automatically.
+ type: object
+ properties:
+ acme:
+ description: ACME specific status options. This field should only be set if the Issuer is configured to use an ACME server to issue certificates.
+ type: object
+ properties:
+ lastRegisteredEmail:
+ description: LastRegisteredEmail is the email associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer
+ type: string
+ uri:
+ description: URI is the unique account identifier, which can also be used to retrieve account details from the CA
+ type: string
+ conditions:
+ description: List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready`.
+ type: array
+ items:
+ description: IssuerCondition contains condition information for an Issuer.
+ type: object
+ required:
+ - status
+ - type
+ properties:
+ lastTransitionTime:
+ description: LastTransitionTime is the timestamp corresponding to the last status change of this condition.
+ type: string
+ format: date-time
+ message:
+ description: Message is a human readable description of the details of the last transition, complementing reason.
+ type: string
+ observedGeneration:
+ description: If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Issuer.
+ type: integer
+ format: int64
+ reason:
+ description: Reason is a brief machine readable explanation for the condition's last transition.
+ type: string
+ status:
+ description: Status of the condition, one of (`True`, `False`, `Unknown`).
+ type: string
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type:
+ description: Type of the condition, known values are (`Ready`).
+ type: string
+ served: true
+ storage: true
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: orders.acme.cert-manager.io
+ annotations:
+ cert-manager.io/inject-ca-from-secret: '{{ template "webhook.caRef" . }}'
+ labels:
+ app: '{{ template "cert-manager.name" . }}'
+ app.kubernetes.io/name: '{{ template "cert-manager.name" . }}'
+ app.kubernetes.io/instance: '{{ .Release.Name }}'
+ # Generated labels {{- include "labels" . | nindent 4 }}
+spec:
+ group: acme.cert-manager.io
+ names:
+ kind: Order
+ listKind: OrderList
+ plural: orders
+ singular: order
+ categories:
+ - cert-manager
+ - cert-manager-acme
+ scope: Namespaced
+ versions:
+ - name: v1
+ subresources:
+ status: {}
+ additionalPrinterColumns:
+ - jsonPath: .status.state
+ name: State
+ type: string
+ - jsonPath: .spec.issuerRef.name
+ name: Issuer
+ priority: 1
+ type: string
+ - jsonPath: .status.reason
+ name: Reason
+ priority: 1
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
+ name: Age
+ type: date
+ schema:
+ openAPIV3Schema:
+ description: Order is a type to represent an Order with an ACME server
+ type: object
+ required:
+ - metadata
+ - spec
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ type: object
+ required:
+ - issuerRef
+ - request
+ properties:
+ commonName:
+ description: CommonName is the common name as specified on the DER encoded CSR. If specified, this value must also be present in `dnsNames` or `ipAddresses`. This field must match the corresponding field on the DER encoded CSR.
+ type: string
+ dnsNames:
+ description: DNSNames is a list of DNS names that should be included as part of the Order validation process. This field must match the corresponding field on the DER encoded CSR.
+ type: array
+ items:
+ type: string
+ duration:
+ description: Duration is the duration for the not after date for the requested certificate. this is set on order creation as pe the ACME spec.
+ type: string
+ ipAddresses:
+ description: IPAddresses is a list of IP addresses that should be included as part of the Order validation process. This field must match the corresponding field on the DER encoded CSR.
+ type: array
+ items:
+ type: string
+ issuerRef:
+ description: IssuerRef references a properly configured ACME-type Issuer which should be used to create this Order. If the Issuer does not exist, processing will be retried. If the Issuer is not an 'ACME' Issuer, an error will be returned and the Order will be marked as failed.
+ type: object
+ required:
+ - name
+ properties:
+ group:
+ description: Group of the resource being referred to.
+ type: string
+ kind:
+ description: Kind of the resource being referred to.
+ type: string
+ name:
+ description: Name of the resource being referred to.
+ type: string
+ request:
+ description: Certificate signing request bytes in DER encoding. This will be used when finalizing the order. This field must be set on the order.
+ type: string
+ format: byte
+ status:
+ type: object
+ properties:
+ authorizations:
+ description: Authorizations contains data returned from the ACME server on what authorizations must be completed in order to validate the DNS names specified on the Order.
+ type: array
+ items:
+ description: ACMEAuthorization contains data returned from the ACME server on an authorization that must be completed in order validate a DNS name on an ACME Order resource.
+ type: object
+ required:
+ - url
+ properties:
+ challenges:
+ description: Challenges specifies the challenge types offered by the ACME server. One of these challenge types will be selected when validating the DNS name and an appropriate Challenge resource will be created to perform the ACME challenge process.
+ type: array
+ items:
+ description: Challenge specifies a challenge offered by the ACME server for an Order. An appropriate Challenge resource can be created to perform the ACME challenge process.
+ type: object
+ required:
+ - token
+ - type
+ - url
+ properties:
+ token:
+ description: Token is the token that must be presented for this challenge. This is used to compute the 'key' that must also be presented.
+ type: string
+ type:
+ description: Type is the type of challenge being offered, e.g. 'http-01', 'dns-01', 'tls-sni-01', etc. This is the raw value retrieved from the ACME server. Only 'http-01' and 'dns-01' are supported by cert-manager, other values will be ignored.
+ type: string
+ url:
+ description: URL is the URL of this challenge. It can be used to retrieve additional metadata about the Challenge from the ACME server.
+ type: string
+ identifier:
+ description: Identifier is the DNS name to be validated as part of this authorization
+ type: string
+ initialState:
+ description: InitialState is the initial state of the ACME authorization when first fetched from the ACME server. If an Authorization is already 'valid', the Order controller will not create a Challenge resource for the authorization. This will occur when working with an ACME server that enables 'authz reuse' (such as Let's Encrypt's production endpoint). If not set and 'identifier' is set, the state is assumed to be pending and a Challenge will be created.
+ type: string
+ enum:
+ - valid
+ - ready
+ - pending
+ - processing
+ - invalid
+ - expired
+ - errored
+ url:
+ description: URL is the URL of the Authorization that must be completed
+ type: string
+ wildcard:
+ description: Wildcard will be true if this authorization is for a wildcard DNS name. If this is true, the identifier will be the *non-wildcard* version of the DNS name. For example, if '*.example.com' is the DNS name being validated, this field will be 'true' and the 'identifier' field will be 'example.com'.
+ type: boolean
+ certificate:
+ description: Certificate is a copy of the PEM encoded certificate for this Order. This field will be populated after the order has been successfully finalized with the ACME server, and the order has transitioned to the 'valid' state.
+ type: string
+ format: byte
+ failureTime:
+ description: FailureTime stores the time that this order failed. This is used to influence garbage collection and back-off.
+ type: string
+ format: date-time
+ finalizeURL:
+ description: FinalizeURL of the Order. This is used to obtain certificates for this order once it has been completed.
+ type: string
+ reason:
+ description: Reason optionally provides more information about a why the order is in the current state.
+ type: string
+ state:
+ description: State contains the current state of this Order resource. States 'success' and 'expired' are 'final'
+ type: string
+ enum:
+ - valid
+ - ready
+ - pending
+ - processing
+ - invalid
+ - expired
+ - errored
+ url:
+ description: URL of the Order. This will initially be empty when the resource is first created. The Order controller will populate this field when the Order is first processed. This field will be immutable after it is initially set.
+ type: string
+ served: true
+ storage: true
+---
+{{- end }}
diff --git a/charts/cert-manager/templates/deployment.yaml b/charts/cert-manager/templates/deployment.yaml
new file mode 100644
index 0000000..f72fc57
--- /dev/null
+++ b/charts/cert-manager/templates/deployment.yaml
@@ -0,0 +1,169 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ template "cert-manager.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "cert-manager.name" . }}
+ app.kubernetes.io/name: {{ template "cert-manager.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "controller"
+ {{- include "labels" . | nindent 4 }}
+ {{- with .Values.deploymentAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: {{ template "cert-manager.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "controller"
+ {{- with .Values.strategy }}
+ strategy:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ template:
+ metadata:
+ labels:
+ app: {{ template "cert-manager.name" . }}
+ app.kubernetes.io/name: {{ template "cert-manager.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "controller"
+ {{- include "labels" . | nindent 8 }}
+ {{- with .Values.podLabels }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.podAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- if and .Values.prometheus.enabled (not .Values.prometheus.servicemonitor.enabled) }}
+ {{- if not .Values.podAnnotations }}
+ annotations:
+ {{- end }}
+ prometheus.io/path: "/metrics"
+ prometheus.io/scrape: 'true'
+ prometheus.io/port: '9402'
+ {{- end }}
+ spec:
+ serviceAccountName: {{ template "cert-manager.serviceAccountName" . }}
+ {{- with .Values.global.priorityClassName }}
+ priorityClassName: {{ . | quote }}
+ {{- end }}
+ {{- $enabledDefined := gt (len (keys (pick .Values.securityContext "enabled"))) 0 }}
+ {{- $legacyEnabledExplicitlyOff := and $enabledDefined (not .Values.securityContext.enabled) }}
+ {{- if and .Values.securityContext (not $legacyEnabledExplicitlyOff) }}
+ securityContext:
+ {{- if .Values.securityContext.enabled }}
+ {{/* support legacy securityContext.enabled and its two parameters */}}
+ fsGroup: {{ default 1001 .Values.securityContext.fsGroup }}
+ runAsUser: {{ default 1001 .Values.securityContext.runAsUser }}
+ {{- else }}
+ {{/* this is the way forward: support an arbitrary yaml block */}}
+ {{- toYaml .Values.securityContext | nindent 8 }}
+ {{- end }}
+ {{- end }}
+ {{- with .Values.volumes }}
+ volumes:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ containers:
+ - name: {{ .Chart.Name }}
+ {{- with .Values.image }}
+ image: "{{- if .registry -}}{{ .registry }}/{{- end -}}{{ .repository }}{{- if (.digest) -}} @{{ .digest }}{{- else -}}:{{ default $.Chart.AppVersion .tag }} {{- end -}}"
+ {{- end }}
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ args:
+ {{- if .Values.global.logLevel }}
+ - --v={{ .Values.global.logLevel }}
+ {{- end }}
+ {{- if .Values.clusterResourceNamespace }}
+ - --cluster-resource-namespace={{ .Values.clusterResourceNamespace }}
+ {{- else }}
+ - --cluster-resource-namespace=$(POD_NAMESPACE)
+ {{- end }}
+ {{- with .Values.global.leaderElection }}
+ - --leader-election-namespace={{ .namespace }}
+ {{- if .leaseDuration }}
+ - --leader-election-lease-duration={{ .leaseDuration }}
+ {{- end }}
+ {{- if .renewDeadline }}
+ - --leader-election-renew-deadline={{ .renewDeadline }}
+ {{- end }}
+ {{- if .retryPeriod }}
+ - --leader-election-retry-period={{ .retryPeriod }}
+ {{- end }}
+ {{- end }}
+ {{- with .Values.extraArgs }}
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
+ {{- with .Values.ingressShim }}
+ {{- if .defaultIssuerName }}
+ - --default-issuer-name={{ .defaultIssuerName }}
+ {{- end }}
+ {{- if .defaultIssuerKind }}
+ - --default-issuer-kind={{ .defaultIssuerKind }}
+ {{- end }}
+ {{- if .defaultIssuerGroup }}
+ - --default-issuer-group={{ .defaultIssuerGroup }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.featureGates }}
+ - --feature-gates={{ .Values.featureGates }}
+ {{- end }}
+ ports:
+ - containerPort: 9402
+ protocol: TCP
+ {{- with .Values.containerSecurityContext }}
+ securityContext:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ {{- with .Values.volumeMounts }}
+ volumeMounts:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ {{- with .Values.extraEnv }}
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
+ {{- with .Values.http_proxy }}
+ - name: HTTP_PROXY
+ value: {{ . }}
+ {{- end }}
+ {{- with .Values.https_proxy }}
+ - name: HTTPS_PROXY
+ value: {{ . }}
+ {{- end }}
+ {{- with .Values.no_proxy }}
+ - name: NO_PROXY
+ value: {{ . }}
+ {{- end }}
+ {{- with .Values.resources }}
+ resources:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.podDnsPolicy }}
+ dnsPolicy: {{ . }}
+ {{- end }}
+ {{- with .Values.podDnsConfig }}
+ dnsConfig:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
diff --git a/charts/cert-manager/templates/psp-clusterrole.yaml b/charts/cert-manager/templates/psp-clusterrole.yaml
new file mode 100644
index 0000000..1d40a02
--- /dev/null
+++ b/charts/cert-manager/templates/psp-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- if .Values.global.podSecurityPolicy.enabled }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ template "cert-manager.fullname" . }}-psp
+ labels:
+ app: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/name: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "controller"
+ {{- include "labels" . | nindent 4 }}
+rules:
+- apiGroups: ['policy']
+ resources: ['podsecuritypolicies']
+ verbs: ['use']
+ resourceNames:
+ - {{ template "cert-manager.fullname" . }}
+{{- end }}
diff --git a/charts/cert-manager/templates/psp-clusterrolebinding.yaml b/charts/cert-manager/templates/psp-clusterrolebinding.yaml
new file mode 100644
index 0000000..1da89c8
--- /dev/null
+++ b/charts/cert-manager/templates/psp-clusterrolebinding.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.global.podSecurityPolicy.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ template "cert-manager.fullname" . }}-psp
+ labels:
+ app: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/name: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "controller"
+ {{- include "labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "cert-manager.fullname" . }}-psp
+subjects:
+ - kind: ServiceAccount
+ name: {{ template "cert-manager.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/cert-manager/templates/psp.yaml b/charts/cert-manager/templates/psp.yaml
new file mode 100644
index 0000000..9e99f5c
--- /dev/null
+++ b/charts/cert-manager/templates/psp.yaml
@@ -0,0 +1,49 @@
+{{- if .Values.global.podSecurityPolicy.enabled }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ template "cert-manager.fullname" . }}
+ labels:
+ app: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/name: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "controller"
+ {{- include "labels" . | nindent 4 }}
+ annotations:
+ seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default'
+ seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
+ {{- if .Values.global.podSecurityPolicy.useAppArmor }}
+ apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
+ apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
+ {{- end }}
+spec:
+ privileged: false
+ allowPrivilegeEscalation: false
+ allowedCapabilities: [] # default set of capabilities are implicitly allowed
+ volumes:
+ - 'configMap'
+ - 'emptyDir'
+ - 'projected'
+ - 'secret'
+ - 'downwardAPI'
+ hostNetwork: false
+ hostIPC: false
+ hostPID: false
+ runAsUser:
+ rule: 'MustRunAs'
+ ranges:
+ - min: 1000
+ max: 1000
+ seLinux:
+ rule: 'RunAsAny'
+ supplementalGroups:
+ rule: 'MustRunAs'
+ ranges:
+ - min: 1000
+ max: 1000
+ fsGroup:
+ rule: 'MustRunAs'
+ ranges:
+ - min: 1000
+ max: 1000
+{{- end }}
diff --git a/charts/cert-manager/templates/rbac.yaml b/charts/cert-manager/templates/rbac.yaml
new file mode 100644
index 0000000..5e37f0c
--- /dev/null
+++ b/charts/cert-manager/templates/rbac.yaml
@@ -0,0 +1,547 @@
+{{- if .Values.global.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ template "cert-manager.fullname" . }}:leaderelection
+ namespace: {{ .Values.global.leaderElection.namespace }}
+ labels:
+ app: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/name: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "controller"
+ {{- include "labels" . | nindent 4 }}
+rules:
+ # Used for leader election by the controller
+ # See also: https://github.com/kubernetes-sigs/controller-runtime/pull/1144#discussion_r480173688
+ - apiGroups: [""]
+ resources: ["configmaps"]
+ resourceNames: ["cert-manager-controller"]
+ verbs: ["get", "update", "patch"]
+ - apiGroups: [""]
+ resources: ["configmaps"]
+ verbs: ["create"]
+ - apiGroups: ["coordination.k8s.io"]
+ resources: ["leases"]
+ resourceNames: ["cert-manager-controller"]
+ verbs: ["get", "update", "patch"]
+ - apiGroups: ["coordination.k8s.io"]
+ resources: ["leases"]
+ verbs: ["create"]
+
+---
+
+# grant cert-manager permission to manage the leaderelection configmap in the
+# leader election namespace
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ include "cert-manager.fullname" . }}:leaderelection
+ namespace: {{ .Values.global.leaderElection.namespace }}
+ labels:
+ app: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/name: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "controller"
+ {{- include "labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ template "cert-manager.fullname" . }}:leaderelection
+subjects:
+ - apiGroup: ""
+ kind: ServiceAccount
+ name: {{ template "cert-manager.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+
+---
+
+# Issuer controller role
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "cert-manager.fullname" . }}-controller-issuers
+ labels:
+ app: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/name: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "controller"
+ {{- include "labels" . | nindent 4 }}
+rules:
+ - apiGroups: ["cert-manager.io"]
+ resources: ["issuers", "issuers/status"]
+ verbs: ["update"]
+ - apiGroups: ["cert-manager.io"]
+ resources: ["issuers"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: [""]
+ resources: ["secrets"]
+ verbs: ["get", "list", "watch", "create", "update", "delete"]
+ - apiGroups: [""]
+ resources: ["events"]
+ verbs: ["create", "patch"]
+
+---
+
+# ClusterIssuer controller role
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "cert-manager.fullname" . }}-controller-clusterissuers
+ labels:
+ app: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/name: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "controller"
+ {{- include "labels" . | nindent 4 }}
+rules:
+ - apiGroups: ["cert-manager.io"]
+ resources: ["clusterissuers", "clusterissuers/status"]
+ verbs: ["update"]
+ - apiGroups: ["cert-manager.io"]
+ resources: ["clusterissuers"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: [""]
+ resources: ["secrets"]
+ verbs: ["get", "list", "watch", "create", "update", "delete"]
+ - apiGroups: [""]
+ resources: ["events"]
+ verbs: ["create", "patch"]
+
+---
+
+# Certificates controller role
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "cert-manager.fullname" . }}-controller-certificates
+ labels:
+ app: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/name: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "controller"
+ {{- include "labels" . | nindent 4 }}
+rules:
+ - apiGroups: ["cert-manager.io"]
+ resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"]
+ verbs: ["update"]
+ - apiGroups: ["cert-manager.io"]
+ resources: ["certificates", "certificaterequests", "clusterissuers", "issuers"]
+ verbs: ["get", "list", "watch"]
+ # We require these rules to support users with the OwnerReferencesPermissionEnforcement
+ # admission controller enabled:
+ # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
+ - apiGroups: ["cert-manager.io"]
+ resources: ["certificates/finalizers", "certificaterequests/finalizers"]
+ verbs: ["update"]
+ - apiGroups: ["acme.cert-manager.io"]
+ resources: ["orders"]
+ verbs: ["create", "delete", "get", "list", "watch"]
+ - apiGroups: [""]
+ resources: ["secrets"]
+ verbs: ["get", "list", "watch", "create", "update", "delete", "patch"]
+ - apiGroups: [""]
+ resources: ["events"]
+ verbs: ["create", "patch"]
+
+---
+
+# Orders controller role
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "cert-manager.fullname" . }}-controller-orders
+ labels:
+ app: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/name: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "controller"
+ {{- include "labels" . | nindent 4 }}
+rules:
+ - apiGroups: ["acme.cert-manager.io"]
+ resources: ["orders", "orders/status"]
+ verbs: ["update"]
+ - apiGroups: ["acme.cert-manager.io"]
+ resources: ["orders", "challenges"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["cert-manager.io"]
+ resources: ["clusterissuers", "issuers"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["acme.cert-manager.io"]
+ resources: ["challenges"]
+ verbs: ["create", "delete"]
+ # We require these rules to support users with the OwnerReferencesPermissionEnforcement
+ # admission controller enabled:
+ # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
+ - apiGroups: ["acme.cert-manager.io"]
+ resources: ["orders/finalizers"]
+ verbs: ["update"]
+ - apiGroups: [""]
+ resources: ["secrets"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: [""]
+ resources: ["events"]
+ verbs: ["create", "patch"]
+
+---
+
+# Challenges controller role
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "cert-manager.fullname" . }}-controller-challenges
+ labels:
+ app: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/name: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "controller"
+ {{- include "labels" . | nindent 4 }}
+rules:
+ # Use to update challenge resource status
+ - apiGroups: ["acme.cert-manager.io"]
+ resources: ["challenges", "challenges/status"]
+ verbs: ["update"]
+ # Used to watch challenge resources
+ - apiGroups: ["acme.cert-manager.io"]
+ resources: ["challenges"]
+ verbs: ["get", "list", "watch"]
+ # Used to watch challenges, issuer and clusterissuer resources
+ - apiGroups: ["cert-manager.io"]
+ resources: ["issuers", "clusterissuers"]
+ verbs: ["get", "list", "watch"]
+ # Need to be able to retrieve ACME account private key to complete challenges
+ - apiGroups: [""]
+ resources: ["secrets"]
+ verbs: ["get", "list", "watch"]
+ # Used to create events
+ - apiGroups: [""]
+ resources: ["events"]
+ verbs: ["create", "patch"]
+ # HTTP01 rules
+ - apiGroups: [""]
+ resources: ["pods", "services"]
+ verbs: ["get", "list", "watch", "create", "delete"]
+ - apiGroups: ["networking.k8s.io"]
+ resources: ["ingresses"]
+ verbs: ["get", "list", "watch", "create", "delete", "update"]
+ - apiGroups: [ "networking.x-k8s.io" ]
+ resources: [ "httproutes" ]
+ verbs: ["get", "list", "watch", "create", "delete", "update"]
+ # We require the ability to specify a custom hostname when we are creating
+ # new ingress resources.
+ # See: https://github.com/openshift/origin/blob/21f191775636f9acadb44fa42beeb4f75b255532/pkg/route/apiserver/admission/ingress_admission.go#L84-L148
+ - apiGroups: ["route.openshift.io"]
+ resources: ["routes/custom-host"]
+ verbs: ["create"]
+ # We require these rules to support users with the OwnerReferencesPermissionEnforcement
+ # admission controller enabled:
+ # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
+ - apiGroups: ["acme.cert-manager.io"]
+ resources: ["challenges/finalizers"]
+ verbs: ["update"]
+ # DNS01 rules (duplicated above)
+ - apiGroups: [""]
+ resources: ["secrets"]
+ verbs: ["get", "list", "watch"]
+
+---
+
+# ingress-shim controller role
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "cert-manager.fullname" . }}-controller-ingress-shim
+ labels:
+ app: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/name: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "controller"
+ {{- include "labels" . | nindent 4 }}
+rules:
+ - apiGroups: ["cert-manager.io"]
+ resources: ["certificates", "certificaterequests"]
+ verbs: ["create", "update", "delete"]
+ - apiGroups: ["cert-manager.io"]
+ resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["networking.k8s.io"]
+ resources: ["ingresses"]
+ verbs: ["get", "list", "watch"]
+ # We require these rules to support users with the OwnerReferencesPermissionEnforcement
+ # admission controller enabled:
+ # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
+ - apiGroups: ["networking.k8s.io"]
+ resources: ["ingresses/finalizers"]
+ verbs: ["update"]
+ - apiGroups: ["networking.x-k8s.io"]
+ resources: ["gateways", "httproutes"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["networking.x-k8s.io"]
+ resources: ["gateways/finalizers", "httproutes/finalizers"]
+ verbs: ["update"]
+ - apiGroups: [""]
+ resources: ["events"]
+ verbs: ["create", "patch"]
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ template "cert-manager.fullname" . }}-controller-issuers
+ labels:
+ app: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/name: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "controller"
+ {{- include "labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "cert-manager.fullname" . }}-controller-issuers
+subjects:
+ - name: {{ template "cert-manager.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ kind: ServiceAccount
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ template "cert-manager.fullname" . }}-controller-clusterissuers
+ labels:
+ app: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/name: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "controller"
+ {{- include "labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "cert-manager.fullname" . }}-controller-clusterissuers
+subjects:
+ - name: {{ template "cert-manager.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ kind: ServiceAccount
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ template "cert-manager.fullname" . }}-controller-certificates
+ labels:
+ app: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/name: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "controller"
+ {{- include "labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "cert-manager.fullname" . }}-controller-certificates
+subjects:
+ - name: {{ template "cert-manager.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ kind: ServiceAccount
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ template "cert-manager.fullname" . }}-controller-orders
+ labels:
+ app: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/name: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "controller"
+ {{- include "labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "cert-manager.fullname" . }}-controller-orders
+subjects:
+ - name: {{ template "cert-manager.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ kind: ServiceAccount
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ template "cert-manager.fullname" . }}-controller-challenges
+ labels:
+ app: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/name: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "controller"
+ {{- include "labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "cert-manager.fullname" . }}-controller-challenges
+subjects:
+ - name: {{ template "cert-manager.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ kind: ServiceAccount
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ template "cert-manager.fullname" . }}-controller-ingress-shim
+ labels:
+ app: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/name: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "controller"
+ {{- include "labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "cert-manager.fullname" . }}-controller-ingress-shim
+subjects:
+ - name: {{ template "cert-manager.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ kind: ServiceAccount
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "cert-manager.fullname" . }}-view
+ labels:
+ app: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/name: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "controller"
+ {{- include "labels" . | nindent 4 }}
+ rbac.authorization.k8s.io/aggregate-to-view: "true"
+ rbac.authorization.k8s.io/aggregate-to-edit: "true"
+ rbac.authorization.k8s.io/aggregate-to-admin: "true"
+rules:
+ - apiGroups: ["cert-manager.io"]
+ resources: ["certificates", "certificaterequests", "issuers"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["acme.cert-manager.io"]
+ resources: ["challenges", "orders"]
+ verbs: ["get", "list", "watch"]
+
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "cert-manager.fullname" . }}-edit
+ labels:
+ app: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/name: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "controller"
+ {{- include "labels" . | nindent 4 }}
+ rbac.authorization.k8s.io/aggregate-to-edit: "true"
+ rbac.authorization.k8s.io/aggregate-to-admin: "true"
+rules:
+ - apiGroups: ["cert-manager.io"]
+ resources: ["certificates", "certificaterequests", "issuers"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+ - apiGroups: ["acme.cert-manager.io"]
+ resources: ["challenges", "orders"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+
+---
+
+# Permission to approve CertificateRequests referencing cert-manager.io Issuers and ClusterIssuers
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "cert-manager.fullname" . }}-controller-approve:cert-manager-io
+ labels:
+ app: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/name: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "cert-manager"
+ {{- include "labels" . | nindent 4 }}
+rules:
+ - apiGroups: ["cert-manager.io"]
+ resources: ["signers"]
+ verbs: ["approve"]
+ resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"]
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ template "cert-manager.fullname" . }}-controller-approve:cert-manager-io
+ labels:
+ app: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/name: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "cert-manager"
+ {{- include "labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "cert-manager.fullname" . }}-controller-approve:cert-manager-io
+subjects:
+ - name: {{ template "cert-manager.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ kind: ServiceAccount
+
+---
+
+# Permission to:
+# - Update and sign CertificatSigningeRequests referencing cert-manager.io Issuers and ClusterIssuers
+# - Perform SubjectAccessReviews to test whether users are able to reference Namespaced Issuers
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "cert-manager.fullname" . }}-controller-certificatesigningrequests
+ labels:
+ app: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/name: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "cert-manager"
+ {{- include "labels" . | nindent 4 }}
+rules:
+ - apiGroups: ["certificates.k8s.io"]
+ resources: ["certificatesigningrequests"]
+ verbs: ["get", "list", "watch", "update"]
+ - apiGroups: ["certificates.k8s.io"]
+ resources: ["certificatesigningrequests/status"]
+ verbs: ["update"]
+ - apiGroups: ["certificates.k8s.io"]
+ resources: ["signers"]
+ resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"]
+ verbs: ["sign"]
+ - apiGroups: ["authorization.k8s.io"]
+ resources: ["subjectaccessreviews"]
+ verbs: ["create"]
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ template "cert-manager.fullname" . }}-controller-certificatesigningrequests
+ labels:
+ app: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/name: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "cert-manager"
+ {{- include "labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "cert-manager.fullname" . }}-controller-certificatesigningrequests
+subjects:
+ - name: {{ template "cert-manager.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ kind: ServiceAccount
+{{- end }}
diff --git a/charts/cert-manager/templates/service.yaml b/charts/cert-manager/templates/service.yaml
new file mode 100644
index 0000000..8ad24ca
--- /dev/null
+++ b/charts/cert-manager/templates/service.yaml
@@ -0,0 +1,31 @@
+{{- if .Values.prometheus.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "cert-manager.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+{{- with .Values.serviceAnnotations }}
+ annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+ labels:
+ app: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/name: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "controller"
+ {{- include "labels" . | nindent 4 }}
+ {{- with .Values.serviceLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ type: ClusterIP
+ ports:
+ - protocol: TCP
+ port: 9402
+ name: tcp-prometheus-servicemonitor
+ targetPort: {{ .Values.prometheus.servicemonitor.targetPort }}
+ selector:
+ app.kubernetes.io/name: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "controller"
+{{- end }}
diff --git a/charts/cert-manager/templates/serviceaccount.yaml b/charts/cert-manager/templates/serviceaccount.yaml
new file mode 100644
index 0000000..d549ea8
--- /dev/null
+++ b/charts/cert-manager/templates/serviceaccount.yaml
@@ -0,0 +1,22 @@
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+{{- with .Values.global.imagePullSecrets }}
+imagePullSecrets:
+ {{- toYaml . | nindent 2 }}
+{{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
+metadata:
+ name: {{ template "cert-manager.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ labels:
+ app: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/name: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "controller"
+ {{- include "labels" . | nindent 4 }}
+{{- end }}
diff --git a/charts/cert-manager/templates/servicemonitor.yaml b/charts/cert-manager/templates/servicemonitor.yaml
new file mode 100644
index 0000000..8ea1f63
--- /dev/null
+++ b/charts/cert-manager/templates/servicemonitor.yaml
@@ -0,0 +1,39 @@
+{{- if and .Values.prometheus.enabled .Values.prometheus.servicemonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ template "cert-manager.fullname" . }}
+{{- if .Values.prometheus.servicemonitor.namespace }}
+ namespace: {{ .Values.prometheus.servicemonitor.namespace }}
+{{- else }}
+ namespace: {{ .Release.Namespace | quote }}
+{{- end }}
+ labels:
+ app: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/name: {{ include "cert-manager.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "controller"
+ {{- include "labels" . | nindent 4 }}
+ prometheus: {{ .Values.prometheus.servicemonitor.prometheusInstance }}
+ {{- with .Values.prometheus.servicemonitor.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ jobLabel: {{ template "cert-manager.fullname" . }}
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: {{ template "cert-manager.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "controller"
+{{- if .Values.prometheus.servicemonitor.namespace }}
+ namespaceSelector:
+ matchNames:
+ - {{ .Release.Namespace }}
+{{- end }}
+ endpoints:
+ - targetPort: {{ .Values.prometheus.servicemonitor.targetPort }}
+ path: {{ .Values.prometheus.servicemonitor.path }}
+ interval: {{ .Values.prometheus.servicemonitor.interval }}
+ scrapeTimeout: {{ .Values.prometheus.servicemonitor.scrapeTimeout }}
+ honorLabels: {{ .Values.prometheus.servicemonitor.honorLabels }}
+{{- end }}
diff --git a/charts/cert-manager/templates/startupapicheck-job.yaml b/charts/cert-manager/templates/startupapicheck-job.yaml
new file mode 100644
index 0000000..66db004
--- /dev/null
+++ b/charts/cert-manager/templates/startupapicheck-job.yaml
@@ -0,0 +1,77 @@
+{{- if .Values.startupapicheck.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "startupapicheck.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ include "startupapicheck.name" . }}
+ app.kubernetes.io/name: {{ include "startupapicheck.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "startupapicheck"
+ {{- include "labels" . | nindent 4 }}
+ {{- with .Values.startupapicheck.jobAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ backoffLimit: {{ .Values.startupapicheck.backoffLimit }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "startupapicheck.name" . }}
+ app.kubernetes.io/name: {{ include "startupapicheck.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "startupapicheck"
+ {{- include "labels" . | nindent 8 }}
+ {{- with .Values.startupapicheck.podLabels }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.startupapicheck.podAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ spec:
+ restartPolicy: OnFailure
+ serviceAccountName: {{ template "startupapicheck.serviceAccountName" . }}
+ {{- with .Values.global.priorityClassName }}
+ priorityClassName: {{ . | quote }}
+ {{- end }}
+ {{- with .Values.startupapicheck.securityContext }}
+ securityContext:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ containers:
+ - name: {{ .Chart.Name }}
+ {{- with .Values.startupapicheck.image }}
+ image: "{{- if .registry -}}{{ .registry }}/{{- end -}}{{ .repository }}{{- if (.digest) -}} @{{ .digest }}{{- else -}}:{{ default $.Chart.AppVersion .tag }} {{- end -}}"
+ {{- end }}
+ imagePullPolicy: {{ .Values.startupapicheck.image.pullPolicy }}
+ args:
+ - check
+ - api
+ - --wait={{ .Values.startupapicheck.timeout }}
+ {{- with .Values.startupapicheck.extraArgs }}
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
+ {{- with .Values.startupapicheck.containerSecurityContext }}
+ securityContext:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ {{- with .Values.startupapicheck.resources }}
+ resources:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ {{- with .Values.startupapicheck.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.startupapicheck.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.startupapicheck.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/cert-manager/templates/startupapicheck-psp-clusterrole.yaml b/charts/cert-manager/templates/startupapicheck-psp-clusterrole.yaml
new file mode 100644
index 0000000..dacd4be
--- /dev/null
+++ b/charts/cert-manager/templates/startupapicheck-psp-clusterrole.yaml
@@ -0,0 +1,24 @@
+{{- if .Values.startupapicheck.enabled }}
+{{- if .Values.global.podSecurityPolicy.enabled }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ template "startupapicheck.fullname" . }}-psp
+ labels:
+ app: {{ include "startupapicheck.name" . }}
+ app.kubernetes.io/name: {{ include "startupapicheck.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "startupapicheck"
+ {{- include "labels" . | nindent 4 }}
+ {{- with .Values.startupapicheck.rbac.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+rules:
+- apiGroups: ['policy']
+ resources: ['podsecuritypolicies']
+ verbs: ['use']
+ resourceNames:
+ - {{ template "startupapicheck.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/cert-manager/templates/startupapicheck-psp-clusterrolebinding.yaml b/charts/cert-manager/templates/startupapicheck-psp-clusterrolebinding.yaml
new file mode 100644
index 0000000..d19fa84
--- /dev/null
+++ b/charts/cert-manager/templates/startupapicheck-psp-clusterrolebinding.yaml
@@ -0,0 +1,26 @@
+{{- if .Values.startupapicheck.enabled }}
+{{- if .Values.global.podSecurityPolicy.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ template "startupapicheck.fullname" . }}-psp
+ labels:
+ app: {{ include "startupapicheck.name" . }}
+ app.kubernetes.io/name: {{ include "startupapicheck.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "startupapicheck"
+ {{- include "labels" . | nindent 4 }}
+ {{- with .Values.startupapicheck.rbac.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "startupapicheck.fullname" . }}-psp
+subjects:
+ - kind: ServiceAccount
+ name: {{ template "startupapicheck.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
diff --git a/charts/cert-manager/templates/startupapicheck-psp.yaml b/charts/cert-manager/templates/startupapicheck-psp.yaml
new file mode 100644
index 0000000..f09d60d
--- /dev/null
+++ b/charts/cert-manager/templates/startupapicheck-psp.yaml
@@ -0,0 +1,51 @@
+{{- if .Values.startupapicheck.enabled }}
+{{- if .Values.global.podSecurityPolicy.enabled }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ template "startupapicheck.fullname" . }}
+ labels:
+ app: {{ include "startupapicheck.name" . }}
+ app.kubernetes.io/name: {{ include "startupapicheck.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "startupapicheck"
+ {{- include "labels" . | nindent 4 }}
+ annotations:
+ seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default'
+ seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
+ {{- if .Values.global.podSecurityPolicy.useAppArmor }}
+ apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
+ apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
+ {{- end }}
+ {{- with .Values.startupapicheck.rbac.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ privileged: false
+ allowPrivilegeEscalation: false
+ allowedCapabilities: [] # default set of capabilities are implicitly allowed
+ volumes:
+ - 'projected'
+ - 'secret'
+ hostNetwork: false
+ hostIPC: false
+ hostPID: false
+ runAsUser:
+ rule: 'MustRunAs'
+ ranges:
+ - min: 1000
+ max: 1000
+ seLinux:
+ rule: 'RunAsAny'
+ supplementalGroups:
+ rule: 'MustRunAs'
+ ranges:
+ - min: 1000
+ max: 1000
+ fsGroup:
+ rule: 'MustRunAs'
+ ranges:
+ - min: 1000
+ max: 1000
+{{- end }}
+{{- end }}
diff --git a/charts/cert-manager/templates/startupapicheck-rbac.yaml b/charts/cert-manager/templates/startupapicheck-rbac.yaml
new file mode 100644
index 0000000..a6be7b9
--- /dev/null
+++ b/charts/cert-manager/templates/startupapicheck-rbac.yaml
@@ -0,0 +1,48 @@
+{{- if .Values.startupapicheck.enabled }}
+{{- if .Values.global.rbac.create }}
+# create certificate role
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ template "startupapicheck.fullname" . }}:create-cert
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ include "startupapicheck.name" . }}
+ app.kubernetes.io/name: {{ include "startupapicheck.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "startupapicheck"
+ {{- include "labels" . | nindent 4 }}
+ {{- with .Values.startupapicheck.rbac.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+rules:
+ - apiGroups: ["cert-manager.io"]
+ resources: ["certificates"]
+ verbs: ["create"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ include "startupapicheck.fullname" . }}:create-cert
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ include "startupapicheck.name" . }}
+ app.kubernetes.io/name: {{ include "startupapicheck.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "startupapicheck"
+ {{- include "labels" . | nindent 4 }}
+ {{- with .Values.startupapicheck.rbac.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ template "startupapicheck.fullname" . }}:create-cert
+subjects:
+ - kind: ServiceAccount
+ name: {{ template "startupapicheck.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
diff --git a/charts/cert-manager/templates/startupapicheck-serviceaccount.yaml b/charts/cert-manager/templates/startupapicheck-serviceaccount.yaml
new file mode 100644
index 0000000..f632840
--- /dev/null
+++ b/charts/cert-manager/templates/startupapicheck-serviceaccount.yaml
@@ -0,0 +1,24 @@
+{{- if .Values.startupapicheck.enabled }}
+{{- if .Values.startupapicheck.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: {{ .Values.startupapicheck.serviceAccount.automountServiceAccountToken }}
+metadata:
+ name: {{ template "startupapicheck.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ {{- with .Values.startupapicheck.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ labels:
+ app: {{ include "startupapicheck.name" . }}
+ app.kubernetes.io/name: {{ include "startupapicheck.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "startupapicheck"
+ {{- include "labels" . | nindent 4 }}
+{{- with .Values.global.imagePullSecrets }}
+imagePullSecrets:
+ {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/cert-manager/templates/webhook-config.yaml b/charts/cert-manager/templates/webhook-config.yaml
new file mode 100644
index 0000000..29558e9
--- /dev/null
+++ b/charts/cert-manager/templates/webhook-config.yaml
@@ -0,0 +1,24 @@
+{{- if .Values.webhook.config -}}
+ {{- if not .Values.webhook.config.apiVersion -}}
+ {{- fail "webhook.config.apiVersion must be set" -}}
+ {{- end -}}
+
+ {{- if not .Values.webhook.config.kind -}}
+ {{- fail "webhook.config.kind must be set" -}}
+ {{- end -}}
+{{- end -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "webhook.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ include "webhook.name" . }}
+ app.kubernetes.io/name: {{ include "webhook.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "webhook"
+data:
+ {{- if .Values.webhook.config }}
+ config.yaml: |
+ {{ .Values.webhook.config | toYaml | nindent 4 }}
+ {{- end }}
diff --git a/charts/cert-manager/templates/webhook-deployment.yaml b/charts/cert-manager/templates/webhook-deployment.yaml
new file mode 100644
index 0000000..0de1df2
--- /dev/null
+++ b/charts/cert-manager/templates/webhook-deployment.yaml
@@ -0,0 +1,153 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "webhook.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ include "webhook.name" . }}
+ app.kubernetes.io/name: {{ include "webhook.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "webhook"
+ {{- include "labels" . | nindent 4 }}
+ {{- with .Values.webhook.deploymentAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ replicas: {{ .Values.webhook.replicaCount }}
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: {{ include "webhook.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "webhook"
+ {{- with .Values.webhook.strategy }}
+ strategy:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "webhook.name" . }}
+ app.kubernetes.io/name: {{ include "webhook.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "webhook"
+ {{- include "labels" . | nindent 8 }}
+ {{- with .Values.webhook.podLabels }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.webhook.podAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ spec:
+ serviceAccountName: {{ template "webhook.serviceAccountName" . }}
+ {{- with .Values.global.priorityClassName }}
+ priorityClassName: {{ . | quote }}
+ {{- end }}
+ {{- with .Values.webhook.securityContext }}
+ securityContext:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- if .Values.webhook.hostNetwork }}
+ hostNetwork: true
+ {{- end }}
+ containers:
+ - name: {{ .Chart.Name }}
+ {{- with .Values.webhook.image }}
+ image: "{{- if .registry -}}{{ .registry }}/{{- end -}}{{ .repository }}{{- if (.digest) -}} @{{ .digest }}{{- else -}}:{{ default $.Chart.AppVersion .tag }} {{- end -}}"
+ {{- end }}
+ imagePullPolicy: {{ .Values.webhook.image.pullPolicy }}
+ args:
+ {{- if .Values.global.logLevel }}
+ - --v={{ .Values.global.logLevel }}
+ {{- end }}
+ {{- if .Values.webhook.config }}
+ - --config=/var/cert-manager/config/config.yaml
+ {{- end }}
+ {{- $config := default .Values.webhook.config "" }}
+ {{ if not $config.securePort -}}
+ - --secure-port={{ .Values.webhook.securePort }}
+ {{- end }}
+ {{- $tlsConfig := default $config.tlsConfig "" }}
+ {{ if or (not $config.tlsConfig) (and (not $tlsConfig.dynamic) (not $tlsConfig.filesystem) ) -}}
+ - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE)
+ - --dynamic-serving-ca-secret-name={{ template "webhook.fullname" . }}-ca
+ - --dynamic-serving-dns-names={{ template "webhook.fullname" . }},{{ template "webhook.fullname" . }}.{{ .Release.Namespace }},{{ template "webhook.fullname" . }}.{{ .Release.Namespace }}.svc{{ if .Values.webhook.url.host }},{{ .Values.webhook.url.host }}{{ end }}
+ {{- end }}
+ {{- with .Values.webhook.extraArgs }}
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
+ ports:
+ - name: https
+ protocol: TCP
+ {{- if $config.securePort }}
+ containerPort: {{ $config.securePort }}
+ {{- else if .Values.webhook.securePort }}
+ containerPort: {{ .Values.webhook.securePort }}
+ {{- else }}
+ containerPort: 6443
+ {{- end }}
+ livenessProbe:
+ httpGet:
+ path: /livez
+ {{- if $config.healthzPort }}
+ port: {{ $config.healthzPort }}
+ {{- else }}
+ port: 6080
+ {{- end }}
+ scheme: HTTP
+ initialDelaySeconds: {{ .Values.webhook.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.webhook.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.webhook.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.webhook.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.webhook.livenessProbe.failureThreshold }}
+ readinessProbe:
+ httpGet:
+ path: /healthz
+ {{- if $config.healthzPort }}
+ port: {{ $config.healthzPort }}
+ {{- else }}
+ port: 6080
+ {{- end }}
+ scheme: HTTP
+ initialDelaySeconds: {{ .Values.webhook.readinessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.webhook.readinessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.webhook.readinessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.webhook.readinessProbe.successThreshold }}
+ failureThreshold: {{ .Values.webhook.readinessProbe.failureThreshold }}
+ {{- with .Values.webhook.containerSecurityContext }}
+ securityContext:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ {{- with .Values.webhook.resources }}
+ resources:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ {{- if .Values.webhook.config }}
+ volumeMounts:
+ - name: config
+ mountPath: /var/cert-manager/config
+ {{- end }}
+ {{- with .Values.webhook.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.webhook.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.webhook.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- if .Values.webhook.config }}
+ volumes:
+ - name: config
+ configMap:
+ name: {{ include "webhook.fullname" . }}
+ {{- end }}
diff --git a/charts/cert-manager/templates/webhook-mutating-webhook.yaml b/charts/cert-manager/templates/webhook-mutating-webhook.yaml
new file mode 100644
index 0000000..fb8b795
--- /dev/null
+++ b/charts/cert-manager/templates/webhook-mutating-webhook.yaml
@@ -0,0 +1,46 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+ name: {{ include "webhook.fullname" . }}
+ labels:
+ app: {{ include "webhook.name" . }}
+ app.kubernetes.io/name: {{ include "webhook.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "webhook"
+ {{- include "labels" . | nindent 4 }}
+ annotations:
+ cert-manager.io/inject-ca-from-secret: "{{ .Release.Namespace }}/{{ template "webhook.fullname" . }}-ca"
+ {{- with .Values.webhook.mutatingWebhookConfigurationAnnotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+webhooks:
+ - name: webhook.cert-manager.io
+ rules:
+ - apiGroups:
+ - "cert-manager.io"
+ - "acme.cert-manager.io"
+ apiVersions:
+ - "v1"
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - "*/*"
+ admissionReviewVersions: ["v1"]
+ # This webhook only accepts v1 cert-manager resources.
+ # Equivalent matchPolicy ensures that non-v1 resource requests are sent to
+ # this webhook (after the resources have been converted to v1).
+ matchPolicy: Equivalent
+ timeoutSeconds: {{ .Values.webhook.timeoutSeconds }}
+ failurePolicy: Fail
+ # Only include 'sideEffects' field in Kubernetes 1.12+
+ sideEffects: None
+ clientConfig:
+ {{- if .Values.webhook.url.host }}
+ url: https://{{ .Values.webhook.url.host }}/mutate
+ {{- else }}
+ service:
+ name: {{ template "webhook.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ path: /mutate
+ {{- end }}
diff --git a/charts/cert-manager/templates/webhook-psp-clusterrole.yaml b/charts/cert-manager/templates/webhook-psp-clusterrole.yaml
new file mode 100644
index 0000000..2a8808e
--- /dev/null
+++ b/charts/cert-manager/templates/webhook-psp-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- if .Values.global.podSecurityPolicy.enabled }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ template "webhook.fullname" . }}-psp
+ labels:
+ app: {{ include "webhook.name" . }}
+ app.kubernetes.io/name: {{ include "webhook.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "webhook"
+ {{- include "labels" . | nindent 4 }}
+rules:
+- apiGroups: ['policy']
+ resources: ['podsecuritypolicies']
+ verbs: ['use']
+ resourceNames:
+ - {{ template "webhook.fullname" . }}
+{{- end }}
diff --git a/charts/cert-manager/templates/webhook-psp-clusterrolebinding.yaml b/charts/cert-manager/templates/webhook-psp-clusterrolebinding.yaml
new file mode 100644
index 0000000..e8e1bb2
--- /dev/null
+++ b/charts/cert-manager/templates/webhook-psp-clusterrolebinding.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.global.podSecurityPolicy.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ template "webhook.fullname" . }}-psp
+ labels:
+ app: {{ include "webhook.name" . }}
+ app.kubernetes.io/name: {{ include "webhook.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "webhook"
+ {{- include "labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "webhook.fullname" . }}-psp
+subjects:
+ - kind: ServiceAccount
+ name: {{ template "webhook.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/cert-manager/templates/webhook-psp.yaml b/charts/cert-manager/templates/webhook-psp.yaml
new file mode 100644
index 0000000..4d5d959
--- /dev/null
+++ b/charts/cert-manager/templates/webhook-psp.yaml
@@ -0,0 +1,54 @@
+{{- if .Values.global.podSecurityPolicy.enabled }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ template "webhook.fullname" . }}
+ labels:
+ app: {{ include "webhook.name" . }}
+ app.kubernetes.io/name: {{ include "webhook.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "webhook"
+ {{- include "labels" . | nindent 4 }}
+ annotations:
+ seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default'
+ seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
+ {{- if .Values.global.podSecurityPolicy.useAppArmor }}
+ apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
+ apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
+ {{- end }}
+spec:
+ privileged: false
+ allowPrivilegeEscalation: false
+ allowedCapabilities: [] # default set of capabilities are implicitly allowed
+ volumes:
+ - 'configMap'
+ - 'emptyDir'
+ - 'projected'
+ - 'secret'
+ - 'downwardAPI'
+ hostNetwork: {{ .Values.webhook.hostNetwork }}
+ {{- if .Values.webhook.hostNetwork }}
+ hostPorts:
+ - max: {{ .Values.webhook.securePort }}
+ min: {{ .Values.webhook.securePort }}
+ {{- end }}
+ hostIPC: false
+ hostPID: false
+ runAsUser:
+ rule: 'MustRunAs'
+ ranges:
+ - min: 1000
+ max: 1000
+ seLinux:
+ rule: 'RunAsAny'
+ supplementalGroups:
+ rule: 'MustRunAs'
+ ranges:
+ - min: 1000
+ max: 1000
+ fsGroup:
+ rule: 'MustRunAs'
+ ranges:
+ - min: 1000
+ max: 1000
+{{- end }}
diff --git a/charts/cert-manager/templates/webhook-rbac.yaml b/charts/cert-manager/templates/webhook-rbac.yaml
new file mode 100644
index 0000000..1070333
--- /dev/null
+++ b/charts/cert-manager/templates/webhook-rbac.yaml
@@ -0,0 +1,83 @@
+{{- if .Values.global.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ template "webhook.fullname" . }}:dynamic-serving
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ include "webhook.name" . }}
+ app.kubernetes.io/name: {{ include "webhook.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "webhook"
+ {{- include "labels" . | nindent 4 }}
+rules:
+- apiGroups: [""]
+ resources: ["secrets"]
+ resourceNames:
+ - '{{ template "webhook.fullname" . }}-ca'
+ verbs: ["get", "list", "watch", "update"]
+# It's not possible to grant CREATE permission on a single resourceName.
+- apiGroups: [""]
+ resources: ["secrets"]
+ verbs: ["create"]
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ template "webhook.fullname" . }}:dynamic-serving
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ include "webhook.name" . }}
+ app.kubernetes.io/name: {{ include "webhook.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "webhook"
+ {{- include "labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ template "webhook.fullname" . }}:dynamic-serving
+subjects:
+- apiGroup: ""
+ kind: ServiceAccount
+ name: {{ template "webhook.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "webhook.fullname" . }}:subjectaccessreviews
+ labels:
+ app: {{ include "webhook.name" . }}
+ app.kubernetes.io/name: {{ include "webhook.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "webhook"
+ {{- include "labels" . | nindent 4 }}
+rules:
+- apiGroups: ["authorization.k8s.io"]
+ resources: ["subjectaccessreviews"]
+ verbs: ["create"]
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ template "webhook.fullname" . }}:subjectaccessreviews
+ labels:
+ app: {{ include "webhook.name" . }}
+ app.kubernetes.io/name: {{ include "webhook.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "webhook"
+ {{- include "labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "webhook.fullname" . }}:subjectaccessreviews
+subjects:
+- apiGroup: ""
+ kind: ServiceAccount
+ name: {{ template "webhook.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/cert-manager/templates/webhook-service.yaml b/charts/cert-manager/templates/webhook-service.yaml
new file mode 100644
index 0000000..ed0278a
--- /dev/null
+++ b/charts/cert-manager/templates/webhook-service.yaml
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "webhook.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+{{- with .Values.webhook.serviceAnnotations }}
+ annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+ labels:
+ app: {{ include "webhook.name" . }}
+ app.kubernetes.io/name: {{ include "webhook.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "webhook"
+ {{- include "labels" . | nindent 4 }}
+ {{- with .Values.webhook.serviceLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ type: {{ .Values.webhook.serviceType }}
+ {{- with .Values.webhook.loadBalancerIP }}
+ loadBalancerIP: {{ . }}
+ {{- end }}
+ ports:
+ - name: https
+ port: 443
+ protocol: TCP
+ targetPort: "https"
+ selector:
+ app.kubernetes.io/name: {{ include "webhook.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "webhook"
diff --git a/charts/cert-manager/templates/webhook-serviceaccount.yaml b/charts/cert-manager/templates/webhook-serviceaccount.yaml
new file mode 100644
index 0000000..a08d2fc
--- /dev/null
+++ b/charts/cert-manager/templates/webhook-serviceaccount.yaml
@@ -0,0 +1,22 @@
+{{- if .Values.webhook.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: {{ .Values.webhook.serviceAccount.automountServiceAccountToken }}
+metadata:
+ name: {{ template "webhook.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ {{- with .Values.webhook.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ labels:
+ app: {{ include "webhook.name" . }}
+ app.kubernetes.io/name: {{ include "webhook.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "webhook"
+ {{- include "labels" . | nindent 4 }}
+{{- with .Values.global.imagePullSecrets }}
+imagePullSecrets:
+ {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- end }}
diff --git a/charts/cert-manager/templates/webhook-validating-webhook.yaml b/charts/cert-manager/templates/webhook-validating-webhook.yaml
new file mode 100644
index 0000000..2ca6403
--- /dev/null
+++ b/charts/cert-manager/templates/webhook-validating-webhook.yaml
@@ -0,0 +1,55 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+ name: {{ include "webhook.fullname" . }}
+ labels:
+ app: {{ include "webhook.name" . }}
+ app.kubernetes.io/name: {{ include "webhook.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: "webhook"
+ {{- include "labels" . | nindent 4 }}
+ annotations:
+ cert-manager.io/inject-ca-from-secret: "{{ .Release.Namespace }}/{{ template "webhook.fullname" . }}-ca"
+ {{- with .Values.webhook.validatingWebhookConfigurationAnnotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+webhooks:
+ - name: webhook.cert-manager.io
+ namespaceSelector:
+ matchExpressions:
+ - key: "cert-manager.io/disable-validation"
+ operator: "NotIn"
+ values:
+ - "true"
+ - key: "name"
+ operator: "NotIn"
+ values:
+ - {{ .Release.Namespace }}
+ rules:
+ - apiGroups:
+ - "cert-manager.io"
+ - "acme.cert-manager.io"
+ apiVersions:
+ - "v1"
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - "*/*"
+ admissionReviewVersions: ["v1"]
+ # This webhook only accepts v1 cert-manager resources.
+ # Equivalent matchPolicy ensures that non-v1 resource requests are sent to
+ # this webhook (after the resources have been converted to v1).
+ matchPolicy: Equivalent
+ timeoutSeconds: {{ .Values.webhook.timeoutSeconds }}
+ failurePolicy: Fail
+ sideEffects: None
+ clientConfig:
+ {{- if .Values.webhook.url.host }}
+ url: https://{{ .Values.webhook.url.host }}/validate
+ {{- else }}
+ service:
+ name: {{ template "webhook.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ path: /validate
+ {{- end }}
diff --git a/charts/cert-manager/values.yaml b/charts/cert-manager/values.yaml
new file mode 100644
index 0000000..2603de0
--- /dev/null
+++ b/charts/cert-manager/values.yaml
@@ -0,0 +1,516 @@
+# Default values for cert-manager.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global:
+ ## Reference to one or more secrets to be used when pulling images
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ##
+ imagePullSecrets: []
+ # - name: "image-pull-secret"
+
+ # Optional priority class to be used for the cert-manager pods
+ priorityClassName: ""
+ rbac:
+ create: true
+
+ podSecurityPolicy:
+ enabled: false
+ useAppArmor: true
+
+ # Set the verbosity of cert-manager. Range of 0 - 6 with 6 being the most verbose.
+ logLevel: 2
+
+ leaderElection:
+ # Override the namespace used to store the ConfigMap for leader election
+ namespace: "kube-system"
+
+ # The duration that non-leader candidates will wait after observing a
+ # leadership renewal until attempting to acquire leadership of a led but
+ # unrenewed leader slot. This is effectively the maximum duration that a
+ # leader can be stopped before it is replaced by another candidate.
+ # leaseDuration: 60s
+
+ # The interval between attempts by the acting master to renew a leadership
+ # slot before it stops leading. This must be less than or equal to the
+ # lease duration.
+ # renewDeadline: 40s
+
+ # The duration the clients should wait between attempting acquisition and
+ # renewal of a leadership.
+ # retryPeriod: 15s
+
+installCRDs: false
+
+replicaCount: 1
+
+strategy: {}
+ # type: RollingUpdate
+ # rollingUpdate:
+ # maxSurge: 0
+ # maxUnavailable: 1
+
+# Comma separated list of feature gates that should be enabled on the
+# controller pod.
+featureGates: ""
+
+image:
+ repository: quay.io/jetstack/cert-manager-controller
+ # You can manage a registry with
+ # registry: quay.io
+ # repository: jetstack/cert-manager-controller
+
+ # Override the image tag to deploy by setting this variable.
+ # If no value is set, the chart's appVersion will be used.
+ # tag: canary
+
+ # Setting a digest will override any tag
+ # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20
+ pullPolicy: IfNotPresent
+
+# Override the namespace used to store DNS provider credentials etc. for ClusterIssuer
+# resources. By default, the same namespace as cert-manager is deployed within is
+# used. This namespace will not be automatically created by the Helm chart.
+clusterResourceNamespace: ""
+
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: true
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ # name: ""
+ # Optional additional annotations to add to the controller's ServiceAccount
+ # annotations: {}
+ # Automount API credentials for a Service Account.
+ automountServiceAccountToken: true
+
+# Additional command line flags to pass to cert-manager controller binary.
+# To see all available flags run docker run quay.io/jetstack/cert-manager-controller:<version> --help
+extraArgs: []
+ # When this flag is enabled, secrets will be automatically removed when the certificate resource is deleted
+ # - --enable-certificate-owner-ref=true
+ # Use this flag to enabled or disable arbitrary controllers, for example, disable the CertificiateRequests approver
+ # - --controllers=*,-certificaterequests-approver
+
+extraEnv: []
+# - name: SOME_VAR
+# value: 'some value'
+
+resources: {}
+ # requests:
+ # cpu: 10m
+ # memory: 32Mi
+
+# Pod Security Context
+# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+securityContext:
+ runAsNonRoot: true
+# legacy securityContext parameter format: if enabled is set to true, only fsGroup and runAsUser are supported
+# securityContext:
+# enabled: false
+# fsGroup: 1001
+# runAsUser: 1001
+# to support additional securityContext parameters, omit the `enabled` parameter and simply specify the parameters
+# you want to set, e.g.
+# securityContext:
+# fsGroup: 1000
+# runAsUser: 1000
+# runAsNonRoot: true
+
+# Container Security Context to be set on the controller component container
+# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+containerSecurityContext: {}
+ # capabilities:
+ # drop:
+ # - ALL
+ # readOnlyRootFilesystem: true
+ # runAsNonRoot: true
+
+
+volumes: []
+
+volumeMounts: []
+
+# Optional additional annotations to add to the controller Deployment
+# deploymentAnnotations: {}
+
+# Optional additional annotations to add to the controller Pods
+# podAnnotations: {}
+
+podLabels: {}
+
+# Optional annotations to add to the controller Service
+# serviceAnnotations: {}
+
+# Optional additional labels to add to the controller Service
+# serviceLabels: {}
+
+# Optional DNS settings, useful if you have a public and private DNS zone for
+# the same domain on Route 53. What follows is an example of ensuring
+# cert-manager can access an ingress or DNS TXT records at all times.
+# NOTE: This requires Kubernetes 1.10 or `CustomPodDNS` feature gate enabled for
+# the cluster to work.
+# podDnsPolicy: "None"
+# podDnsConfig:
+# nameservers:
+# - "1.1.1.1"
+# - "8.8.8.8"
+
+nodeSelector: {}
+
+ingressShim: {}
+ # defaultIssuerName: ""
+ # defaultIssuerKind: ""
+ # defaultIssuerGroup: ""
+
+prometheus:
+ enabled: true
+ servicemonitor:
+ enabled: false
+ prometheusInstance: default
+ targetPort: 9402
+ path: /metrics
+ interval: 60s
+ scrapeTimeout: 30s
+ labels: {}
+ honorLabels: false
+
+# Use these variables to configure the HTTP_PROXY environment variables
+# http_proxy: "http://proxy:8080"
+# https_proxy: "https://proxy:8080"
+# no_proxy: 127.0.0.1,localhost
+
+# expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#affinity-v1-core
+# for example:
+# affinity:
+# nodeAffinity:
+# requiredDuringSchedulingIgnoredDuringExecution:
+# nodeSelectorTerms:
+# - matchExpressions:
+# - key: foo.bar.com/role
+# operator: In
+# values:
+# - master
+affinity: {}
+
+# expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#toleration-v1-core
+# for example:
+# tolerations:
+# - key: foo.bar.com/role
+# operator: Equal
+# value: master
+# effect: NoSchedule
+tolerations: []
+
+webhook:
+ replicaCount: 1
+ timeoutSeconds: 10
+
+ # Used to configure options for the webhook pod.
+ # This allows setting options that'd usually be provided via flags.
+ # An APIVersion and Kind must be specified in your values.yaml file.
+ # Flags will override options that are set here.
+ config:
+ # apiVersion: webhook.config.cert-manager.io/v1alpha1
+ # kind: WebhookConfiguration
+
+ # The port that the webhook should listen on for requests.
+ # In GKE private clusters, by default kubernetes apiservers are allowed to
+ # talk to the cluster nodes only on 443 and 10250. so configuring
+ # securePort: 10250, will work out of the box without needing to add firewall
+ # rules or requiring NET_BIND_SERVICE capabilities to bind port numbers <1000.
+ # This should be uncommented and set as a default by the chart once we graduate
+ # the apiVersion of WebhookConfiguration past v1alpha1.
+ # securePort: 10250
+
+ strategy: {}
+ # type: RollingUpdate
+ # rollingUpdate:
+ # maxSurge: 0
+ # maxUnavailable: 1
+
+ # Pod Security Context to be set on the webhook component Pod
+ # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ securityContext:
+ runAsNonRoot: true
+
+ # Container Security Context to be set on the webhook component container
+ # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ containerSecurityContext: {}
+ # capabilities:
+ # drop:
+ # - ALL
+ # readOnlyRootFilesystem: true
+ # runAsNonRoot: true
+
+ # Optional additional annotations to add to the webhook Deployment
+ # deploymentAnnotations: {}
+
+ # Optional additional annotations to add to the webhook Pods
+ # podAnnotations: {}
+
+ # Optional additional annotations to add to the webhook Service
+ # serviceAnnotations: {}
+
+ # Optional additional annotations to add to the webhook MutatingWebhookConfiguration
+ # mutatingWebhookConfigurationAnnotations: {}
+
+ # Optional additional annotations to add to the webhook ValidatingWebhookConfiguration
+ # validatingWebhookConfigurationAnnotations: {}
+
+ # Additional command line flags to pass to cert-manager webhook binary.
+ # To see all available flags run docker run quay.io/jetstack/cert-manager-webhook:<version> --help
+ extraArgs: []
+ # Path to a file containing a WebhookConfiguration object used to configure the webhook
+ # - --config=<path-to-config-file>
+
+ resources: {}
+ # requests:
+ # cpu: 10m
+ # memory: 32Mi
+
+ ## Liveness and readiness probe values
+ ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
+ ##
+ livenessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 60
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ readinessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 5
+ periodSeconds: 5
+ successThreshold: 1
+ timeoutSeconds: 1
+
+ nodeSelector: {}
+
+ affinity: {}
+
+ tolerations: []
+
+ # Optional additional labels to add to the Webhook Pods
+ podLabels: {}
+
+ # Optional additional labels to add to the Webhook Service
+ serviceLabels: {}
+
+ image:
+ repository: quay.io/jetstack/cert-manager-webhook
+ # You can manage a registry with
+ # registry: quay.io
+ # repository: jetstack/cert-manager-webhook
+
+ # Override the image tag to deploy by setting this variable.
+ # If no value is set, the chart's appVersion will be used.
+ # tag: canary
+
+ # Setting a digest will override any tag
+ # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20
+
+ pullPolicy: IfNotPresent
+
+ serviceAccount:
+ # Specifies whether a service account should be created
+ create: true
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ # name: ""
+ # Optional additional annotations to add to the controller's ServiceAccount
+ # annotations: {}
+ # Automount API credentials for a Service Account.
+ automountServiceAccountToken: true
+
+ # The port that the webhook should listen on for requests.
+ # In GKE private clusters, by default kubernetes apiservers are allowed to
+ # talk to the cluster nodes only on 443 and 10250. so configuring
+ # securePort: 10250, will work out of the box without needing to add firewall
+ # rules or requiring NET_BIND_SERVICE capabilities to bind port numbers <1000
+ securePort: 10250
+
+ # Specifies if the webhook should be started in hostNetwork mode.
+ #
+ # Required for use in some managed kubernetes clusters (such as AWS EKS) with custom
+ # CNI (such as calico), because control-plane managed by AWS cannot communicate
+ # with pods' IP CIDR and admission webhooks are not working
+ #
+ # Since the default port for the webhook conflicts with kubelet on the host
+ # network, `webhook.securePort` should be changed to an available port if
+ # running in hostNetwork mode.
+ hostNetwork: false
+
+ # Specifies how the service should be handled. Useful if you want to expose the
+ # webhook to outside of the cluster. In some cases, the control plane cannot
+ # reach internal services.
+ serviceType: ClusterIP
+ # loadBalancerIP:
+
+ # Overrides the mutating webhook and validating webhook so they reach the webhook
+ # service using the `url` field instead of a service.
+ url: {}
+ # host:
+
+cainjector:
+ enabled: true
+ replicaCount: 1
+
+ strategy: {}
+ # type: RollingUpdate
+ # rollingUpdate:
+ # maxSurge: 0
+ # maxUnavailable: 1
+
+ # Pod Security Context to be set on the cainjector component Pod
+ # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ securityContext:
+ runAsNonRoot: true
+
+ # Container Security Context to be set on the cainjector component container
+ # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ containerSecurityContext: {}
+ # capabilities:
+ # drop:
+ # - ALL
+ # readOnlyRootFilesystem: true
+ # runAsNonRoot: true
+
+
+ # Optional additional annotations to add to the cainjector Deployment
+ # deploymentAnnotations: {}
+
+ # Optional additional annotations to add to the cainjector Pods
+ # podAnnotations: {}
+
+ # Additional command line flags to pass to cert-manager cainjector binary.
+ # To see all available flags run docker run quay.io/jetstack/cert-manager-cainjector:<version> --help
+ extraArgs: []
+ # Enable profiling for cainjector
+ # - --enable-profiling=true
+
+ resources: {}
+ # requests:
+ # cpu: 10m
+ # memory: 32Mi
+
+ nodeSelector: {}
+
+ affinity: {}
+
+ tolerations: []
+
+ # Optional additional labels to add to the CA Injector Pods
+ podLabels: {}
+
+ image:
+ repository: quay.io/jetstack/cert-manager-cainjector
+ # You can manage a registry with
+ # registry: quay.io
+ # repository: jetstack/cert-manager-cainjector
+
+ # Override the image tag to deploy by setting this variable.
+ # If no value is set, the chart's appVersion will be used.
+ # tag: canary
+
+ # Setting a digest will override any tag
+ # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20
+
+ pullPolicy: IfNotPresent
+
+ serviceAccount:
+ # Specifies whether a service account should be created
+ create: true
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ # name: ""
+ # Optional additional annotations to add to the controller's ServiceAccount
+ # annotations: {}
+ # Automount API credentials for a Service Account.
+ automountServiceAccountToken: true
+
+# This startupapicheck is a Helm post-install hook that waits for the webhook
+# endpoints to become available.
+# The check is implemented using a Kubernetes Job- if you are injecting mesh
+# sidecar proxies into cert-manager pods, you probably want to ensure that they
+# are not injected into this Job's pod. Otherwise the installation may time out
+# due to the Job never being completed because the sidecar proxy does not exit.
+# See https://github.com/jetstack/cert-manager/pull/4414 for context.
+startupapicheck:
+ enabled: true
+
+ # Pod Security Context to be set on the startupapicheck component Pod
+ # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ securityContext:
+ runAsNonRoot: true
+
+ # Timeout for 'kubectl check api' command
+ timeout: 1m
+
+ # Job backoffLimit
+ backoffLimit: 4
+
+ # Optional additional annotations to add to the startupapicheck Job
+ jobAnnotations:
+ helm.sh/hook: post-install
+ helm.sh/hook-weight: "1"
+ helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
+
+ # Optional additional annotations to add to the startupapicheck Pods
+ # podAnnotations: {}
+
+ # Additional command line flags to pass to startupapicheck binary.
+ # To see all available flags run docker run quay.io/jetstack/cert-manager-ctl:<version> --help
+ extraArgs: []
+
+ resources: {}
+ # requests:
+ # cpu: 10m
+ # memory: 32Mi
+
+ nodeSelector: {}
+
+ affinity: {}
+
+ tolerations: []
+
+ # Optional additional labels to add to the startupapicheck Pods
+ podLabels: {}
+
+ image:
+ repository: quay.io/jetstack/cert-manager-ctl
+ # You can manage a registry with
+ # registry: quay.io
+ # repository: jetstack/cert-manager-ctl
+
+ # Override the image tag to deploy by setting this variable.
+ # If no value is set, the chart's appVersion will be used.
+ # tag: canary
+
+ # Setting a digest will override any tag
+ # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20
+
+ pullPolicy: IfNotPresent
+
+ rbac:
+ # annotations for the startup API Check job RBAC and PSP resources
+ annotations:
+ helm.sh/hook: post-install
+ helm.sh/hook-weight: "-5"
+ helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
+
+ serviceAccount:
+ # Specifies whether a service account should be created
+ create: true
+
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ # name: ""
+
+ # Optional additional annotations to add to the Job's ServiceAccount
+ annotations:
+ helm.sh/hook: post-install
+ helm.sh/hook-weight: "-5"
+ helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
+
+ # Automount API credentials for a Service Account.
+ automountServiceAccountToken: true
diff --git a/charts/cilium/.helmignore b/charts/cilium/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/charts/cilium/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/cilium/Chart.yaml b/charts/cilium/Chart.yaml
new file mode 100644
index 0000000..2296ab4
--- /dev/null
+++ b/charts/cilium/Chart.yaml
@@ -0,0 +1,73 @@
+annotations:
+ artifacthub.io/crds: |
+ - kind: CiliumNetworkPolicy
+ version: v2
+ name: ciliumnetworkpolicy
+ displayName: Cilium Network Policy
+ description: |
+ Cilium Network Policies provide additional functionality beyond what
+ is provided by standard Kubernetes NetworkPolicy such as the ability
+ to allow traffic based on FQDNs, or to filter at Layer 7.
+ - kind: CiliumClusterwideNetworkPolicy
+ version: v2
+ name: ciliumclusterwidenetworkpolicy
+ displayName: Cilium Clusterwide Network Policy
+ description: |
+ Cilium Clusterwide Network Policies support configuring network traffic
+ policiies across the entire cluster, including applying node firewalls.
+ - kind: CiliumExternalWorkload
+ version: v2
+ name: ciliumnetworkpolicy
+ displayName: Cilium External Workload
+ description: |
+ Cilium External Workload supports configuring the ability for external
+ non-Kubernetes workloads to join the cluster.
+ - kind: CiliumLocalRedirectPolicy
+ version: v2
+ name: ciliumlocalredirectpolicy
+ displayName: Cilium Local Redirect Policy
+ description: |
+ Cilium Local Redirect Policy allows local redirects to be configured
+ within a node to support use cases like Node-Local DNS or KIAM.
+ - kind: CiliumNode
+ version: v2
+ name: ciliumnode
+ displayName: Cilium Node
+ description: |
+ Cilium Node represents a node managed by Cilium. It contains a
+ specification to control various node specific configuration aspects
+ and a status section to represent the status of the node.
+ - kind: CiliumIdentity
+ version: v2
+ name: ciliumidentity
+ displayName: Cilium Identity
+ description: |
+ Cilium Identity allows introspection into security identities that
+ Cilium allocates which identify sets of labels that are assigned to
+ individual endpoints in the cluster.
+ - kind: CiliumEndpoint
+ version: v2
+ name: ciliumendpoint
+ displayName: Cilium Endpoint
+ description: |
+ Cilium Endpoint represents the status of individual pods or nodes in
+ the cluster which are managed by Cilium, including enforcement status,
+ IP addressing and whether the networking is succesfully operational.
+apiVersion: v2
+appVersion: 1.10.7
+description: eBPF-based Networking, Security, and Observability
+home: https://cilium.io/
+icon: https://cdn.jsdelivr.net/gh/cilium/cilium@v1.10.7/Documentation/images/logo-solo.svg
+keywords:
+- BPF
+- eBPF
+- Kubernetes
+- Networking
+- Security
+- Observability
+- Troubleshooting
+kubeVersion: '>= 1.16.0-0'
+name: cilium
+sources:
+- https://github.com/cilium/cilium
+version: 1.10.7
diff --git a/charts/cilium/LICENSE b/charts/cilium/LICENSE
new file mode 100644
index 0000000..a2e486a
--- /dev/null
+++ b/charts/cilium/LICENSE
@@ -0,0 +1,202 @@
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "{}"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright {yyyy} Authors of Cilium
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
diff --git a/charts/cilium/README.md b/charts/cilium/README.md
new file mode 100644
index 0000000..578b53e
--- /dev/null
+++ b/charts/cilium/README.md
@@ -0,0 +1,365 @@
+# cilium
+
+ 
+
+Cilium is open source software for providing and transparently securing
+network connectivity and loadbalancing between application workloads such as
+application containers or processes. Cilium operates at Layer 3/4 to provide
+traditional networking and security services as well as Layer 7 to protect and
+secure use of modern application protocols such as HTTP, gRPC and Kafka.
+
+A new Linux kernel technology called eBPF is at the foundation of Cilium.
+It supports dynamic insertion of eBPF bytecode into the Linux kernel at various
+integration points such as: network IO, application sockets, and tracepoints
+to implement security, networking and visibility logic. eBPF is highly
+efficient and flexible.
+
+
+
+## Prerequisites
+
+* Kubernetes: `>= 1.16.0-0`
+* Helm: `>= 3.0`
+
+## Getting Started
+
+Try Cilium on any Kubernetes distribution in under 15 minutes:
+
+| Minikube | Self-Managed K8s | Amazon EKS | Google GKE | Microsoft AKS |
+|:-:|:-:|:-:|:-:|:-:|
+| [](https://docs.cilium.io/en/stable/gettingstarted/k8s-install-default/) | [](https://docs.cilium.io/en/stable/gettingstarted/k8s-install-default/) | [](https://docs.cilium.io/en/stable/gettingstarted/k8s-install-default/) | [](https://docs.cilium.io/en/stable/gettingstarted/k8s-install-default/) | [](https://docs.cilium.io/en/stable/gettingstarted/k8s-install-default/) |
+
+Or, for a quick install with the default configuration:
+
+```
+$ helm repo add cilium https://helm.cilium.io/
+$ helm install cilium cilium/cilium --namespace=kube-system
+```
+
+After Cilium is installed, you can explore the features that Cilium has to
+offer from the [Getting Started Guides page](https://docs.cilium.io/en/latest/gettingstarted/).
+
+## Source Code
+
+* <https://github.com/cilium/cilium>
+
+## Getting Help
+
+The best way to get help if you get stuck is to ask a question on the
+[Cilium Slack channel](https://cilium.herokuapp.com/). With Cilium
+contributors across the globe, there is almost always someone available to help.
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"kubernetes.io/os","operator":"In","values":["linux"]}]},{"matchExpressions":[{"key":"beta.kubernetes.io/os","operator":"In","values":["linux"]}]}]}},"podAntiAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":[{"labelSelector":{"matchExpressions":[{"key":"k8s-app","operator":"In","values":["cilium"]}]},"topologyKey":"kubernetes.io/hostname"}]}}` | Pod affinity for cilium-agent. |
+| agent | bool | `true` | Install the cilium agent resources. |
+| alibabacloud.enabled | bool | `false` | Enable AlibabaCloud ENI integration |
+| autoDirectNodeRoutes | bool | `false` | Enable installation of PodCIDR routes between worker nodes if worker nodes share a common L2 network segment. |
+| azure.enabled | bool | `false` | Enable Azure integration |
+| bandwidthManager | bool | `false` | Optimize TCP and UDP workloads and enable rate-limiting traffic from individual Pods with EDT (Earliest Departure Time) through the "kubernetes.io/egress-bandwidth" Pod annotation. |
+| bgp | object | `{"announce":{"loadbalancerIP":false},"enabled":false}` | Configure BGP |
+| bgp.announce.loadbalancerIP | bool | `false` | Enable allocation and announcement of service LoadBalancer IPs |
+| bgp.enabled | bool | `false` | Enable BGP support inside Cilium; embeds a new ConfigMap for BGP inside cilium-agent and cilium-operator |
+| bpf.clockProbe | bool | `false` | Enable BPF clock source probing for more efficient tick retrieval. |
+| bpf.lbExternalClusterIP | bool | `false` | Allow cluster external access to ClusterIP services. |
+| bpf.lbMapMax | int | `65536` | Configure the maximum number of service entries in the load balancer maps. |
+| bpf.monitorAggregation | string | `"medium"` | Configure the level of aggregation for monitor notifications. Valid options are none, low, medium, maximum. |
+| bpf.monitorFlags | string | `"all"` | Configure which TCP flags trigger notifications when seen for the first time in a connection. |
+| bpf.monitorInterval | string | `"5s"` | Configure the typical time between monitor notifications for active connections. |
+| bpf.policyMapMax | int | `16384` | Configure the maximum number of entries in endpoint policy map (per endpoint). |
+| bpf.preallocateMaps | bool | `false` | Enables pre-allocation of eBPF map values. This increases memory usage but can reduce latency. |
+| certgen | object | `{"image":{"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/certgen","tag":"v0.1.5"},"podLabels":{},"ttlSecondsAfterFinished":1800}` | Configure certificate generation for Hubble integration. If hubble.tls.auto.method=cronJob, these values are used for the Kubernetes CronJob which will be scheduled regularly to (re)generate any certificates not provided manually. |
+| certgen.podLabels | object | `{}` | Labels to be added to hubble-certgen pods |
+| certgen.ttlSecondsAfterFinished | int | `1800` | Seconds after which the completed job pod will be deleted |
+| cgroup | object | `{"autoMount":{"enabled":true},"hostRoot":"/run/cilium/cgroupv2"}` | Configure cgroup related configuration |
+| cgroup.autoMount.enabled | bool | `true` | Enable auto mount of cgroup2 filesystem. When `autoMount` is enabled, cgroup2 filesystem is mounted at `cgroup.hostRoot` path on the underlying host and inside the cilium agent pod. If users disable `autoMount`, it's expected that users have mounted cgroup2 filesystem at the specified `cgroup.hostRoot` volume, and then the volume will be mounted inside the cilium agent pod at the same path. |
+| cgroup.hostRoot | string | `"/run/cilium/cgroupv2"` | Configure cgroup root where cgroup2 filesystem is mounted on the host (see also: `cgroup.autoMount`) |
+| cleanBpfState | bool | `false` | Clean all eBPF datapath state from the initContainer of the cilium-agent DaemonSet. WARNING: Use with care! |
+| cleanState | bool | `false` | Clean all local Cilium state from the initContainer of the cilium-agent DaemonSet. Implies cleanBpfState: true. WARNING: Use with care! |
+| cluster.id | int | `nil` | Unique ID of the cluster. Must be unique across all connected clusters and in the range of 1 to 255. Only required for Cluster Mesh. |
+| cluster.name | string | `"default"` | Name of the cluster. Only required for Cluster Mesh. |
+| clustermesh.apiserver.etcd.image | object | `{"pullPolicy":"IfNotPresent","repository":"quay.io/coreos/etcd","tag":"v3.4.13"}` | Clustermesh API server etcd image. |
+| clustermesh.apiserver.image | object | `{"digest":"sha256:9afb0a15afffdf84812c8174df9de86e35239fb87a6ffd9539877a9e643d8132","pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.10.7","useDigest":true}` | Clustermesh API server image. |
+| clustermesh.apiserver.nodeSelector | object | `{}` | Node labels for pod assignment ref: https://kubernetes.io/docs/user-guide/node-selection/ |
+| clustermesh.apiserver.podAnnotations | object | `{}` | Annotations to be added to clustermesh-apiserver pods |
+| clustermesh.apiserver.podLabels | object | `{}` | Labels to be added to clustermesh-apiserver pods |
+| clustermesh.apiserver.replicas | int | `1` | Number of replicas run for the clustermesh-apiserver deployment. |
+| clustermesh.apiserver.resources | object | `{}` | Resource requests and limits for the clustermesh-apiserver container of the clustermesh-apiserver deployment, such as resources: limits: cpu: 1000m memory: 1024M requests: cpu: 100m memory: 64Mi |
+| clustermesh.apiserver.service.annotations | object | `{}` | Annotations for the clustermesh-apiserver For GKE LoadBalancer, use annotation cloud.google.com/load-balancer-type: "Internal" For EKS LoadBalancer, use annotation service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 |
+| clustermesh.apiserver.service.nodePort | int | `32379` | Optional port to use as the node port for apiserver access. |
+| clustermesh.apiserver.service.type | string | `"NodePort"` | The type of service used for apiserver access. |
+| clustermesh.apiserver.tls.admin | object | `{"cert":"","key":""}` | base64 encoded PEM values for the clustermesh-apiserver admin certificate and private key. Used if 'auto' is not enabled. |
+| clustermesh.apiserver.tls.auto | object | `{"certValidityDuration":1095,"enabled":true,"method":"helm"}` | Configure automatic TLS certificates generation. A Kubernetes CronJob is used the generate any certificates not provided by the user at installation time. |
+| clustermesh.apiserver.tls.auto.certValidityDuration | int | `1095` | Generated certificates validity duration in days. |
+| clustermesh.apiserver.tls.auto.enabled | bool | `true` | When set to true, automatically generate a CA and certificates to enable mTLS between clustermesh-apiserver and external workload instances. If set to false, the certs to be provided by setting appropriate values below. |
+| clustermesh.apiserver.tls.ca | object | `{"cert":"","key":""}` | base64 encoded PEM values for the ExternalWorkload CA certificate and private key. |
+| clustermesh.apiserver.tls.ca.cert | string | `""` | Optional CA cert. If it is provided, it will be used by the 'cronJob' method to generate all other certificates. Otherwise, an ephemeral CA is generated. |
+| clustermesh.apiserver.tls.ca.key | string | `""` | Optional CA private key. If it is provided, it will be used by the 'cronJob' method to generate all other certificates. Otherwise, an ephemeral CA is generated. |
+| clustermesh.apiserver.tls.client | object | `{"cert":"","key":""}` | base64 encoded PEM values for the clustermesh-apiserver client certificate and private key. Used if 'auto' is not enabled. |
+| clustermesh.apiserver.tls.remote | object | `{"cert":"","key":""}` | base64 encoded PEM values for the clustermesh-apiserver remote cluster certificate and private key. Used if 'auto' is not enabled. |
+| clustermesh.apiserver.tls.server | object | `{"cert":"","key":""}` | base64 encoded PEM values for the clustermesh-apiserver server certificate and private key. Used if 'auto' is not enabled. |
+| clustermesh.apiserver.tolerations | list | `[]` | Node tolerations for pod assignment on nodes with taints ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ |
+| clustermesh.apiserver.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":1},"type":"RollingUpdate"}` | clustermesh-apiserver update strategy |
+| clustermesh.useAPIServer | bool | `false` | Deploy clustermesh-apiserver for clustermesh |
+| cni.binPath | string | `"/opt/cni/bin"` | Configure the path to the CNI binary directory on the host. |
+| cni.chainingMode | string | `"none"` | Configure chaining on top of other CNI plugins. Possible values: - none - generic-veth - aws-cni - portmap |
+| cni.confFileMountPath | string | `"/tmp/cni-configuration"` | Configure the path to where to mount the ConfigMap inside the agent pod. |
+| cni.confPath | string | `"/etc/cni/net.d"` | Configure the path to the CNI configuration directory on the host. |
+| cni.configMapKey | string | `"cni-config"` | Configure the key in the CNI ConfigMap to read the contents of the CNI configuration from. |
+| cni.customConf | bool | `false` | Skip writing of the CNI configuration. This can be used if writing of the CNI configuration is performed by external automation. |
+| cni.exclusive | bool | `true` | Make Cilium take ownership over the `/etc/cni/net.d` directory on the node, renaming all non-Cilium CNI configurations to `*.cilium_bak`. This ensures no Pods can be scheduled using other CNI plugins during Cilium agent downtime. |
+| cni.hostConfDirMountPath | string | `"/host/etc/cni/net.d"` | Configure the path to where the CNI configuration directory is mounted inside the agent pod. |
+| cni.install | bool | `true` | Install the CNI configuration and binary files into the filesystem. |
+| containerRuntime | object | `{"integration":"none"}` | Configure container runtime specific integration. |
+| containerRuntime.integration | string | `"none"` | Enables specific integrations for container runtimes. Supported values: - containerd - crio - docker - none - auto (automatically detect the container runtime) |
+| customCalls | object | `{"enabled":false}` | Tail call hooks for custom eBPF programs. |
+| customCalls.enabled | bool | `false` | Enable tail call hooks for custom eBPF programs. |
+| daemon.runPath | string | `"/var/run/cilium"` | Configure where Cilium runtime state should be stored. |
+| datapathMode | string | `"veth"` | Configure which datapath mode should be used for configuring container connectivity. Valid options are "veth" or "ipvlan". |
+| debug.enabled | bool | `false` | Enable debug logging |
+| egressGateway | object | `{"enabled":false}` | Enables egress gateway (beta) to redirect and SNAT the traffic that leaves the cluster. |
+| enableCnpStatusUpdates | bool | `false` | Whether to enable CNP status updates. |
+| enableCriticalPriorityClass | bool | `true` | Explicitly enable or disable priority class. .Capabilities.KubeVersion is unsettable in `helm template` calls, it depends on k8s libraries version that Helm was compiled against. This option allows to explicitly disable setting the priority class, which is useful for rendering charts for gke clusters in advance. |
+| enableIPv4Masquerade | bool | `true` | Enables masquerading of IPv4 traffic leaving the node from endpoints. |
+| enableIPv6Masquerade | bool | `true` | Enables masquerading of IPv6 traffic leaving the node from endpoints. |
+| enableK8sEventHandover | bool | `false` | Configures the use of the KVStore to optimize Kubernetes event handling by mirroring it into the KVstore for reduced overhead in large clusters. |
+| enableXTSocketFallback | bool | `true` | Enables the fallback compatibility solution for when the xt_socket kernel module is missing and it is needed for the datapath L7 redirection to work properly. See documentation for details on when this can be disabled: http://docs.cilium.io/en/stable/install/system_requirements/#admin-kernel-version. |
+| encryption.enabled | bool | `false` | Enable transparent network encryption. |
+| encryption.interface | string | `""` | Deprecated in favor of encryption.ipsec.interface. The interface to use for encrypted traffic. This option is only effective when encryption.type is set to ipsec. |
+| encryption.ipsec.interface | string | `""` | The interface to use for encrypted traffic. |
+| encryption.ipsec.keyFile | string | `""` | Name of the key file inside the Kubernetes secret configured via secretName. |
+| encryption.ipsec.mountPath | string | `""` | Path to mount the secret inside the Cilium pod. |
+| encryption.ipsec.secretName | string | `""` | Name of the Kubernetes secret containing the encryption keys. |
+| encryption.keyFile | string | `"keys"` | Deprecated in favor of encryption.ipsec.keyFile. Name of the key file inside the Kubernetes secret configured via secretName. This option is only effective when encryption.type is set to ipsec. |
+| encryption.mountPath | string | `"/etc/ipsec"` | Deprecated in favor of encryption.ipsec.mountPath. Path to mount the secret inside the Cilium pod. This option is only effective when encryption.type is set to ipsec. |
+| encryption.nodeEncryption | bool | `false` | Enable encryption for pure node to node traffic. This option is only effective when encryption.type is set to ipsec. |
+| encryption.secretName | string | `"cilium-ipsec-keys"` | Deprecated in favor of encryption.ipsec.secretName. Name of the Kubernetes secret containing the encryption keys. This option is only effective when encryption.type is set to ipsec. |
+| encryption.type | string | `"ipsec"` | Encryption method. Can be either ipsec or wireguard. |
+| endpointHealthChecking.enabled | bool | `true` | Enable connectivity health checking between virtual endpoints. |
+| endpointRoutes.enabled | bool | `false` | Enable use of per endpoint routes instead of routing via the cilium_host interface. |
+| endpointStatus | object | `{"enabled":false,"status":""}` | Enable endpoint status. Status can be: policy, health, controllers, logs and / or state. For 2 or more options use a comma. |
+| eni.awsReleaseExcessIPs | bool | `false` | Release IPs not used from the ENI |
+| eni.ec2APIEndpoint | string | `""` | EC2 API endpoint to use |
+| eni.enabled | bool | `false` | Enable Elastic Network Interface (ENI) integration. |
+| eni.eniTags | object | `{}` | Tags to apply to the newly created ENIs |
+| eni.iamRole | string | `""` | If using IAM role for Service Accounts will not try to inject identity values from cilium-aws kubernetes secret. Adds annotation to service account if managed by Helm. See https://github.com/aws/amazon-eks-pod-identity-webhook |
+| eni.subnetIDsFilter | string | `""` | Filter via subnet IDs which will dictate which subnets are going to be used to create new ENIs |
+| eni.subnetTagsFilter | string | `""` | Filter via tags (k=v) which will dictate which subnets are going to be used to create new ENIs |
+| eni.updateEC2AdapterLimitViaAPI | bool | `false` | Update ENI Adapter limits from the EC2 API |
+| etcd.clusterDomain | string | `"cluster.local"` | Cluster domain for cilium-etcd-operator. |
+| etcd.enabled | bool | `false` | Enable etcd mode for the agent. |
+| etcd.endpoints | list | `["https://CHANGE-ME:2379"]` | List of etcd endpoints (not needed when using managed=true). |
+| etcd.extraArgs | list | `[]` | Additional cilium-etcd-operator container arguments. |
+| etcd.extraConfigmapMounts | list | `[]` | Additional cilium-etcd-operator ConfigMap mounts. |
+| etcd.extraHostPathMounts | list | `[]` | Additional cilium-etcd-operator hostPath mounts. |
+| etcd.extraInitContainers | list | `[]` | Additional InitContainers to initialize the pod. |
+| etcd.image | object | `{"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium-etcd-operator","tag":"v2.0.7"}` | cilium-etcd-operator image. |
+| etcd.k8sService | bool | `false` | If etcd is behind a k8s service set this option to true so that Cilium does the service translation automatically without requiring a DNS to be running. |
+| etcd.nodeSelector | object | `{}` | Node labels for cilium-etcd-operator pod assignment ref: https://kubernetes.io/docs/user-guide/node-selection/ |
+| etcd.podAnnotations | object | `{}` | Annotations to be added to cilium-etcd-operator pods |
+| etcd.podDisruptionBudget | object | `{"enabled":true,"maxUnavailable":2}` | PodDisruptionBudget settings ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ |
+| etcd.podLabels | object | `{}` | Labels to be added to cilium-etcd-operator pods |
+| etcd.priorityClassName | string | `""` | cilium-etcd-operator priorityClassName |
+| etcd.resources | object | `{}` | cilium-etcd-operator resource limits & requests ref: https://kubernetes.io/docs/user-guide/compute-resources/ |
+| etcd.securityContext | object | `{}` | Security context to be added to cilium-etcd-operator pods |
+| etcd.ssl | bool | `false` | Enable use of TLS/SSL for connectivity to etcd. (auto-enabled if managed=true) |
+| etcd.tolerations | list | `[{"operator":"Exists"}]` | Node tolerations for cilium-etcd-operator scheduling to nodes with taints ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ |
+| etcd.updateStrategy | object | `{"rollingUpdate":{"maxSurge":1,"maxUnavailable":1},"type":"RollingUpdate"}` | cilium-etcd-operator update strategy |
+| externalIPs.enabled | bool | `false` | Enable ExternalIPs service support. |
+| externalWorkloads | object | `{"enabled":false}` | Configure external workloads support |
+| externalWorkloads.enabled | bool | `false` | Enable support for external workloads, such as VMs (false by default). |
+| extraArgs | list | `[]` | Additional agent container arguments. |
+| extraConfig | object | `{}` | extraConfig allows you to specify additional configuration parameters to be included in the cilium-config configmap. |
+| extraConfigmapMounts | list | `[]` | Additional agent ConfigMap mounts. |
+| extraEnv | object | `{}` | Additional agent container environment variables. |
+| extraHostPathMounts | list | `[]` | Additional agent hostPath mounts. |
+| extraInitContainers | list | `[]` | Additional InitContainers to initialize the pod. |
+| gke.enabled | bool | `false` | Enable Google Kubernetes Engine integration |
+| healthChecking | bool | `true` | Enable connectivity health checking. |
+| healthPort | int | `9876` | TCP port for the agent health API. This is not the port for cilium-health. |
+| hostFirewall | bool | `false` | Enables the enforcement of host policies in the eBPF datapath. |
+| hostPort.enabled | bool | `false` | Enable hostPort service support. |
+| hostServices | object | `{"enabled":false,"protocols":"tcp,udp"}` | Configure ClusterIP service handling in the host namespace (the node). |
+| hostServices.enabled | bool | `false` | Enable host reachable services. |
+| hostServices.protocols | string | `"tcp,udp"` | Supported list of protocols to apply ClusterIP translation to. |
+| hubble.enabled | bool | `true` | Enable Hubble (true by default). |
+| hubble.listenAddress | string | `":4244"` | An additional address for Hubble to listen to. Set this field ":4244" if you are enabling Hubble Relay, as it assumes that Hubble is listening on port 4244. |
+| hubble.metrics | object | `{"enabled":null,"port":9091,"serviceMonitor":{"enabled":false,"labels":{}}}` | Hubble metrics configuration. See https://docs.cilium.io/en/stable/configuration/metrics/#hubble-metrics for more comprehensive documentation about Hubble metrics. |
+| hubble.metrics.enabled | string | `nil` | Configures the list of metrics to collect. If empty or null, metrics are disabled. Example: enabled: - dns:query;ignoreAAAA - drop - tcp - flow - icmp - http You can specify the list of metrics from the helm CLI: --set metrics.enabled="{dns:query;ignoreAAAA,drop,tcp,flow,icmp,http}" |
+| hubble.metrics.port | int | `9091` | Configure the port the hubble metric server listens on. |
+| hubble.metrics.serviceMonitor.enabled | bool | `false` | Create ServiceMonitor resources for Prometheus Operator. This requires the prometheus CRDs to be available. ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml) |
+| hubble.metrics.serviceMonitor.labels | object | `{}` | Labels to add to ServiceMonitor hubble |
+| hubble.relay.dialTimeout | string | `nil` | Dial timeout to connect to the local hubble instance to receive peer information (e.g. "30s"). |
+| hubble.relay.enabled | bool | `false` | Enable Hubble Relay (requires hubble.enabled=true) |
+| hubble.relay.image | object | `{"digest":"sha256:385fcc4fa315eb6b66626c3e5f607b6b6514c8c3a863c47c2b2dbc97790acb47","pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.10.7","useDigest":true}` | Hubble-relay container image. |
+| hubble.relay.listenHost | string | `""` | Host to listen to. Specify an empty string to bind to all the interfaces. |
+| hubble.relay.listenPort | string | `"4245"` | Port to listen to. |
+| hubble.relay.nodeSelector | object | `{}` | Node labels for pod assignment ref: https://kubernetes.io/docs/user-guide/node-selection/ |
+| hubble.relay.podAnnotations | object | `{}` | Annotations to be added to hubble-relay pods |
+| hubble.relay.podLabels | object | `{}` | Labels to be added to hubble-relay pods |
+| hubble.relay.replicas | int | `1` | Number of replicas run for the hubble-relay deployment. |
+| hubble.relay.resources | object | `{}` | Specifies the resources for the hubble-relay pods |
+| hubble.relay.retryTimeout | string | `nil` | Backoff duration to retry connecting to the local hubble instance in case of failure (e.g. "30s"). |
+| hubble.relay.rollOutPods | bool | `false` | Roll out Hubble Relay pods automatically when configmap is updated. |
+| hubble.relay.sortBufferDrainTimeout | string | `nil` | When the per-request flows sort buffer is not full, a flow is drained every time this timeout is reached (only affects requests in follow-mode) (e.g. "1s"). |
+| hubble.relay.sortBufferLenMax | string | `nil` | Max number of flows that can be buffered for sorting before being sent to the client (per request) (e.g. 100). |
+| hubble.relay.tls | object | `{"client":{"cert":"","key":""},"server":{"cert":"","enabled":false,"key":""}}` | TLS configuration for Hubble Relay |
+| hubble.relay.tls.client | object | `{"cert":"","key":""}` | base64 encoded PEM values for the hubble-relay client certificate and private key This keypair is presented to Hubble server instances for mTLS authentication and is required when hubble.tls.enabled is true. These values need to be set manually if hubble.tls.auto.enabled is false. |
+| hubble.relay.tls.server | object | `{"cert":"","enabled":false,"key":""}` | base64 encoded PEM values for the hubble-relay server certificate and private key |
+| hubble.relay.tolerations | list | `[]` | Node tolerations for pod assignment on nodes with taints ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ |
+| hubble.relay.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":1},"type":"RollingUpdate"}` | hubble-relay update strategy |
+| hubble.socketPath | string | `"/var/run/cilium/hubble.sock"` | Unix domain socket path to listen to when Hubble is enabled. |
+| hubble.tls | object | `{"auto":{"certValidityDuration":1095,"enabled":true,"method":"helm","schedule":"0 0 1 */4 *"},"ca":{"cert":"","key":""},"enabled":true,"server":{"cert":"","key":""}}` | TLS configuration for Hubble |
+| hubble.tls.auto | object | `{"certValidityDuration":1095,"enabled":true,"method":"helm","schedule":"0 0 1 */4 *"}` | Configure automatic TLS certificates generation. |
+| hubble.tls.auto.certValidityDuration | int | `1095` | Generated certificates validity duration in days. |
+| hubble.tls.auto.enabled | bool | `true` | Auto-generate certificates. When set to true, automatically generate a CA and certificates to enable mTLS between Hubble server and Hubble Relay instances. If set to false, the certs for Hubble server need to be provided by setting appropriate values below. |
+| hubble.tls.auto.method | string | `"helm"` | Set the method to auto-generate certificates. Supported values: - helm: This method uses Helm to generate all certificates. - cronJob: This method uses a Kubernetes CronJob the generate any certificates not provided by the user at installation time. |
+| hubble.tls.auto.schedule | string | `"0 0 1 */4 *"` | Schedule for certificates regeneration (regardless of their expiration date). Only used if method is "cronJob". If nil, then no recurring job will be created. Instead, only the one-shot job is deployed to generate the certificates at installation time. Defaults to midnight of the first day of every fourth month. For syntax, see https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/#schedule |
+| hubble.tls.ca | object | `{"cert":"","key":""}` | base64 encoded PEM values for the Hubble CA certificate and private key. |
+| hubble.tls.ca.key | string | `""` | The CA private key (optional). If it is provided, then it will be used by hubble.tls.auto.method=cronJob to generate all other certificates. Otherwise, a ephemeral CA is generated if hubble.tls.auto.enabled=true. |
+| hubble.tls.enabled | bool | `true` | Enable mutual TLS for listenAddress. Setting this value to false is highly discouraged as the Hubble API provides access to potentially sensitive network flow metadata and is exposed on the host network. |
+| hubble.tls.server | object | `{"cert":"","key":""}` | base64 encoded PEM values for the Hubble server certificate and private key |
+| hubble.ui.backend.image | object | `{"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-ui-backend","tag":"v0.8.5@sha256:2bce50cf6c32719d072706f7ceccad654bfa907b2745a496da99610776fe31ed"}` | Hubble-ui backend image. |
+| hubble.ui.backend.resources | object | `{}` | Resource requests and limits for the 'backend' container of the 'hubble-ui' deployment. |
+| hubble.ui.enabled | bool | `false` | Whether to enable the Hubble UI. |
+| hubble.ui.frontend.image | object | `{"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-ui","tag":"v0.8.5@sha256:4eaca1ec1741043cfba6066a165b3bf251590cf4ac66371c4f63fbed2224ebb4"}` | Hubble-ui frontend image. |
+| hubble.ui.frontend.resources | object | `{}` | Resource requests and limits for the 'frontend' container of the 'hubble-ui' deployment. |
+| hubble.ui.ingress | object | `{"annotations":{},"enabled":false,"hosts":["chart-example.local"],"tls":[]}` | hubble-ui ingress configuration. |
+| hubble.ui.nodeSelector | object | `{}` | Node labels for pod assignment ref: https://kubernetes.io/docs/user-guide/node-selection/ |
+| hubble.ui.podAnnotations | object | `{}` | Annotations to be added to hubble-ui pods |
+| hubble.ui.podLabels | object | `{}` | Labels to be added to hubble-ui pods |
+| hubble.ui.proxy.image | object | `{"pullPolicy":"IfNotPresent","repository":"docker.io/envoyproxy/envoy","tag":"v1.18.4@sha256:e5c2bb2870d0e59ce917a5100311813b4ede96ce4eb0c6bfa879e3fbe3e83935"}` | Hubble-ui ingress proxy image. |
+| hubble.ui.proxy.resources | object | `{}` | Resource requests and limits for the 'proxy' container of the 'hubble-ui' deployment. |
+| hubble.ui.replicas | int | `1` | The number of replicas of Hubble UI to deploy. |
+| hubble.ui.rollOutPods | bool | `false` | Roll out Hubble-ui pods automatically when configmap is updated. |
+| hubble.ui.securityContext.enabled | bool | `true` | Whether to set the security context on the Hubble UI pods. |
+| hubble.ui.tolerations | list | `[]` | Node tolerations for pod assignment on nodes with taints ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ |
+| hubble.ui.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":1},"type":"RollingUpdate"}` | hubble-ui update strategy. |
+| identityAllocationMode | string | `"crd"` | Method to use for identity allocation (`crd` or `kvstore`). |
+| image | object | `{"digest":"sha256:e23f55e80e1988db083397987a89967aa204ad6fc32da243b9160fbcea29b0ca","pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.10.7","useDigest":true}` | Agent container image. |
+| imagePullSecrets | string | `nil` | Configure image pull secrets for pulling container images |
+| installIptablesRules | bool | `true` | Configure whether to install iptables rules to allow for TPROXY (L7 proxy injection), iptables-based masquerading and compatibility with kube-proxy. |
+| installNoConntrackIptablesRules | bool | `false` | Install Iptables rules to skip netfilter connection tracking on all pod traffic. This option is only effective when Cilium is running in direct routing and full KPR mode. Moreover, this option cannot be enabled when Cilium is running in a managed Kubernetes environment or in a chained CNI setup. |
+| ipMasqAgent | object | `{"enabled":false}` | Configure the eBPF-based ip-masq-agent |
+| ipam.mode | string | `"cluster-pool"` | Configure IP Address Management mode. ref: https://docs.cilium.io/en/stable/concepts/networking/ipam/ |
+| ipam.operator.clusterPoolIPv4MaskSize | int | `24` | IPv4 CIDR mask size to delegate to individual nodes for IPAM. |
+| ipam.operator.clusterPoolIPv4PodCIDR | string | `"10.0.0.0/8"` | IPv4 CIDR range to delegate to individual nodes for IPAM. |
+| ipam.operator.clusterPoolIPv6MaskSize | int | `120` | IPv6 CIDR mask size to delegate to individual nodes for IPAM. |
+| ipam.operator.clusterPoolIPv6PodCIDR | string | `"fd00::/104"` | IPv6 CIDR range to delegate to individual nodes for IPAM. |
+| ipv4.enabled | bool | `true` | Enable IPv4 support. |
+| ipv6.enabled | bool | `false` | Enable IPv6 support. |
+| ipvlan.enabled | bool | `false` | Enable the IPVLAN datapath |
+| k8s | object | `{}` | Configure Kubernetes specific configuration |
+| keepDeprecatedLabels | bool | `false` | Keep the deprecated selector labels when deploying Cilium DaemonSet. |
+| keepDeprecatedProbes | bool | `false` | Keep the deprecated probes when deploying Cilium DaemonSet |
+| kubeProxyReplacementHealthzBindAddr | string | `""` | healthz server bind address for the kube-proxy replacement. To enable set the value to '0.0.0.0:10256' for all ipv4 addresses and this '[::]:10256' for all ipv6 addresses. By default it is disabled. |
+| l2NeighDiscovery.arping-refresh-period | string | `"5m"` | Set period for arping |
+| l2NeighDiscovery.enabled | bool | `true` | Enable L2 neighbour discovery in the agent |
+| l7Proxy | bool | `true` | Enable Layer 7 network policy. |
+| livenessProbe.failureThreshold | int | `10` | failure threshold of liveness probe |
+| livenessProbe.periodSeconds | int | `30` | interval between checks of the liveness probe |
+| localRedirectPolicy | bool | `false` | Enable Local Redirect Policy. |
+| logSystemLoad | bool | `false` | Enables periodic logging of system load |
+| maglev | object | `{}` | Configure maglev consistent hashing |
+| monitor | object | `{"enabled":false}` | Specify the CIDR for native routing (ie to avoid IP masquerade for). This value corresponds to the configured cluster-cidr. nativeRoutingCIDR: |
+| monitor.enabled | bool | `false` | Enable the cilium-monitor sidecar. |
+| name | string | `"cilium"` | Agent container name. |
+| nodePort | object | `{"autoProtectPortRange":true,"bindProtection":true,"enableHealthCheck":true,"enabled":false}` | Configure N-S k8s service loadbalancing |
+| nodePort.autoProtectPortRange | bool | `true` | Append NodePort range to ip_local_reserved_ports if clash with ephemeral ports is detected. |
+| nodePort.bindProtection | bool | `true` | Set to true to prevent applications binding to service ports. |
+| nodePort.enableHealthCheck | bool | `true` | Enable healthcheck nodePort server for NodePort services |
+| nodePort.enabled | bool | `false` | Enable the Cilium NodePort service implementation. |
+| nodeinit.bootstrapFile | string | `"/tmp/cilium-bootstrap-time"` | bootstrapFile is the location of the file where the bootstrap timestamp is written by the node-init DaemonSet |
+| nodeinit.enabled | bool | `false` | Enable the node initialization DaemonSet |
+| nodeinit.extraConfigmapMounts | list | `[]` | Additional nodeinit ConfigMap mounts. |
+| nodeinit.extraEnv | object | `{}` | Additional nodeinit environment variables. |
+| nodeinit.extraHostPathMounts | list | `[]` | Additional nodeinit host path mounts. |
+| nodeinit.extraInitContainers | list | `[]` | Additional nodeinit init containers. |
+| nodeinit.image | object | `{"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/startup-script","tag":"62bfbe88c17778aad7bef9fa57ff9e2d4a9ba0d8"}` | node-init image. |
+| nodeinit.nodeSelector | object | `{}` | Node labels for nodeinit pod assignment ref: https://kubernetes.io/docs/user-guide/node-selection/ |
+| nodeinit.podAnnotations | object | `{}` | Annotations to be added to node-init pods. |
+| nodeinit.podDisruptionBudget | object | `{"enabled":true,"maxUnavailable":2}` | PodDisruptionBudget settings ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ |
+| nodeinit.podLabels | object | `{}` | Labels to be added to node-init pods. |
+| nodeinit.priorityClassName | string | `""` | The priority class to use for the nodeinit pod. |
+| nodeinit.resources | object | `{"requests":{"cpu":"100m","memory":"100Mi"}}` | nodeinit resource limits & requests ref: https://kubernetes.io/docs/user-guide/compute-resources/ |
+| nodeinit.securityContext | object | `{}` | Security context to be added to nodeinit pods. |
+| nodeinit.tolerations | list | `[{"operator":"Exists"}]` | Node tolerations for nodeinit scheduling to nodes with taints ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ |
+| nodeinit.updateStrategy | object | `{"type":"RollingUpdate"}` | node-init update strategy |
+| operator.affinity | object | `{"podAntiAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":[{"labelSelector":{"matchExpressions":[{"key":"io.cilium/app","operator":"In","values":["operator"]}]},"topologyKey":"kubernetes.io/hostname"}]}}` | cilium-operator affinity |
+| operator.enabled | bool | `true` | Enable the cilium-operator component (required). |
+| operator.endpointGCInterval | string | `"5m0s"` | Interval for endpoint garbage collection. |
+| operator.extraArgs | list | `[]` | Additional cilium-operator container arguments. |
+| operator.extraConfigmapMounts | list | `[]` | Additional cilium-operator ConfigMap mounts. |
+| operator.extraEnv | object | `{}` | Additional cilium-operator environment variables. |
+| operator.extraHostPathMounts | list | `[]` | Additional cilium-operator hostPath mounts. |
+| operator.extraInitContainers | list | `[]` | Additional InitContainers to initialize the pod. |
+| operator.identityGCInterval | string | `"15m0s"` | Interval for identity garbage collection. |
+| operator.identityHeartbeatTimeout | string | `"30m0s"` | Timeout for identity heartbeats. |
+| operator.image | object | `{"alibabacloudDigest":"sha256:7a6ccc99195ae6a8216d2a1e1e0cc05d49c2d263b194895da264899fe9d0f45a","awsDigest":"sha256:97b378e0e3b6b5ade6ae1706024c7a25fe6fc48e00102b65a6b7ac51d6327f40","azureDigest":"sha256:556d692b2f08822101c159d9d6f731efe6c437d2b80f0ef96813e8745203c852","genericDigest":"sha256:d0b491d8d8cb45862ed7f0410f65e7c141832f0f95262643fa5ff1edfcddcafe","pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.10.7","useDigest":true}` | cilium-operator image. |
+| operator.nodeSelector | object | `{}` | Node labels for cilium-operator pod assignment ref: https://kubernetes.io/docs/user-guide/node-selection/ |
+| operator.podAnnotations | object | `{}` | Annotations to be added to cilium-operator pods |
+| operator.podDisruptionBudget | object | `{"enabled":false,"maxUnavailable":1}` | PodDisruptionBudget settings ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ |
+| operator.podLabels | object | `{}` | Labels to be added to cilium-operator pods |
+| operator.priorityClassName | string | `""` | cilium-operator priorityClassName |
+| operator.prometheus | object | `{"enabled":false,"port":6942,"serviceMonitor":{"enabled":false,"labels":{}}}` | Enable prometheus metrics for cilium-operator on the configured port at /metrics |
+| operator.prometheus.serviceMonitor.enabled | bool | `false` | Enable service monitors. This requires the prometheus CRDs to be available (see https://github.com/prometheus-operator/prometheus-operator/blob/master/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml) |
+| operator.prometheus.serviceMonitor.labels | object | `{}` | Labels to add to ServiceMonitor cilium-operator |
+| operator.replicas | int | `2` | Number of replicas to run for the cilium-operator deployment |
+| operator.resources | object | `{}` | cilium-operator resource limits & requests ref: https://kubernetes.io/docs/user-guide/compute-resources/ |
+| operator.rollOutPods | bool | `false` | Roll out cilium-operator pods automatically when configmap is updated. |
+| operator.securityContext | object | `{}` | Security context to be added to cilium-operator pods |
+| operator.serviceAccountName | string | `"cilium-operator"` | For using with an existing serviceAccount. |
+| operator.skipCRDCreation | bool | `false` | Skip CRDs creation for cilium-operator |
+| operator.tolerations | list | `[{"operator":"Exists"}]` | Node tolerations for cilium-operator scheduling to nodes with taints ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ |
+| operator.updateStrategy | object | `{"rollingUpdate":{"maxSurge":1,"maxUnavailable":1},"type":"RollingUpdate"}` | cilium-operator update strategy |
+| podAnnotations | object | `{}` | Annotations to be added to agent pods |
+| podDisruptionBudget | object | `{"enabled":true,"maxUnavailable":2}` | PodDisruptionBudget settings ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ |
+| podLabels | object | `{}` | Labels to be added to agent pods |
+| policyEnforcementMode | string | `"default"` | The agent can be put into one of the three policy enforcement modes: default, always and never. ref: https://docs.cilium.io/en/stable/policy/intro/#policy-enforcement-modes |
+| pprof.enabled | bool | `false` | Enable Go pprof debugging |
+| preflight.enabled | bool | `false` | Enable Cilium pre-flight resources (required for upgrade) |
+| preflight.extraConfigmapMounts | list | `[]` | Additional preflight ConfigMap mounts. |
+| preflight.extraEnv | object | `{}` | Additional preflight environment variables. |
+| preflight.extraHostPathMounts | list | `[]` | Additional preflight host path mounts. |
+| preflight.extraInitContainers | list | `[]` | Additional preflight init containers. |
+| preflight.image | object | `{"digest":"sha256:e23f55e80e1988db083397987a89967aa204ad6fc32da243b9160fbcea29b0ca","pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.10.7","useDigest":true}` | Cilium pre-flight image. |
+| preflight.nodeSelector | object | `{}` | Node labels for preflight pod assignment ref: https://kubernetes.io/docs/user-guide/node-selection/ |
+| preflight.podAnnotations | object | `{}` | Annotations to be added to preflight pods |
+| preflight.podDisruptionBudget | object | `{"enabled":true,"maxUnavailable":2}` | PodDisruptionBudget settings ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ |
+| preflight.podLabels | object | `{}` | Labels to be added to the preflight pod. |
+| preflight.priorityClassName | string | `""` | The priority class to use for the preflight pod. |
+| preflight.resources | object | `{}` | preflight resource limits & requests ref: https://kubernetes.io/docs/user-guide/compute-resources/ |
+| preflight.securityContext | object | `{}` | Security context to be added to preflight pods |
+| preflight.tofqdnsPreCache | string | `""` | Path to write the `--tofqdns-pre-cache` file to. |
+| preflight.tolerations | list | `[{"effect":"NoSchedule","key":"node.kubernetes.io/not-ready"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"},{"effect":"NoSchedule","key":"node.cloudprovider.kubernetes.io/uninitialized","value":"true"},{"key":"CriticalAddonsOnly","operator":"Exists"}]` | Node tolerations for preflight scheduling to nodes with taints ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ |
+| preflight.updateStrategy | object | `{"type":"RollingUpdate"}` | preflight update strategy |
+| preflight.validateCNPs | bool | `true` | By default we should always validate the installed CNPs before upgrading Cilium. This will make sure the user will have the policies deployed in the cluster with the right schema. |
+| priorityClassName | string | `""` | The priority class to use for cilium-agent. |
+| prometheus | object | `{"enabled":false,"metrics":null,"port":9090,"serviceMonitor":{"enabled":false,"labels":{}}}` | Configure prometheus metrics on the configured port at /metrics |
+| prometheus.metrics | string | `nil` | Metrics that should be enabled or disabled from the default metric list. (+metric_foo to enable metric_foo , -metric_bar to disable metric_bar). ref: https://docs.cilium.io/en/stable/operations/metrics/#exported-metrics |
+| prometheus.serviceMonitor.enabled | bool | `false` | Enable service monitors. This requires the prometheus CRDs to be available (see https://github.com/prometheus-operator/prometheus-operator/blob/master/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml) |
+| prometheus.serviceMonitor.labels | object | `{}` | Labels to add to ServiceMonitor cilium-agent |
+| proxy | object | `{"prometheus":{"enabled":true,"port":"9095"},"sidecarImageRegex":"cilium/istio_proxy"}` | Configure Istio proxy options. |
+| proxy.sidecarImageRegex | string | `"cilium/istio_proxy"` | Regular expression matching compatible Istio sidecar istio-proxy container image names |
+| rbac.create | bool | `true` | Enable creation of Resource-Based Access Control configuration. |
+| readinessProbe.failureThreshold | int | `3` | failure threshold of readiness probe |
+| readinessProbe.periodSeconds | int | `30` | interval between checks of the readiness probe |
+| remoteNodeIdentity | bool | `true` | Enable use of the remote node identity. ref: https://docs.cilium.io/en/v1.7/install/upgrade/#configmap-remote-node-identity |
+| resourceQuotas | object | `{"cilium":{"hard":{"pods":"10k"}},"enabled":false,"operator":{"hard":{"pods":"15"}}}` | Enable resource quotas for priority classes used in the cluster. |
+| resources | object | `{}` | Agent resource limits & requests ref: https://kubernetes.io/docs/user-guide/compute-resources/ |
+| rollOutCiliumPods | bool | `false` | Roll out cilium agent pods automatically when configmap is updated. |
+| securityContext | object | `{}` | Security context to be added to agent pods |
+| serviceAccounts | object | Component's fully qualified name. | Define serviceAccount names for components. |
+| serviceAccounts.clustermeshcertgen | object | `{"annotations":{},"create":true,"name":"clustermesh-apiserver-generate-certs"}` | Clustermeshcertgen is used if clustermesh.apiserver.tls.auto.method=cronJob |
+| serviceAccounts.hubblecertgen | object | `{"annotations":{},"create":true,"name":"hubble-generate-certs"}` | Hubblecertgen is used if hubble.tls.auto.method=cronJob |
+| sleepAfterInit | bool | `false` | Do not run Cilium agent when running with clean mode. Useful to completely uninstall Cilium as it will stop Cilium from starting and create artifacts in the node. |
+| sockops | object | `{"enabled":false}` | Configure BPF socket operations configuration |
+| startupProbe.failureThreshold | int | `105` | failure threshold of startup probe. 105 x 2s translates to the old behaviour of the readiness probe (120s delay + 30 x 3s) |
+| startupProbe.periodSeconds | int | `2` | interval between checks of the startup probe |
+| tls | object | `{"enabled":true,"secretsBackend":"local"}` | Configure TLS configuration in the agent. |
+| tolerations | list | `[{"operator":"Exists"}]` | Node tolerations for agent scheduling to nodes with taints ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ |
+| tunnel | string | `"vxlan"` | Configure the encapsulation configuration for communication between nodes. Possible values: - disabled - vxlan (default) - geneve |
+| updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":2},"type":"RollingUpdate"}` | Cilium agent update strategy |
+| wellKnownIdentities.enabled | bool | `false` | Enable the use of well-known identities. |
diff --git a/charts/cilium/README.md.gotmpl b/charts/cilium/README.md.gotmpl
new file mode 100644
index 0000000..1e777a2
--- /dev/null
+++ b/charts/cilium/README.md.gotmpl
@@ -0,0 +1,54 @@
+{{ template "chart.header" . }}
+
+{{ template "chart.deprecationWarning" . }}
+
+{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
+
+Cilium is open source software for providing and transparently securing
+network connectivity and loadbalancing between application workloads such as
+application containers or processes. Cilium operates at Layer 3/4 to provide
+traditional networking and security services as well as Layer 7 to protect and
+secure use of modern application protocols such as HTTP, gRPC and Kafka.
+
+A new Linux kernel technology called eBPF is at the foundation of Cilium.
+It supports dynamic insertion of eBPF bytecode into the Linux kernel at various
+integration points such as: network IO, application sockets, and tracepoints
+to implement security, networking and visibility logic. eBPF is highly
+efficient and flexible.
+
+
+
+## Prerequisites
+
+* Kubernetes: `{{ template "chart.kubeVersion" . }}`
+* Helm: `>= 3.0`
+
+## Getting Started
+
+Try Cilium on any Kubernetes distribution in under 15 minutes:
+
+| Minikube | Self-Managed K8s | Amazon EKS | Google GKE | Microsoft AKS |
+|:-:|:-:|:-:|:-:|:-:|
+| [](https://docs.cilium.io/en/stable/gettingstarted/k8s-install-default/) | [](https://docs.cilium.io/en/stable/gettingstarted/k8s-install-default/) | [](https://docs.cilium.io/en/stable/gettingstarted/k8s-install-default/) | [](https://docs.cilium.io/en/stable/gettingstarted/k8s-install-default/) | [](https://docs.cilium.io/en/stable/gettingstarted/k8s-install-default/) |
+
+Or, for a quick install with the default configuration:
+
+```
+$ helm repo add cilium https://helm.cilium.io/
+$ helm install cilium cilium/cilium --namespace=kube-system
+```
+
+After Cilium is installed, you can explore the features that Cilium has to
+offer from the [Getting Started Guides page](https://docs.cilium.io/en/latest/gettingstarted/).
+
+{{ template "chart.maintainersSection" . }}
+
+{{ template "chart.sourcesSection" . }}
+
+## Getting Help
+
+The best way to get help if you get stuck is to ask a question on the
+[Cilium Slack channel](https://cilium.herokuapp.com/). With Cilium
+contributors across the globe, there is almost always someone available to help.
+
+{{ template "chart.valuesSection" . }}
diff --git a/charts/cilium/files/envoy/envoy.yaml b/charts/cilium/files/envoy/envoy.yaml
new file mode 100644
index 0000000..6d25613
--- /dev/null
+++ b/charts/cilium/files/envoy/envoy.yaml
@@ -0,0 +1,71 @@
+static_resources:
+ listeners:
+ - name: listener_hubble_ui
+ address:
+ socket_address:
+ address: 0.0.0.0
+ port_value: 8081
+ filter_chains:
+ - filters:
+ - name: envoy.filters.network.http_connection_manager
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+ codec_type: auto
+ stat_prefix: ingress_http
+ route_config:
+ name: local_route
+ virtual_hosts:
+ - name: local_service
+ domains: ["*"]
+ routes:
+ - match:
+ prefix: "/api/"
+ route:
+ cluster: backend
+ prefix_rewrite: "/"
+ timeout: 0s
+ max_stream_duration:
+ grpc_timeout_header_max: 0s
+ - match:
+ prefix: "/"
+ route:
+ cluster: frontend
+ cors:
+ allow_origin_string_match:
+ - prefix: "*"
+ allow_methods: GET, PUT, DELETE, POST, OPTIONS
+ allow_headers: keep-alive,user-agent,cache-control,content-type,content-transfer-encoding,x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent,x-grpc-web,grpc-timeout
+ max_age: "1728000"
+ expose_headers: grpc-status,grpc-message
+ http_filters:
+ - name: envoy.filters.http.grpc_web
+ - name: envoy.filters.http.cors
+ - name: envoy.filters.http.router
+ clusters:
+ - name: frontend
+ connect_timeout: 0.25s
+ type: strict_dns
+ lb_policy: round_robin
+ load_assignment:
+ cluster_name: frontend
+ endpoints:
+ - lb_endpoints:
+ - endpoint:
+ address:
+ socket_address:
+ address: 127.0.0.1
+ port_value: 8080
+ - name: backend
+ connect_timeout: 0.25s
+ type: logical_dns
+ lb_policy: round_robin
+ http2_protocol_options: {}
+ load_assignment:
+ cluster_name: backend
+ endpoints:
+ - lb_endpoints:
+ - endpoint:
+ address:
+ socket_address:
+ address: 127.0.0.1
+ port_value: 8090
diff --git a/charts/cilium/templates/NOTES.txt b/charts/cilium/templates/NOTES.txt
new file mode 100644
index 0000000..3024efa
--- /dev/null
+++ b/charts/cilium/templates/NOTES.txt
@@ -0,0 +1,20 @@
+{{- if (and (.Values.preflight.enabled) (not (.Values.agent)) (not (.Values.operator.enabled))) }}
+ You have successfully ran the preflight check.
+ Now make sure to check the number of READY pods is the same as the number of running cilium pods.
+ Then make sure the cilium preflight deployment is also marked READY 1/1.
+ If you have an issues please refer to the CNP Validation section in the upgrade guide.
+{{- else if (and (.Values.hubble.enabled) (.Values.hubble.relay.enabled)) }}
+ {{- if (.Values.hubble.ui.enabled) }}
+ You have successfully installed {{ title .Chart.Name }} with Hubble Relay and Hubble UI.
+ {{- else }}
+ You have successfully installed {{ title .Chart.Name }} with Hubble Relay.
+ {{- end }}
+{{- else if .Values.hubble.enabled }}
+ You have successfully installed {{ title .Chart.Name }} with Hubble.
+{{- else }}
+ You have successfully installed {{ title .Chart.Name }}.
+{{- end }}
+
+Your release version is {{ .Chart.Version }}.
+
+For any further help, visit https://docs.cilium.io/en/v{{ (semver .Chart.Version).Major }}.{{ (semver .Chart.Version).Minor }}/gettinghelp
diff --git a/charts/cilium/templates/_clustermesh-apiserver-generate-certs-job-spec.tpl b/charts/cilium/templates/_clustermesh-apiserver-generate-certs-job-spec.tpl
new file mode 100644
index 0000000..62ce848
--- /dev/null
+++ b/charts/cilium/templates/_clustermesh-apiserver-generate-certs-job-spec.tpl
@@ -0,0 +1,48 @@
+{{- define "clustermesh-apiserver-generate-certs.job.spec" }}
+{{- $certValiditySecondsStr := printf "%ds" (mul .Values.clustermesh.apiserver.tls.auto.certValidityDuration 24 60 60) -}}
+spec:
+ template:
+ metadata:
+ labels:
+ k8s-app: clustermesh-apiserver-generate-certs
+ {{- with .Values.clustermesh.apiserver.podLabels }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ spec:
+ serviceAccount: {{ .Values.serviceAccounts.clustermeshcertgen.name | quote }}
+ serviceAccountName: {{ .Values.serviceAccounts.clustermeshcertgen.name | quote }}
+ containers:
+ - name: certgen
+ image: {{ .Values.certgen.image.repository }}:{{ .Values.certgen.image.tag }}
+ imagePullPolicy: {{ .Values.certgen.image.pullPolicy }}
+ command:
+ - "/usr/bin/cilium-certgen"
+ args:
+ - "--cilium-namespace={{ .Release.Namespace }}"
+ - "--clustermesh-apiserver-ca-cert-reuse-secret"
+ {{- if .Values.debug.enabled }}
+ - "--debug"
+ {{- end }}
+ {{- if not (and .Values.clustermesh.apiserver.tls.ca.cert .Values.clustermesh.apiserver.tls.ca.key) }}
+ - "--clustermesh-apiserver-ca-cert-generate"
+ {{- end }}
+ {{- if not (and .Values.clustermesh.apiserver.tls.server.cert .Values.clustermesh.apiserver.tls.server.key) }}
+ - "--clustermesh-apiserver-server-cert-generate"
+ {{- end }}
+ {{- if not (and .Values.clustermesh.apiserver.tls.admin.cert .Values.clustermesh.apiserver.tls.admin.key) }}
+ - "--clustermesh-apiserver-admin-cert-generate"
+ {{- end }}
+ {{- if not (and .Values.clustermesh.apiserver.tls.client.cert .Values.clustermesh.apiserver.tls.client.key) }}
+ - "--clustermesh-apiserver-client-cert-generate"
+ {{- end }}
+ {{- if not (and .Values.clustermesh.apiserver.tls.remote.cert .Values.clustermesh.apiserver.tls.remote.key) }}
+ - "--clustermesh-apiserver-remote-cert-generate"
+ {{- end }}
+ hostNetwork: true
+ {{- if .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{ toYaml .Values.imagePullSecrets | indent 6 }}
+ {{- end }}
+ restartPolicy: OnFailure
+ ttlSecondsAfterFinished: {{ .Values.certgen.ttlSecondsAfterFinished }}
+{{- end }}
diff --git a/charts/cilium/templates/_helpers.tpl b/charts/cilium/templates/_helpers.tpl
new file mode 100644
index 0000000..73de1df
--- /dev/null
+++ b/charts/cilium/templates/_helpers.tpl
@@ -0,0 +1,128 @@
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "cilium.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Return the appropriate apiVersion for ingress.
+*/}}
+{{- define "ingress.apiVersion" -}}
+{{- if semverCompare ">=1.16-0, <1.19-0" .Capabilities.KubeVersion.Version -}}
+{{- print "networking.k8s.io/v1beta1" -}}
+{{- else if semverCompare "^1.19-0" .Capabilities.KubeVersion.Version -}}
+{{- print "networking.k8s.io/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate backend for Hubble UI ingress.
+*/}}
+{{- define "ingress.paths" -}}
+{{ if semverCompare ">=1.4-0, <1.19-0" .Capabilities.KubeVersion.Version -}}
+backend:
+ serviceName: hubble-ui
+ servicePort: http
+{{- else if semverCompare "^1.19-0" .Capabilities.KubeVersion.Version -}}
+pathType: Prefix
+backend:
+ service:
+ name: hubble-ui
+ port:
+ name: http
+{{- end -}}
+{{- end -}}
+
+
+{{/*
+Generate TLS certificates for Hubble Server and Hubble Relay.
+
+Note: these 2 lines, that are repeated several times below, are a trick to
+ensure the CA certs are generated only once:
+
+ $ca := .ca | default (genCA "hubble-ca.cilium.io" (.Values.hubble.tls.auto.certValidityDuration | int))
+ $_ := set . "ca" $ca
+
+Please, don't try to "simplify" them as without this trick, every generated
+certificate would be signed by a different CA.
+*/}}
+{{- define "hubble.ca.gen-cert-only" }}
+{{- $ca := .ca | default (genCA "hubble-ca.cilium.io" (.Values.hubble.tls.auto.certValidityDuration | int)) -}}
+{{- $_ := set . "ca" $ca -}}
+ca.crt: |-
+{{ $ca.Cert | indent 2 -}}
+{{- end }}
+{{- define "hubble.server.gen-certs" }}
+{{- $ca := .ca | default (genCA "hubble-ca.cilium.io" (.Values.hubble.tls.auto.certValidityDuration | int)) -}}
+{{- $_ := set . "ca" $ca -}}
+{{- $cn := list "*" (.Values.cluster.name | replace "." "-") "hubble-grpc.cilium.io" | join "." }}
+{{- $cert := genSignedCert $cn nil (list $cn) (.Values.hubble.tls.auto.certValidityDuration | int) $ca -}}
+ca.crt: {{ $ca.Cert | b64enc }}
+tls.crt: {{ $cert.Cert | b64enc }}
+tls.key: {{ $cert.Key | b64enc }}
+{{- end }}
+{{- define "hubble.relay.gen-certs" }}
+{{- $ca := .ca | default (genCA "hubble-ca.cilium.io" (.Values.hubble.tls.auto.certValidityDuration | int)) -}}
+{{- $_ := set . "ca" $ca -}}
+{{- $cert := genSignedCert "*.hubble-relay.cilium.io" nil (list "*.hubble-relay.cilium.io") (.Values.hubble.tls.auto.certValidityDuration | int) $ca -}}
+ca.crt: {{ $ca.Cert | b64enc }}
+tls.crt: {{ $cert.Cert | b64enc }}
+tls.key: {{ $cert.Key | b64enc }}
+{{- end }}
+
+{{/* Generate CA "vmca" for clustermesh-apiserver in the global dict. */}}
+{{- define "clustermesh.apiserver.generate.ca" }}
+{{- $ca := .cmca | default (genCA "clustermesh-apiserver-ca.cilium.io" (.Values.clustermesh.apiserver.tls.auto.certValidityDuration | int)) -}}
+{{- $_ := set . "cmca" $ca -}}
+{{- end }}
+
+{{/* Generate CA certificate clustermesh-apiserver. */}}
+{{- define "clustermesh.apiserver.ca.gen-cert" }}
+{{- template "clustermesh.apiserver.generate.ca" . -}}
+ca.crt: {{ .cmca.Cert | b64enc }}
+ca.key: {{ .cmca.Key | b64enc }}
+{{- end }}
+
+{{/* Generate server certificate clustermesh-apiserver. */}}
+{{- define "clustermesh.apiserver.server.gen-cert" }}
+{{- template "clustermesh.apiserver.generate.ca" . }}
+{{- $CN := "clustermesh-apiserver.cilium.io" }}
+{{- $IPs := (list "127.0.0.1") }}
+{{- $SANs := (list $CN "*.mesh.cilium.io") }}
+{{- $cert := genSignedCert $CN $IPs $SANs (.Values.clustermesh.apiserver.tls.auto.certValidityDuration | int) .cmca -}}
+ca.crt: {{ .cmca.Cert | b64enc }}
+tls.crt: {{ $cert.Cert | b64enc }}
+tls.key: {{ $cert.Key | b64enc }}
+{{- end }}
+
+{{/* Generate admin certificate clustermesh-apiserver. */}}
+{{- define "clustermesh.apiserver.admin.gen-cert" }}
+{{- template "clustermesh.apiserver.generate.ca" . }}
+{{- $CN := "root" }}
+{{- $SANs := (list "localhost") }}
+{{- $cert := genSignedCert $CN nil $SANs (.Values.clustermesh.apiserver.tls.auto.certValidityDuration | int) .cmca -}}
+ca.crt: {{ .cmca.Cert | b64enc }}
+tls.crt: {{ $cert.Cert | b64enc }}
+tls.key: {{ $cert.Key | b64enc }}
+{{- end }}
+
+{{/* Generate client certificate clustermesh-apiserver. */}}
+{{- define "clustermesh.apiserver.client.gen-cert" }}
+{{- template "clustermesh.apiserver.generate.ca" . }}
+{{- $CN := "externalworkload" }}
+{{- $cert := genSignedCert $CN nil nil (.Values.clustermesh.apiserver.tls.auto.certValidityDuration | int) .cmca -}}
+ca.crt: {{ .cmca.Cert | b64enc }}
+tls.crt: {{ $cert.Cert | b64enc }}
+tls.key: {{ $cert.Key | b64enc }}
+{{- end }}
+
+{{/* Generate remote certificate clustermesh-apiserver. */}}
+{{- define "clustermesh.apiserver.remote.gen-cert" }}
+{{- template "clustermesh.apiserver.generate.ca" . }}
+{{- $CN := "remote" }}
+{{- $cert := genSignedCert $CN nil nil (.Values.clustermesh.apiserver.tls.auto.certValidityDuration | int) .cmca -}}
+ca.crt: {{ .cmca.Cert | b64enc }}
+tls.crt: {{ $cert.Cert | b64enc }}
+tls.key: {{ $cert.Key | b64enc }}
+{{- end }}
diff --git a/charts/cilium/templates/_hubble-generate-certs-job-spec.tpl b/charts/cilium/templates/_hubble-generate-certs-job-spec.tpl
new file mode 100644
index 0000000..e708488
--- /dev/null
+++ b/charts/cilium/templates/_hubble-generate-certs-job-spec.tpl
@@ -0,0 +1,68 @@
+{{- define "hubble-generate-certs.job.spec" }}
+{{- $certValiditySecondsStr := printf "%ds" (mul .Values.hubble.tls.auto.certValidityDuration 24 60 60) -}}
+spec:
+ template:
+ metadata:
+ labels:
+ k8s-app: hubble-generate-certs
+ {{- with .Values.certgen.podLabels }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ spec:
+ serviceAccount: {{ .Values.serviceAccounts.hubblecertgen.name | quote }}
+ serviceAccountName: {{ .Values.serviceAccounts.hubblecertgen.name | quote }}
+ containers:
+ - name: certgen
+ image: {{ .Values.certgen.image.repository }}:{{ .Values.certgen.image.tag }}
+ imagePullPolicy: {{ .Values.certgen.image.pullPolicy }}
+ command:
+ - "/usr/bin/cilium-certgen"
+ # Because this is executed as a job, we pass the values as command
+ # line args instead of via config map. This allows users to inspect
+ # the values used in past runs by inspecting the completed pod.
+ args:
+ - "--cilium-namespace={{ .Release.Namespace }}"
+ - "--hubble-ca-reuse-secret=true"
+ - "--hubble-ca-secret-name=hubble-ca-secret"
+ {{- if .Values.debug.enabled }}
+ - "--debug"
+ {{- end }}
+ {{- $hubbleCAProvided := and .Values.hubble.tls.ca.cert .Values.hubble.tls.ca.key -}}
+ {{- if $hubbleCAProvided }}
+ - "--hubble-ca-generate=false"
+ {{- else }}
+ - "--hubble-ca-generate=true"
+ - "--hubble-ca-validity-duration={{ $certValiditySecondsStr }}"
+ - "--hubble-ca-config-map-create=true"
+ - "--hubble-ca-config-map-name=hubble-ca-cert"
+ {{- end }}
+ {{- if and .Values.hubble.tls.server.cert .Values.hubble.tls.server.key $hubbleCAProvided }}
+ - "--hubble-server-cert-generate=false"
+ {{- else }}
+ - "--hubble-server-cert-generate=true"
+ - "--hubble-server-cert-common-name={{ list "*" (.Values.cluster.name | replace "." "-") "hubble-grpc.cilium.io" | join "." }}"
+ - "--hubble-server-cert-validity-duration={{ $certValiditySecondsStr }}"
+ - "--hubble-server-cert-secret-name=hubble-server-certs"
+ {{- end }}
+ {{- if and .Values.hubble.relay.tls.client.cert .Values.hubble.relay.tls.client.key $hubbleCAProvided }}
+ - "--hubble-relay-client-cert-generate=false"
+ {{- else }}
+ - "--hubble-relay-client-cert-generate=true"
+ - "--hubble-relay-client-cert-validity-duration={{ $certValiditySecondsStr }}"
+ - "--hubble-relay-client-cert-secret-name=hubble-relay-client-certs"
+ {{- end }}
+ {{- if or (and .Values.hubble.relay.tls.server.cert .Values.hubble.relay.tls.server.key) (not .Values.hubble.relay.tls.server.enabled) }}
+ - "--hubble-relay-server-cert-generate=false"
+ {{- else if .Values.hubble.relay.tls.server.enabled }}
+ - "--hubble-relay-server-cert-generate=true"
+ - "--hubble-relay-server-cert-validity-duration={{ $certValiditySecondsStr }}"
+ - "--hubble-relay-server-cert-secret-name=hubble-relay-server-certs"
+ {{- end }}
+ hostNetwork: true
+ {{- if .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{ toYaml .Values.imagePullSecrets | indent 6 }}
+ {{- end }}
+ restartPolicy: OnFailure
+ ttlSecondsAfterFinished: {{ .Values.certgen.ttlSecondsAfterFinished }}
+{{- end }}
diff --git a/charts/cilium/templates/cilium-agent-clusterrole.yaml b/charts/cilium/templates/cilium-agent-clusterrole.yaml
new file mode 100644
index 0000000..e17d5de
--- /dev/null
+++ b/charts/cilium/templates/cilium-agent-clusterrole.yaml
@@ -0,0 +1,110 @@
+{{- if and (.Values.agent) (not .Values.preflight.enabled) }}
+{{- /*
+Keep file in synced with cilium-preflight-clusterrole.yaml
+*/ -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: cilium
+rules:
+- apiGroups:
+ - networking.k8s.io
+ resources:
+ - networkpolicies
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - discovery.k8s.io
+ resources:
+ - endpointslices
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - namespaces
+ - services
+ - nodes
+ - endpoints
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ - pods/finalizers
+ verbs:
+ - get
+ - list
+ - watch
+ - update
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - nodes
+ verbs:
+ - get
+ - list
+ - watch
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - nodes
+ - nodes/status
+ verbs:
+ - patch
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ # Deprecated for removal in v1.10
+ - create
+ - list
+ - watch
+ - update
+
+ # This is used when validating policies in preflight. This will need to stay
+ # until we figure out how to avoid "get" inside the preflight, and then
+ # should be removed ideally.
+ - get
+{{- if eq "k8s" .Values.tls.secretsBackend }}
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+{{- end }}
+- apiGroups:
+ - cilium.io
+ resources:
+ - ciliumnetworkpolicies
+ - ciliumnetworkpolicies/status
+ - ciliumnetworkpolicies/finalizers
+ - ciliumclusterwidenetworkpolicies
+ - ciliumclusterwidenetworkpolicies/status
+ - ciliumclusterwidenetworkpolicies/finalizers
+ - ciliumendpoints
+ - ciliumendpoints/status
+ - ciliumendpoints/finalizers
+ - ciliumnodes
+ - ciliumnodes/status
+ - ciliumnodes/finalizers
+ - ciliumidentities
+ - ciliumidentities/finalizers
+ - ciliumlocalredirectpolicies
+ - ciliumlocalredirectpolicies/status
+ - ciliumlocalredirectpolicies/finalizers
+ - ciliumegressnatpolicies
+ verbs:
+ - '*'
+{{- end }}
diff --git a/charts/cilium/templates/cilium-agent-clusterrolebinding.yaml b/charts/cilium/templates/cilium-agent-clusterrolebinding.yaml
new file mode 100644
index 0000000..6a8b660
--- /dev/null
+++ b/charts/cilium/templates/cilium-agent-clusterrolebinding.yaml
@@ -0,0 +1,14 @@
+{{- if and (.Values.agent) (not .Values.preflight.enabled) .Values.serviceAccounts.cilium.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: cilium
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cilium
+subjects:
+- kind: ServiceAccount
+ name: {{ .Values.serviceAccounts.cilium.name | quote }}
+ namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/cilium/templates/cilium-agent-daemonset.yaml b/charts/cilium/templates/cilium-agent-daemonset.yaml
new file mode 100644
index 0000000..cc64ff9
--- /dev/null
+++ b/charts/cilium/templates/cilium-agent-daemonset.yaml
@@ -0,0 +1,620 @@
+{{- if and (.Values.agent) (not .Values.preflight.enabled) }}
+
+{{- /* Default values with backwards compatibility */ -}}
+{{- $defaultKeepDeprecatedProbes := "true" -}}
+
+{{- /* Default values when 1.8 was initially deployed */ -}}
+{{- if semverCompare ">=1.8" (default "1.8" .Values.upgradeCompatibility) -}}
+{{- $defaultKeepDeprecatedProbes = "false" -}}
+{{- end -}}
+
+{{- /* Workaround so that we can set the minimal k8s version that we support */ -}}
+{{- $k8sVersion := .Capabilities.KubeVersion.Version -}}
+{{- $k8sMajor := .Capabilities.KubeVersion.Major -}}
+{{- $k8sMinor := .Capabilities.KubeVersion.Minor -}}
+
+{{- if .Values.Capabilities -}}
+{{- if .Values.Capabilities.KubeVersion -}}
+{{- if .Values.Capabilities.KubeVersion.Version -}}
+{{- $k8sVersion = .Values.Capabilities.KubeVersion.Version -}}
+{{- if .Values.Capabilities.KubeVersion.Major -}}
+{{- $k8sMajor = toString (.Values.Capabilities.KubeVersion.Major) -}}
+{{- if .Values.Capabilities.KubeVersion.Minor -}}
+{{- $k8sMinor = toString (.Values.Capabilities.KubeVersion.Minor) -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ labels:
+ k8s-app: cilium
+{{- if .Values.keepDeprecatedLabels }}
+ kubernetes.io/cluster-service: "true"
+{{- if and (eq .Release.Namespace "kube-system" ) .Values.gke.enabled }}
+{{- fail "Invalid configuration: Installing Cilium on GKE with 'kubernetes.io/cluster-service' labels on 'kube-system' namespace causes Cilium DaemonSet to be removed by GKE. Either install Cilium on a different Namespace or install with '--set keepDeprecatedLabels=false'"}}
+{{- end }}
+{{- end }}
+ name: cilium
+ namespace: {{ .Release.Namespace }}
+spec:
+ selector:
+ matchLabels:
+ k8s-app: cilium
+{{- if .Values.keepDeprecatedLabels }}
+ kubernetes.io/cluster-service: "true"
+{{- end }}
+{{- with .Values.updateStrategy }}
+ updateStrategy:
+ {{- toYaml . | trim | nindent 4 }}
+{{- end }}
+ template:
+ metadata:
+ annotations:
+{{- if and .Values.prometheus.enabled (not .Values.prometheus.serviceMonitor.enabled) }}
+ prometheus.io/port: "{{ .Values.prometheus.port }}"
+ prometheus.io/scrape: "true"
+{{- end }}
+{{- if .Values.rollOutCiliumPods }}
+ # ensure pods roll when configmap updates
+ cilium.io/cilium-configmap-checksum: {{ include (print $.Template.BasePath "/cilium-configmap.yaml") . | sha256sum | quote }}
+{{- end }}
+ # This annotation plus the CriticalAddonsOnly toleration makes
+ # cilium to be a critical pod in the cluster, which ensures cilium
+ # gets priority scheduling.
+ # https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/
+ scheduler.alpha.kubernetes.io/critical-pod: ""
+{{- with .Values.podAnnotations }}
+ {{- toYaml . | nindent 8 }}
+{{- end }}
+ labels:
+ k8s-app: cilium
+{{- if .Values.keepDeprecatedLabels }}
+ kubernetes.io/cluster-service: "true"
+{{- end }}
+{{- with .Values.podLabels }}
+ {{- toYaml . | nindent 8 }}
+{{- end }}
+ spec:
+{{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+{{- end }}
+{{- if .Values.imagePullSecrets }}
+ imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 6 }}
+{{- end }}
+ containers:
+{{- if .Values.sleepAfterInit }}
+ - command: [ "/bin/bash", "-c", "--" ]
+ args: [ "while true; do sleep 30; done;" ]
+ livenessProbe:
+ exec:
+ command:
+ - "true"
+ readinessProbe:
+ exec:
+ command:
+ - "true"
+{{- else }}
+ - args:
+ - --config-dir=/tmp/cilium/config-map
+{{- with .Values.extraArgs }}
+ {{- toYaml . | trim | nindent 8 }}
+{{- end }}
+ command:
+ - cilium-agent
+{{- if semverCompare ">=1.20-0" $k8sVersion }}
+ startupProbe:
+ httpGet:
+{{- if .Values.ipv4.enabled }}
+ host: '127.0.0.1'
+{{- else }}
+ host: '::1'
+{{- end }}
+ path: /healthz
+ port: {{ .Values.healthPort }}
+ scheme: HTTP
+ httpHeaders:
+ - name: "brief"
+ value: "true"
+ failureThreshold: {{ .Values.startupProbe.failureThreshold }}
+ periodSeconds: {{ .Values.startupProbe.periodSeconds }}
+ successThreshold: 1
+{{- end }}
+ livenessProbe:
+{{- if or .Values.keepDeprecatedProbes (eq $defaultKeepDeprecatedProbes "true") }}
+ exec:
+ command:
+ - cilium
+ - status
+ - --brief
+{{- else }}
+ httpGet:
+{{- if .Values.ipv4.enabled }}
+ host: '127.0.0.1'
+{{- else }}
+ host: '::1'
+{{- end }}
+ path: /healthz
+ port: {{ .Values.healthPort }}
+ scheme: HTTP
+ httpHeaders:
+ - name: "brief"
+ value: "true"
+{{- end }}
+ failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
+{{- if semverCompare "<1.20-0" $k8sVersion }}
+ # The initial delay for the liveness probe is intentionally large to
+ # avoid an endless kill & restart cycle if in the event that the initial
+ # bootstrapping takes longer than expected.
+ # Starting from Kubernetes 1.20, we are using startupProbe instead
+ # of this field.
+ initialDelaySeconds: 120
+{{- end }}
+ periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+ successThreshold: 1
+ timeoutSeconds: 5
+ readinessProbe:
+{{- if or .Values.keepDeprecatedProbes (eq $defaultKeepDeprecatedProbes "true") }}
+ exec:
+ command:
+ - cilium
+ - status
+ - --brief
+{{- else }}
+ httpGet:
+{{- if .Values.ipv4.enabled }}
+ host: '127.0.0.1'
+{{- else }}
+ host: '::1'
+{{- end }}
+ path: /healthz
+ port: {{ .Values.healthPort }}
+ scheme: HTTP
+ httpHeaders:
+ - name: "brief"
+ value: "true"
+{{- end }}
+ failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
+{{- if semverCompare "<1.20-0" $k8sVersion }}
+ initialDelaySeconds: 5
+{{- end }}
+ periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
+ successThreshold: 1
+ timeoutSeconds: 5
+{{- end }}
+ env:
+ - name: K8S_NODE_NAME
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: spec.nodeName
+ - name: CILIUM_K8S_NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ - name: CILIUM_CLUSTERMESH_CONFIG
+ value: /var/lib/cilium/clustermesh/
+ - name: CILIUM_CNI_CHAINING_MODE
+ valueFrom:
+ configMapKeyRef:
+ key: cni-chaining-mode
+ name: cilium-config
+ optional: true
+ - name: CILIUM_CUSTOM_CNI_CONF
+ valueFrom:
+ configMapKeyRef:
+ key: custom-cni-conf
+ name: cilium-config
+ optional: true
+{{- if .Values.k8sServiceHost }}
+ - name: KUBERNETES_SERVICE_HOST
+ value: {{ .Values.k8sServiceHost | quote }}
+{{- end }}
+{{- if .Values.k8sServicePort }}
+ - name: KUBERNETES_SERVICE_PORT
+ value: {{ .Values.k8sServicePort | quote }}
+{{- end }}
+{{- with .Values.extraEnv }}
+{{ toYaml . | trim | indent 8 }}
+{{- end }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}{{ if .Values.image.useDigest }}@{{ .Values.image.digest }}{{ end }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+{{- if .Values.cni.install }}
+ lifecycle:
+ postStart:
+ exec:
+ command:
+ - "/cni-install.sh"
+ - "--enable-debug={{- if .Values.debug.enabled }}true{{- else }}false{{- end }}"
+ - "--cni-exclusive={{- if .Values.cni.exclusive }}true{{- else }}false{{- end }}"
+ preStop:
+ exec:
+ command:
+ - /cni-uninstall.sh
+{{- end }}
+{{- if .Values.resources }}
+ resources:
+ {{- toYaml .Values.resources | trim | nindent 10 }}
+{{- end }}
+ name: cilium-agent
+{{- if or .Values.prometheus.enabled .Values.hubble.metrics.enabled }}
+ ports:
+{{- if .Values.prometheus.enabled }}
+ - containerPort: {{ .Values.prometheus.port }}
+ hostPort: {{ .Values.prometheus.port }}
+ name: prometheus
+ protocol: TCP
+{{- if .Values.proxy.prometheus.enabled }}
+ - containerPort: {{ .Values.proxy.prometheus.port }}
+ hostPort: {{ .Values.proxy.prometheus.port }}
+ name: envoy-metrics
+ protocol: TCP
+{{- end }}
+{{- end }}
+{{- if .Values.hubble.metrics.enabled }}
+ - containerPort: {{ .Values.hubble.metrics.port }}
+ hostPort: {{ .Values.hubble.metrics.port }}
+ name: hubble-metrics
+ protocol: TCP
+{{- end }}
+{{- end }}
+ securityContext:
+ capabilities:
+ add:
+ - NET_ADMIN
+ - SYS_MODULE
+ privileged: true
+ volumeMounts:
+{{- /* CRI-O already mounts the BPF filesystem */ -}}
+{{- if not (eq .Values.containerRuntime.integration "crio") }}
+ - mountPath: /sys/fs/bpf
+ mountPropagation: Bidirectional
+ name: bpf-maps
+{{- end }}
+{{- if not (contains "/run/cilium/cgroupv2" .Values.cgroup.hostRoot) }}
+ # Check for duplicate mounts before mounting
+ - mountPath: {{ .Values.cgroup.hostRoot }}
+ name: cilium-cgroup
+{{- end}}
+ - mountPath: /var/run/cilium
+ name: cilium-run
+ - mountPath: /host/opt/cni/bin
+ name: cni-path
+ - mountPath: {{ .Values.cni.hostConfDirMountPath }}
+ name: etc-cni-netd
+{{- if .Values.etcd.enabled }}
+ - mountPath: /var/lib/etcd-config
+ name: etcd-config-path
+ readOnly: true
+{{- if or .Values.etcd.ssl .Values.etcd.managed }}
+ - mountPath: /var/lib/etcd-secrets
+ name: etcd-secrets
+ readOnly: true
+{{- end }}
+{{- end }}
+ - mountPath: /var/lib/cilium/clustermesh
+ name: clustermesh-secrets
+ readOnly: true
+ - mountPath: /tmp/cilium/config-map
+ name: cilium-config-path
+ readOnly: true
+{{- if .Values.ipMasqAgent.enabled }}
+ - mountPath: /etc/config
+ name: ip-masq-agent
+ readOnly: true
+{{- end }}
+{{- if .Values.cni.configMap }}
+ - mountPath: {{ .Values.cni.confFileMountPath }}
+ name: cni-configuration
+ readOnly: true
+{{- end }}
+ # Needed to be able to load kernel modules
+ - mountPath: /lib/modules
+ name: lib-modules
+ readOnly: true
+ - mountPath: /run/xtables.lock
+ name: xtables-lock
+{{- if and ( .Values.encryption.enabled ) ( eq .Values.encryption.type "ipsec" ) }}
+ {{- if .Values.encryption.ipsec.mountPath }}
+ - mountPath: {{ .Values.encryption.ipsec.mountPath }}
+ {{- else }}
+ - mountPath: {{ .Values.encryption.mountPath }}
+ {{- end }}
+ name: cilium-ipsec-secrets
+{{- end }}
+{{- if .Values.kubeConfigPath }}
+ - mountPath: {{ .Values.kubeConfigPath }}
+ name: kube-config
+ readOnly: true
+{{- end }}
+{{- if .Values.bgp.enabled }}
+ - mountPath: /var/lib/cilium/bgp
+ name: bgp-config-path
+ readOnly: true
+{{- end }}
+{{- if and (.Values.hubble.enabled) (hasKey .Values.hubble "listenAddress") (.Values.hubble.tls.enabled) }}
+ - mountPath: /var/lib/cilium/tls/hubble
+ name: hubble-tls
+ readOnly: true
+{{- end }}
+{{- range .Values.extraHostPathMounts }}
+ - mountPath: {{ .mountPath }}
+ name: {{ .name }}
+ readOnly: {{ .readOnly }}
+{{- if .mountPropagation }}
+ mountPropagation: {{ .mountPropagation }}
+{{- end }}
+{{- end }}
+{{- if .Values.monitor.enabled }}
+ - name: cilium-monitor
+ command: ["cilium"]
+ args:
+ - monitor
+{{- range $type := .Values.monitor.eventTypes }}
+ - --type={{ $type }}
+{{- end }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}{{ if .Values.image.useDigest }}@{{ .Values.image.digest }}{{ end }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ volumeMounts:
+ - mountPath: /var/run/cilium
+ name: cilium-run
+{{- if .Values.monitor.resources }}
+ resources:
+ {{- toYaml .Values.monitor.resources | trim | nindent 10 }}
+{{- end }}
+{{- end }}
+{{- if (and .Values.etcd.managed (not .Values.etcd.k8sService)) }}
+ # In managed etcd mode, Cilium must be able to resolve the DNS name of
+ # the etcd service
+ dnsPolicy: ClusterFirstWithHostNet
+{{- end }}
+ hostNetwork: true
+ initContainers:
+{{- if .Values.cgroup.autoMount.enabled }}
+ # Required to mount cgroup2 filesystem on the underlying Kubernetes node.
+ # We use nsenter command with host's cgroup and mount namespaces enabled.
+ - name: mount-cgroup
+ env:
+ - name: CGROUP_ROOT
+ value: {{ .Values.cgroup.hostRoot }}
+ - name: BIN_PATH
+ value: {{ .Values.cni.binPath }}
+ command:
+ - sh
+ - -c
+ # The statically linked Go program binary is invoked to avoid any
+ # dependency on utilities like sh and mount that can be missing on certain
+ # distros installed on the underlying host. Copy the binary to the
+ # same directory where we install cilium cni plugin so that exec permissions
+ # are available.
+ - 'cp /usr/bin/cilium-mount /hostbin/cilium-mount && nsenter --cgroup=/hostproc/1/ns/cgroup --mount=/hostproc/1/ns/mnt "${BIN_PATH}/cilium-mount" $CGROUP_ROOT; rm /hostbin/cilium-mount'
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}{{ if .Values.image.useDigest }}@{{ .Values.image.digest }}{{ end }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ volumeMounts:
+ - mountPath: /hostproc
+ name: hostproc
+ - mountPath: /hostbin
+ name: cni-path
+ securityContext:
+ privileged: true
+{{- end }}
+{{- if and .Values.nodeinit.enabled (not (eq .Values.nodeinit.bootstrapFile "")) }}
+ - name: wait-for-node-init
+ command: ['sh', '-c', 'until stat {{ .Values.nodeinit.bootstrapFile }} > /dev/null 2>&1; do echo "Waiting on node-init to run..."; sleep 1; done']
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}{{ if .Values.image.useDigest }}@{{ .Values.image.digest }}{{ end }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ volumeMounts:
+ - mountPath: {{ .Values.nodeinit.bootstrapFile }}
+ name: cilium-bootstrap-file
+{{- end }}
+ - command:
+ - /init-container.sh
+ env:
+ - name: CILIUM_ALL_STATE
+ valueFrom:
+ configMapKeyRef:
+ key: clean-cilium-state
+ name: cilium-config
+ optional: true
+ - name: CILIUM_BPF_STATE
+ valueFrom:
+ configMapKeyRef:
+ key: clean-cilium-bpf-state
+ name: cilium-config
+ optional: true
+{{- if .Values.k8sServiceHost }}
+ - name: KUBERNETES_SERVICE_HOST
+ value: {{ .Values.k8sServiceHost | quote }}
+{{- end }}
+{{- if .Values.k8sServicePort }}
+ - name: KUBERNETES_SERVICE_PORT
+ value: {{ .Values.k8sServicePort | quote }}
+{{- end }}
+{{- if .Values.extraEnv }}
+{{ toYaml .Values.extraEnv | indent 8 }}
+{{- end }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}{{ if .Values.image.useDigest }}@{{ .Values.image.digest }}{{ end }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ name: clean-cilium-state
+ securityContext:
+ capabilities:
+ add:
+ - NET_ADMIN
+ privileged: true
+ volumeMounts:
+{{- /* CRI-O already mounts the BPF filesystem */ -}}
+{{- if not (eq .Values.containerRuntime.integration "crio") }}
+ - mountPath: /sys/fs/bpf
+ name: bpf-maps
+{{- end }}
+{{- if .Values.cgroup.autoMount.enabled }}
+ # Required to mount cgroup filesystem from the host to cilium agent pod
+ - mountPath: {{ .Values.cgroup.hostRoot }}
+ name: cilium-cgroup
+ mountPropagation: HostToContainer
+{{- else }}
+ # Required to mount cgroup filesystem from the host to cilium agent pod
+ - mountPath: {{ .Values.cgroup.hostRoot }}
+ name: cilium-cgroup
+ mountPropagation: HostToContainer
+{{- end }}
+ - mountPath: /var/run/cilium
+ name: cilium-run
+{{- if .Values.nodeinit.resources }}
+ resources:
+ {{- toYaml .Values.nodeinit.resources | trim | nindent 10 }}
+{{- end }}
+ restartPolicy: Always
+{{- if and (or (and (eq .Release.Namespace "kube-system") (gt $k8sMinor "10")) (ge $k8sMinor "17") (gt $k8sMajor "1")) .Values.enableCriticalPriorityClass }}
+ priorityClassName: system-node-critical
+{{- end }}
+ serviceAccount: {{ .Values.serviceAccounts.cilium.name | quote }}
+ serviceAccountName: {{ .Values.serviceAccounts.cilium.name | quote }}
+ terminationGracePeriodSeconds: 1
+{{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | trim | nindent 6 }}
+{{- end }}
+ volumes:
+ # To keep state between restarts / upgrades
+ - hostPath:
+ path: {{ .Values.daemon.runPath }}
+ type: DirectoryOrCreate
+ name: cilium-run
+{{- /* CRI-O already mounts the BPF filesystem */ -}}
+{{- if not (eq .Values.containerRuntime.integration "crio") }}
+ # To keep state between restarts / upgrades for bpf maps
+ - hostPath:
+ path: /sys/fs/bpf
+ type: DirectoryOrCreate
+ name: bpf-maps
+{{- end }}
+{{- if .Values.cgroup.autoMount.enabled }}
+ # To mount cgroup2 filesystem on the host
+ - hostPath:
+ path: /proc
+ type: Directory
+ name: hostproc
+{{- end }}
+ # To keep state between restarts / upgrades for cgroup2 filesystem
+ - hostPath:
+ path: {{ .Values.cgroup.hostRoot}}
+ type: DirectoryOrCreate
+ name: cilium-cgroup
+ # To install cilium cni plugin in the host
+ - hostPath:
+ path: {{ .Values.cni.binPath }}
+ type: DirectoryOrCreate
+ name: cni-path
+ # To install cilium cni configuration in the host
+ - hostPath:
+ path: {{ .Values.cni.confPath }}
+ type: DirectoryOrCreate
+ name: etc-cni-netd
+ # To be able to load kernel modules
+ - hostPath:
+ path: /lib/modules
+ name: lib-modules
+ # To access iptables concurrently with other processes (e.g. kube-proxy)
+ - hostPath:
+ path: /run/xtables.lock
+ type: FileOrCreate
+ name: xtables-lock
+{{- if .Values.kubeConfigPath }}
+ - hostPath:
+ path: {{ .Values.kubeConfigPath }}
+ type: FileOrCreate
+ name: kube-config
+{{- end }}
+{{- if and .Values.nodeinit.enabled (not (eq .Values.nodeinit.bootstrapFile "")) }}
+ - hostPath:
+ path: {{ .Values.nodeinit.bootstrapFile }}
+ type: FileOrCreate
+ name: cilium-bootstrap-file
+{{- end }}
+{{- range .Values.extraHostPathMounts }}
+ - name: {{ .name }}
+ hostPath:
+ path: {{ .hostPath }}
+{{- if .hostPathType }}
+ type: {{ .hostPathType }}
+{{- end }}
+{{- end }}
+{{- if .Values.etcd.enabled }}
+ # To read the etcd config stored in config maps
+ - configMap:
+ defaultMode: 420
+ items:
+ - key: etcd-config
+ path: etcd.config
+ name: cilium-config
+ name: etcd-config-path
+ # To read the k8s etcd secrets in case the user might want to use TLS
+{{- if or .Values.etcd.ssl .Values.etcd.managed }}
+ - name: etcd-secrets
+ secret:
+ defaultMode: 420
+ optional: true
+ secretName: cilium-etcd-secrets
+{{- end }}
+{{- end }}
+ # To read the clustermesh configuration
+ - name: clustermesh-secrets
+ secret:
+ defaultMode: 420
+ optional: true
+ secretName: cilium-clustermesh
+ # To read the configuration from the config map
+ - configMap:
+ name: cilium-config
+ name: cilium-config-path
+{{- if and .Values.ipMasqAgent .Values.ipMasqAgent.enabled }}
+ - configMap:
+ name: ip-masq-agent
+ optional: true
+ items:
+ - key: config
+ path: ip-masq-agent
+ name: ip-masq-agent
+{{- end }}
+{{- if and ( .Values.encryption.enabled ) ( eq .Values.encryption.type "ipsec" ) }}
+ - name: cilium-ipsec-secrets
+ secret:
+ {{- if .Values.encryption.ipsec.secretName }}
+ secretName: {{ .Values.encryption.ipsec.secretName }}
+ {{- else }}
+ secretName: {{ .Values.encryption.secretName }}
+ {{- end }}
+{{- end }}
+{{- if .Values.cni.configMap }}
+ - name: cni-configuration
+ configMap:
+ name: {{ .Values.cni.configMap }}
+{{- end }}
+{{- if .Values.bgp.enabled }}
+ - configMap:
+ name: bgp-config
+ name: bgp-config-path
+{{- end }}
+{{- if and .Values.hubble.enabled .Values.hubble.tls.enabled (hasKey .Values.hubble "listenAddress") }}
+ - name: hubble-tls
+ projected:
+ sources:
+ - secret:
+ name: hubble-server-certs
+ items:
+ - key: ca.crt
+ path: client-ca.crt
+ - key: tls.crt
+ path: server.crt
+ - key: tls.key
+ path: server.key
+ optional: true
+{{- end }}
+{{- end }}
diff --git a/charts/cilium/templates/cilium-agent-service.yaml b/charts/cilium/templates/cilium-agent-service.yaml
new file mode 100644
index 0000000..9f1555e
--- /dev/null
+++ b/charts/cilium/templates/cilium-agent-service.yaml
@@ -0,0 +1,67 @@
+{{- if and (.Values.agent) (not .Values.preflight.enabled) (.Values.prometheus.enabled) (.Values.prometheus.serviceMonitor.enabled) }}
+kind: Service
+apiVersion: v1
+metadata:
+ name: cilium-agent
+ namespace: {{ .Release.Namespace }}
+ labels:
+ k8s-app: cilium
+spec:
+ clusterIP: None
+ type: ClusterIP
+ ports:
+ - name: metrics
+ port: {{ .Values.prometheus.port }}
+ protocol: TCP
+ targetPort: prometheus
+ - name: envoy-metrics
+ port: {{ .Values.proxy.prometheus.port }}
+ protocol: TCP
+ targetPort: envoy-metrics
+ selector:
+ k8s-app: cilium
+{{- else if and (.Values.prometheus.enabled) (.Values.proxy.prometheus.enabled) }}
+kind: Service
+apiVersion: v1
+metadata:
+ name: cilium-agent
+ namespace: {{ .Release.Namespace }}
+ annotations:
+ prometheus.io/scrape: 'true'
+ prometheus.io/port: {{ .Values.proxy.prometheus.port | quote }}
+ labels:
+ k8s-app: cilium
+spec:
+ clusterIP: None
+ type: ClusterIP
+ ports:
+ - name: envoy-metrics
+ port: {{ .Values.proxy.prometheus.port }}
+ protocol: TCP
+ targetPort: envoy-metrics
+ selector:
+ k8s-app: cilium
+{{- end }}
+{{- if and .Values.hubble.metrics.enabled }}
+---
+kind: Service
+apiVersion: v1
+metadata:
+ name: hubble-metrics
+ namespace: {{ .Release.Namespace }}
+ annotations:
+ prometheus.io/scrape: 'true'
+ prometheus.io/port: {{ .Values.hubble.metrics.port | quote }}
+ labels:
+ k8s-app: hubble
+spec:
+ clusterIP: None
+ type: ClusterIP
+ ports:
+ - name: hubble-metrics
+ port: {{ .Values.hubble.metrics.port }}
+ protocol: TCP
+ targetPort: hubble-metrics
+ selector:
+ k8s-app: cilium
+{{- end }}
diff --git a/charts/cilium/templates/cilium-agent-serviceaccount.yaml b/charts/cilium/templates/cilium-agent-serviceaccount.yaml
new file mode 100644
index 0000000..ba0141f
--- /dev/null
+++ b/charts/cilium/templates/cilium-agent-serviceaccount.yaml
@@ -0,0 +1,11 @@
+{{- if and (.Values.agent) (.Values.serviceAccounts.cilium.create) (not .Values.preflight.enabled) }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Values.serviceAccounts.cilium.name | quote }}
+ namespace: {{ .Release.Namespace }}
+ {{- if .Values.serviceAccounts.cilium.annotations }}
+ annotations:
+{{ toYaml .Values.serviceAccounts.cilium.annotations | indent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/cilium/templates/cilium-agent-servicemonitor.yaml b/charts/cilium/templates/cilium-agent-servicemonitor.yaml
new file mode 100644
index 0000000..b035e4e
--- /dev/null
+++ b/charts/cilium/templates/cilium-agent-servicemonitor.yaml
@@ -0,0 +1,63 @@
+{{- if and (.Values.agent) (not .Values.preflight.enabled) (.Values.prometheus.enabled) (.Values.prometheus.serviceMonitor.enabled) }}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: cilium-agent
+ {{- if .Values.prometheus.serviceMonitor.namespace }}
+ namespace: {{ .Values.prometheus.serviceMonitor.namespace }}
+ {{- else }}
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+ labels:
+ {{- with .Values.prometheus.serviceMonitor.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ selector:
+ matchLabels:
+ k8s-app: cilium
+ namespaceSelector:
+ matchNames:
+ - {{ .Release.Namespace }}
+ endpoints:
+ - port: metrics
+ interval: 10s
+ honorLabels: true
+ path: /metrics
+ targetLabels:
+ - k8s-app
+{{- end }}
+{{- if and .Values.hubble.metrics.enabled (.Values.hubble.metrics.serviceMonitor.enabled) }}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: hubble
+ {{- if .Values.prometheus.serviceMonitor.namespace }}
+ namespace: {{ .Values.prometheus.serviceMonitor.namespace }}
+ {{- else }}
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+ labels:
+ {{- with .Values.hubble.metrics.serviceMonitor.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ selector:
+ matchLabels:
+ k8s-app: hubble
+ namespaceSelector:
+ matchNames:
+ - {{ .Release.Namespace }}
+ endpoints:
+ - port: hubble-metrics
+ interval: 10s
+ honorLabels: true
+ path: /metrics
+ relabelings:
+ - replacement: ${1}
+ sourceLabels:
+ - __meta_kubernetes_pod_node_name
+ targetLabel: node
+{{- end }}
diff --git a/charts/cilium/templates/cilium-configmap.yaml b/charts/cilium/templates/cilium-configmap.yaml
new file mode 100644
index 0000000..3fd95e0
--- /dev/null
+++ b/charts/cilium/templates/cilium-configmap.yaml
@@ -0,0 +1,748 @@
+{{- if and (.Values.agent) (not .Values.preflight.enabled) }}
+{{- /* Default values with backwards compatibility */ -}}
+{{- $defaultEnableCnpStatusUpdates := "true" -}}
+{{- $defaultBpfMapDynamicSizeRatio := 0.0 -}}
+{{- $defaultBpfMasquerade := "false" -}}
+{{- $defaultBpfClockProbe := "false" -}}
+{{- $defaultBpfTProxy := "false" -}}
+{{- $defaultIPAM := "cluster-pool" -}}
+{{- $defaultSessionAffinity := "false" -}}
+{{- $defaultOperatorApiServeAddr := "localhost:9234" -}}
+{{- $defaultBpfCtTcpMax := 524288 -}}
+{{- $defaultBpfCtAnyMax := 262144 -}}
+{{- $enableIdentityMark := "true" -}}
+{{- $fragmentTracking := "true" -}}
+{{- $crdWaitTimeout := "5m" -}}
+{{- $defaultKubeProxyReplacement := "probe" -}}
+
+{{- /* Default values when 1.8 was initially deployed */ -}}
+{{- if semverCompare ">=1.8" (default "1.8" .Values.upgradeCompatibility) -}}
+{{- $defaultEnableCnpStatusUpdates = "false" -}}
+{{- $defaultBpfMapDynamicSizeRatio = 0.0025 -}}
+{{- $defaultBpfMasquerade = "true" -}}
+{{- $defaultBpfClockProbe = "true" -}}
+{{- $defaultIPAM = "cluster-pool" -}}
+{{- $defaultSessionAffinity = "true" -}}
+{{- if .Values.ipv4.enabled }}
+{{- $defaultOperatorApiServeAddr = "127.0.0.1:9234" -}}
+{{- else -}}
+{{- $defaultOperatorApiServeAddr = "[::1]:9234" -}}
+{{- end }}
+{{- $defaultBpfCtTcpMax = 0 -}}
+{{- $defaultBpfCtAnyMax = 0 -}}
+{{- end -}}
+
+{{- /* Default values when 1.10 was initially deployed */ -}}
+{{- if semverCompare ">=1.10" (default "1.10" .Values.upgradeCompatibility) -}}
+ {{- $defaultKubeProxyReplacement = "disabled" -}}
+ {{- /* Needs to be explicitly disabled because it was enabled on all versions >=v1.8 above. */ -}}
+ {{- $defaultBpfMasquerade = "false" -}}
+{{- end -}}
+
+{{- $ipam := (coalesce .Values.ipam.mode $defaultIPAM) -}}
+{{- $bpfCtTcpMax := (coalesce .Values.bpf.ctTcpMax $defaultBpfCtTcpMax) -}}
+{{- $bpfCtAnyMax := (coalesce .Values.bpf.ctAnyMax $defaultBpfCtAnyMax) -}}
+{{- $kubeProxyReplacement := (coalesce .Values.kubeProxyReplacement $defaultKubeProxyReplacement) -}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: cilium-config
+ namespace: {{ .Release.Namespace }}
+data:
+{{- if .Values.etcd.enabled }}
+ # The kvstore configuration is used to enable use of a kvstore for state
+ # storage. This can either be provided with an external kvstore or with the
+ # help of cilium-etcd-operator which operates an etcd cluster automatically.
+ kvstore: etcd
+{{- if .Values.etcd.k8sService }}
+ kvstore-opt: '{"etcd.config": "/var/lib/etcd-config/etcd.config", "etcd.operator": "true"}'
+{{- else }}
+ kvstore-opt: '{"etcd.config": "/var/lib/etcd-config/etcd.config"}'
+{{- end }}
+
+ # This etcd-config contains the etcd endpoints of your cluster. If you use
+ # TLS please make sure you follow the tutorial in https://cilium.link/etcd-config
+ etcd-config: |-
+ ---
+ endpoints:
+{{- if .Values.etcd.managed }}
+ - https://cilium-etcd-client.{{ .Release.Namespace }}.svc:2379
+{{- else }}
+{{- range .Values.etcd.endpoints }}
+ - {{ . }}
+{{- end }}
+{{- end }}
+{{- if or .Values.etcd.ssl .Values.etcd.managed }}
+ trusted-ca-file: '/var/lib/etcd-secrets/etcd-client-ca.crt'
+ key-file: '/var/lib/etcd-secrets/etcd-client.key'
+ cert-file: '/var/lib/etcd-secrets/etcd-client.crt'
+{{- end }}
+{{- end }}
+
+{{- if hasKey .Values "conntrackGCInterval" }}
+ conntrack-gc-interval: {{ .Values.conntrackGCInterval | quote }}
+{{- end }}
+
+{{- if hasKey .Values "disableEnvoyVersionCheck" }}
+ disable-envoy-version-check: {{ .Values.disableEnvoyVersionCheck | quote }}
+{{- end }}
+
+ # Identity allocation mode selects how identities are shared between cilium
+ # nodes by setting how they are stored. The options are "crd" or "kvstore".
+ # - "crd" stores identities in kubernetes as CRDs (custom resource definition).
+ # These can be queried with:
+ # kubectl get ciliumid
+ # - "kvstore" stores identities in a kvstore, etcd or consul, that is
+ # configured below. Cilium versions before 1.6 supported only the kvstore
+ # backend. Upgrades from these older cilium versions should continue using
+ # the kvstore by commenting out the identity-allocation-mode below, or
+ # setting it to "kvstore".
+ identity-allocation-mode: {{ .Values.identityAllocationMode }}
+{{- if hasKey .Values "identityHeartbeatTimeout" }}
+ identity-heartbeat-timeout: "{{ .Values.identityHeartbeatTimeout }}"
+{{- end }}
+{{- if hasKey .Values "identityGCInterval" }}
+ identity-gc-interval: "{{ .Values.identityGCInterval }}"
+{{- end }}
+{{- if hasKey .Values.operator "endpointGCInterval" }}
+ cilium-endpoint-gc-interval: "{{ .Values.operator.endpointGCInterval }}"
+{{- end }}
+
+{{- if hasKey .Values "identityChangeGracePeriod" }}
+ # identity-change-grace-period is the grace period that needs to pass
+ # before an endpoint that has changed its identity will start using
+ # that new identity. During the grace period, the new identity has
+ # already been allocated and other nodes in the cluster have a chance
+ # to whitelist the new upcoming identity of the endpoint.
+ identity-change-grace-period: {{ default "5s" .Values.identityChangeGracePeriod | quote }}
+{{- end }}
+
+{{- if hasKey .Values "labels" }}
+ # To include or exclude matched resources from cilium identity evaluation
+ labels: {{ .Values.labels | quote }}
+{{- end }}
+
+ # If you want to run cilium in debug mode change this value to true
+ debug: {{ .Values.debug.enabled | quote }}
+
+{{- if hasKey .Values.debug "verbose" }}
+ debug-verbose: "{{ .Values.debug.verbose }}"
+{{- end }}
+
+{{- if ne (int .Values.healthPort) 9876 }}
+ # Set the TCP port for the agent health status API. This is not the port used
+ # for cilium-health.
+ agent-health-port: "{{ .Values.healthPort }}"
+{{- end }}
+{{- if hasKey .Values "policyEnforcementMode" }}
+ # The agent can be put into the following three policy enforcement modes
+ # default, always and never.
+ # https://docs.cilium.io/en/latest/policy/intro/#policy-enforcement-modes
+ enable-policy: "{{ lower .Values.policyEnforcementMode }}"
+{{- end }}
+
+{{- if .Values.prometheus.enabled }}
+ # If you want metrics enabled in all of your Cilium agents, set the port for
+ # which the Cilium agents will have their metrics exposed.
+ # This option deprecates the "prometheus-serve-addr" in the
+ # "cilium-metrics-config" ConfigMap
+ # NOTE that this will open the port on ALL nodes where Cilium pods are
+ # scheduled.
+ prometheus-serve-addr: ":{{ .Values.prometheus.port }}"
+ # Port to expose Envoy metrics (e.g. "9095"). Envoy metrics listener will be disabled if this
+ # field is not set.
+ {{- if .Values.proxy.prometheus.enabled }}
+ proxy-prometheus-port: "{{ .Values.proxy.prometheus.port }}"
+ {{- end }}
+ {{- if .Values.prometheus.metrics }}
+ # Metrics that should be enabled or disabled from the default metric
+ # list. (+metric_foo to enable metric_foo , -metric_bar to disable
+ # metric_bar).
+ metrics: {{- range .Values.prometheus.metrics }}
+ {{ . }}
+ {{- end }}
+ {{- end }}
+{{- end }}
+
+{{- if .Values.operator.prometheus.enabled }}
+ # If you want metrics enabled in cilium-operator, set the port for
+ # which the Cilium Operator will have their metrics exposed.
+ # NOTE that this will open the port on the nodes where Cilium operator pod
+ # is scheduled.
+ operator-prometheus-serve-addr: ":{{ .Values.operator.prometheus.port }}"
+ enable-metrics: "true"
+{{- end }}
+
+{{- if .Values.operator.skipCRDCreation }}
+ skip-crd-creation: "true"
+{{- end }}
+
+ # Enable IPv4 addressing. If enabled, all endpoints are allocated an IPv4
+ # address.
+ enable-ipv4: {{ .Values.ipv4.enabled | quote }}
+
+ # Enable IPv6 addressing. If enabled, all endpoints are allocated an IPv6
+ # address.
+ enable-ipv6: {{ .Values.ipv6.enabled | quote }}
+
+{{- if .Values.cleanState }}
+ # If a serious issue occurs during Cilium startup, this
+ # invasive option may be set to true to remove all persistent
+ # state. Endpoints will not be restored using knowledge from a
+ # prior Cilium run, so they may receive new IP addresses upon
+ # restart. This also triggers clean-cilium-bpf-state.
+ clean-cilium-state: "true"
+{{- end }}
+
+{{- if .Values.cleanBpfState }}
+ # If you want to clean cilium BPF state, set this to true;
+ # Removes all BPF maps from the filesystem. Upon restart,
+ # endpoints are restored with the same IP addresses, however
+ # any ongoing connections may be disrupted briefly.
+ # Loadbalancing decisions will be reset, so any ongoing
+ # connections via a service may be loadbalanced to a different
+ # backend after restart.
+ clean-cilium-bpf-state: "true"
+{{- end }}
+
+{{- if hasKey .Values.cni "customConf" }}
+ # Users who wish to specify their own custom CNI configuration file must set
+ # custom-cni-conf to "true", otherwise Cilium may overwrite the configuration.
+ custom-cni-conf: "{{ .Values.cni.customConf }}"
+{{- end }}
+
+{{- if hasKey .Values "bpfClockProbe" }}
+ enable-bpf-clock-probe: {{ .Values.bpfClockProbe | quote }}
+{{- else if eq $defaultBpfClockProbe "true" }}
+ enable-bpf-clock-probe: {{ $defaultBpfClockProbe | quote }}
+{{- end }}
+
+{{- if hasKey .Values.bpf "tproxy" }}
+ enable-bpf-tproxy: {{ .Values.bpf.tproxy | quote }}
+{{- else if eq $defaultBpfTProxy "true" }}
+ enable-bpf-tproxy: {{ $defaultBpfTProxy | quote }}
+{{- end }}
+ # If you want cilium monitor to aggregate tracing for packets, set this level
+ # to "low", "medium", or "maximum". The higher the level, the less packets
+ # that will be seen in monitor output.
+ monitor-aggregation: {{ .Values.bpf.monitorAggregation }}
+
+ # The monitor aggregation interval governs the typical time between monitor
+ # notification events for each allowed connection.
+ #
+ # Only effective when monitor aggregation is set to "medium" or higher.
+ monitor-aggregation-interval: {{ .Values.bpf.monitorInterval }}
+
+ # The monitor aggregation flags determine which TCP flags which, upon the
+ # first observation, cause monitor notifications to be generated.
+ #
+ # Only effective when monitor aggregation is set to "medium" or higher.
+ monitor-aggregation-flags: {{ .Values.bpf.monitorFlags }}
+
+
+
+
+{{- if hasKey .Values.bpf "mapDynamicSizeRatio" }}
+ # Specifies the ratio (0.0-1.0) of total system memory to use for dynamic
+ # sizing of the TCP CT, non-TCP CT, NAT and policy BPF maps.
+ bpf-map-dynamic-size-ratio: {{ .Values.bpf.mapDynamicSizeRatio | quote }}
+{{- else if ne $defaultBpfMapDynamicSizeRatio 0.0 }}
+ # Specifies the ratio (0.0-1.0) of total system memory to use for dynamic
+ # sizing of the TCP CT, non-TCP CT, NAT and policy BPF maps.
+ bpf-map-dynamic-size-ratio: {{ $defaultBpfMapDynamicSizeRatio | quote }}
+{{- end }}
+
+{{- if hasKey .Values.bpf "hostRouting" }}
+ enable-host-legacy-routing: {{ .Values.bpf.hostRouting | quote }}
+{{- end }}
+
+{{- if or $bpfCtTcpMax $bpfCtAnyMax }}
+ # bpf-ct-global-*-max specifies the maximum number of connections
+ # supported across all endpoints, split by protocol: tcp or other. One pair
+ # of maps uses these values for IPv4 connections, and another pair of maps
+ # use these values for IPv6 connections.
+ #
+ # If these values are modified, then during the next Cilium startup the
+ # tracking of ongoing connections may be disrupted. As a result, reply
+ # packets may be dropped and the load-balancing decisions for established
+ # connections may change.
+ #
+ # For users upgrading from Cilium 1.2 or earlier, to minimize disruption
+ # during the upgrade process, set bpf-ct-global-tcp-max to 1000000.
+{{- if $bpfCtTcpMax }}
+ bpf-ct-global-tcp-max: {{ $bpfCtTcpMax | quote }}
+{{- end }}
+{{- if $bpfCtAnyMax }}
+ bpf-ct-global-any-max: {{ $bpfCtAnyMax | quote }}
+{{- end }}
+{{- end }}
+{{- if hasKey .Values.bpf "natMax" }}
+ # bpf-nat-global-max specified the maximum number of entries in the
+ # BPF NAT table.
+ bpf-nat-global-max: "{{ .Values.bpf.natMax }}"
+{{- end }}
+{{- if hasKey .Values.bpf "neighMax" }}
+ # bpf-neigh-global-max specified the maximum number of entries in the
+ # BPF neighbor table.
+ bpf-neigh-global-max: "{{ .Values.bpf.neighMax }}"
+{{- end }}
+{{- if hasKey .Values.bpf "policyMapMax" }}
+ # bpf-policy-map-max specifies the maximum number of entries in endpoint
+ # policy map (per endpoint)
+ bpf-policy-map-max: "{{ .Values.bpf.policyMapMax }}"
+{{- end }}
+{{- if hasKey .Values.bpf "lbMapMax" }}
+ # bpf-lb-map-max specifies the maximum number of entries in bpf lb service,
+ # backend and affinity maps.
+ bpf-lb-map-max: "{{ .Values.bpf.lbMapMax }}"
+{{- end }}
+ # bpf-lb-bypass-fib-lookup instructs Cilium to enable the FIB lookup bypass
+ # optimization for nodeport reverse NAT handling.
+{{- if hasKey .Values.bpf "lbBypassFIBLookup" }}
+ bpf-lb-bypass-fib-lookup: {{ .Values.bpf.lbBypassFIBLookup | quote }}
+{{- end }}
+{{- if hasKey .Values.bpf "lbExternalClusterIP" }}
+ bpf-lb-external-clusterip: {{ .Values.bpf.lbExternalClusterIP | quote }}
+{{- end }}
+
+ # Pre-allocation of map entries allows per-packet latency to be reduced, at
+ # the expense of up-front memory allocation for the entries in the maps. The
+ # default value below will minimize memory usage in the default installation;
+ # users who are sensitive to latency may consider setting this to "true".
+ #
+ # This option was introduced in Cilium 1.4. Cilium 1.3 and earlier ignore
+ # this option and behave as though it is set to "true".
+ #
+ # If this value is modified, then during the next Cilium startup the restore
+ # of existing endpoints and tracking of ongoing connections may be disrupted.
+ # As a result, reply packets may be dropped and the load-balancing decisions
+ # for established connections may change.
+ #
+ # If this option is set to "false" during an upgrade from 1.3 or earlier to
+ # 1.4 or later, then it may cause one-time disruptions during the upgrade.
+ preallocate-bpf-maps: "{{ .Values.bpf.preallocateMaps }}"
+
+ # Regular expression matching compatible Istio sidecar istio-proxy
+ # container image names
+ sidecar-istio-proxy-image: "{{ .Values.proxy.sidecarImageRegex }}"
+
+ # Name of the cluster. Only relevant when building a mesh of clusters.
+ cluster-name: {{ .Values.cluster.name }}
+
+{{- if hasKey .Values.cluster "id" }}
+ # Unique ID of the cluster. Must be unique across all conneted clusters and
+ # in the range of 1 and 255. Only relevant when building a mesh of clusters.
+ cluster-id: "{{ .Values.cluster.id }}"
+{{- end }}
+
+ # Encapsulation mode for communication between nodes
+ # Possible values:
+ # - disabled
+ # - vxlan (default)
+ # - geneve
+{{- if .Values.gke.enabled }}
+ tunnel: "disabled"
+ enable-endpoint-routes: "true"
+ enable-local-node-route: "false"
+{{- else }}
+ tunnel: {{ .Values.tunnel }}
+{{- end }}
+
+{{- if .Values.eni.enabled }}
+ enable-endpoint-routes: "true"
+ auto-create-cilium-node-resource: "true"
+{{- if .Values.eni.updateEC2AdapterLimitViaAPI }}
+ update-ec2-adapter-limit-via-api: "true"
+{{- end }}
+{{- if .Values.eni.awsReleaseExcessIPs }}
+ aws-release-excess-ips: "true"
+{{- end }}
+ ec2-api-endpoint: {{ .Values.eni.ec2APIEndpoint | quote }}
+ eni-tags: {{ .Values.eni.eniTags | toRawJson | quote }}
+ subnet-ids-filter: {{ .Values.eni.subnetIDsFilter | quote }}
+ subnet-tags-filter: {{ .Values.eni.subnetTagsFilter | quote }}
+{{- end }}
+
+{{- if .Values.azure.enabled }}
+ enable-endpoint-routes: "true"
+ auto-create-cilium-node-resource: "true"
+ enable-local-node-route: "false"
+{{- if .Values.azure.userAssignedIdentityID }}
+ azure-user-assigned-identity-id: {{ .Values.azure.userAssignedIdentityID | quote }}
+{{- end }}
+{{- end }}
+
+{{- if .Values.alibabacloud.enabled }}
+ enable-endpoint-routes: "true"
+ auto-create-cilium-node-resource: "true"
+{{- end }}
+
+{{- if hasKey .Values "l7Proxy" }}
+ # Enables L7 proxy for L7 policy enforcement and visibility
+ enable-l7-proxy: {{ .Values.l7Proxy | quote }}
+{{- end }}
+
+{{- if ne .Values.cni.chainingMode "none" }}
+ # Enable chaining with another CNI plugin
+ #
+ # Supported modes:
+ # - none
+ # - aws-cni
+ # - flannel
+ # - portmap (Enables HostPort support for Cilium)
+ cni-chaining-mode: {{ .Values.cni.chainingMode }}
+
+{{- if hasKey .Values "enableIdentityMark" }}
+ enable-identity-mark: {{ .Values.enableIdentityMark | quote }}
+{{- else if (ne $enableIdentityMark "true") }}
+ enable-identity-mark: "false"
+{{- end }}
+{{- if ne .Values.cni.chainingMode "portmap" }}
+ # Disable the PodCIDR route to the cilium_host interface as it is not
+ # required. While chaining, it is the responsibility of the underlying plugin
+ # to enable routing.
+ enable-local-node-route: "false"
+{{- end }}
+{{- end }}
+
+ enable-ipv4-masquerade: {{ .Values.enableIPv4Masquerade | quote }}
+ enable-ipv6-masquerade: {{ .Values.enableIPv6Masquerade | quote }}
+
+{{- if hasKey .Values.bpf "masquerade" }}
+ enable-bpf-masquerade: {{ .Values.bpf.masquerade | quote }}
+{{- else if eq $defaultBpfMasquerade "true" }}
+ enable-bpf-masquerade: {{ $defaultBpfMasquerade | quote }}
+{{- end }}
+{{- if hasKey .Values "egressMasqueradeInterfaces" }}
+ egress-masquerade-interfaces: {{ .Values.egressMasqueradeInterfaces }}
+{{- end }}
+{{- if and .Values.ipMasqAgent .Values.ipMasqAgent.enabled }}
+ enable-ip-masq-agent: "true"
+{{- end }}
+
+{{- if .Values.encryption.enabled }}
+ {{- if eq .Values.encryption.type "ipsec" }}
+ enable-ipsec: {{ .Values.encryption.enabled | quote }}
+
+ {{- if and .Values.encryption.ipsec.mountPath .Values.encryption.ipsec.keyFile }}
+ ipsec-key-file: {{ .Values.encryption.ipsec.mountPath }}/{{ .Values.encryption.ipsec.keyFile }}
+ {{- else }}
+ ipsec-key-file: {{ .Values.encryption.mountPath }}/{{ .Values.encryption.keyFile }}
+ {{- end }}
+ {{- if .Values.encryption.ipsec.interface }}
+ encrypt-interface: {{ .Values.encryption.ipsec.interface }}
+ {{- else if .Values.encryption.interface }}
+ encrypt-interface: {{ .Values.encryption.interface }}
+ {{- end }}
+
+ {{- if .Values.encryption.nodeEncryption }}
+ encrypt-node: {{ .Values.encryption.nodeEncryption | quote }}
+ {{- end }}
+ {{- else if eq .Values.encryption.type "wireguard" }}
+ enable-wireguard: {{ .Values.encryption.enabled | quote }}
+ {{- end }}
+{{- end }}
+
+{{- if hasKey .Values "datapathMode" }}
+{{- if eq .Values.datapathMode "ipvlan" }}
+ datapath-mode: ipvlan
+ ipvlan-master-device: {{ .Values.ipvlan.masterDevice }}
+{{- end }}
+{{- end }}
+
+ enable-xt-socket-fallback: {{ .Values.enableXTSocketFallback | quote }}
+ install-iptables-rules: {{ .Values.installIptablesRules | quote }}
+{{- if or (.Values.azure.enabled) (.Values.eni.enabled) (.Values.gke.enabled) (ne .Values.cni.chainingMode "none") }}
+ install-no-conntrack-iptables-rules: "false"
+{{- else }}
+ install-no-conntrack-iptables-rules: {{ .Values.installNoConntrackIptablesRules | quote }}
+{{- end}}
+
+{{- if hasKey .Values "iptablesRandomFully" }}
+ iptables-random-fully: {{ .Values.iptablesRandomFully | quote }}
+{{- end }}
+
+{{- if hasKey .Values "iptablesLockTimeout" }}
+ iptables-lock-timeout: {{ .Values.iptablesLockTimeout | quote }}
+{{- end }}
+
+ auto-direct-node-routes: {{ .Values.autoDirectNodeRoutes | quote }}
+ enable-bandwidth-manager: {{ .Values.bandwidthManager | quote }}
+
+{{- if hasKey .Values "localRedirectPolicy" }}
+ enable-local-redirect-policy: {{ .Values.localRedirectPolicy | quote }}
+{{- end }}
+
+{{- if hasKey .Values "nativeRoutingCIDR" }}
+ native-routing-cidr: {{ .Values.nativeRoutingCIDR }}
+{{- end }}
+
+{{- if hasKey .Values "fragmentTracking" }}
+ enable-ipv4-fragment-tracking: {{ .Values.fragmentTracking | quote }}
+{{- else if (ne $fragmentTracking "true") }}
+ enable-ipv4-fragment-tracking: "false"
+{{- end }}
+
+{{- if .Values.hostFirewall }}
+ enable-host-firewall: {{ .Values.hostFirewall | quote }}
+{{- end}}
+
+{{- if hasKey .Values "devices" }}
+ # List of devices used to attach bpf_host.o (implements BPF NodePort,
+ # host-firewall and BPF masquerading)
+ devices: {{ join " " .Values.devices | quote }}
+{{- end }}
+
+ kube-proxy-replacement: {{ $kubeProxyReplacement | quote }}
+{{- if ne $kubeProxyReplacement "disabled" }}
+ kube-proxy-replacement-healthz-bind-address: {{ default "" .Values.kubeProxyReplacementHealthzBindAddr | quote}}
+{{- end }}
+
+{{- if hasKey .Values "hostServices" }}
+{{- if .Values.hostServices.enabled }}
+ enable-host-reachable-services: {{ .Values.hostServices.enabled | quote }}
+{{- end }}
+{{- if ne .Values.hostServices.protocols "tcp,udp" }}
+ host-reachable-services-protos: {{ .Values.hostServices.protocols }}
+{{- end }}
+{{- if hasKey .Values.hostServices "hostNamespaceOnly" }}
+ bpf-lb-sock-hostns-only: {{ .Values.hostServices.hostNamespaceOnly | quote }}
+{{- end }}
+{{- end }}
+{{- if hasKey .Values "hostPort" }}
+{{- if eq $kubeProxyReplacement "partial" }}
+ enable-host-port: {{ .Values.hostPort.enabled | quote }}
+{{- end }}
+{{- end }}
+{{- if hasKey .Values "externalIPs" }}
+{{- if eq $kubeProxyReplacement "partial" }}
+ enable-external-ips: {{ .Values.externalIPs.enabled | quote }}
+{{- end }}
+{{- end }}
+{{- if hasKey .Values "nodePort" }}
+{{- if eq $kubeProxyReplacement "partial" }}
+ enable-node-port: {{ .Values.nodePort.enabled | quote }}
+{{- end }}
+{{- if hasKey .Values.nodePort "range" }}
+ node-port-range: {{ .Values.nodePort.range | quote }}
+{{- end }}
+{{- if hasKey .Values.nodePort "directRoutingDevice" }}
+ direct-routing-device: {{ .Values.nodePort.directRoutingDevice | quote }}
+{{- end }}
+{{- if hasKey .Values.nodePort "enableHealthCheck" }}
+ enable-health-check-nodeport: {{ .Values.nodePort.enableHealthCheck | quote}}
+{{- end }}
+ node-port-bind-protection: {{ .Values.nodePort.bindProtection | quote }}
+ enable-auto-protect-node-port-range: {{ .Values.nodePort.autoProtectPortRange | quote }}
+{{- end }}
+{{- if hasKey .Values "loadBalancer" }}
+{{- if .Values.loadBalancer.standalone }}
+ datapath-mode: lb-only
+{{- end }}
+{{- if hasKey .Values.loadBalancer "mode" }}
+ bpf-lb-mode: {{ .Values.loadBalancer.mode | quote }}
+{{- end }}
+{{- if hasKey .Values.loadBalancer "algorithm" }}
+ bpf-lb-algorithm: {{ .Values.loadBalancer.algorithm | quote }}
+{{- end }}
+{{- if hasKey .Values.loadBalancer "acceleration" }}
+ bpf-lb-acceleration: {{ .Values.loadBalancer.acceleration | quote }}
+{{- end }}
+{{- if hasKey .Values.loadBalancer "dsrDispatch" }}
+ bpf-lb-dsr-dispatch: {{ .Values.loadBalancer.dsrDispatch | quote }}
+{{- end }}
+
+{{- end }}
+{{- if hasKey .Values.maglev "tableSize" }}
+ bpf-lb-maglev-table-size: {{ .Values.maglev.tableSize | quote}}
+{{- end }}
+{{- if hasKey .Values.maglev "hashSeed" }}
+ bpf-lb-maglev-hash-seed: {{ .Values.maglev.hashSeed | quote}}
+{{- end }}
+{{- if .Values.sessionAffinity }}
+ enable-session-affinity: {{ .Values.sessionAffinity | quote }}
+{{- else if eq $defaultSessionAffinity "true" }}
+ enable-session-affinity: {{ $defaultSessionAffinity | quote }}
+{{- end }}
+{{- if .Values.svcSourceRangeCheck }}
+ enable-svc-source-range-check: {{ .Values.svcSourceRangeCheck | quote }}
+{{- end }}
+
+{{- if hasKey .Values "l2NeighDiscovery" }}
+{{- if hasKey .Values.l2NeighDiscovery "enabled" }}
+ enable-l2-neigh-discovery: {{ .Values.l2NeighDiscovery.enabled | quote }}
+{{- end }}
+{{- if hasKey .Values.l2NeighDiscovery "refreshPeriod" }}
+ arping-refresh-period: {{ .Values.l2NeighDiscovery.refreshPeriod | quote }}
+{{- end }}
+{{- end }}
+
+{{- if and .Values.pprof .Values.pprof.enabled }}
+ pprof: {{ .Values.pprof.enabled | quote }}
+{{- end }}
+{{- if .Values.logSystemLoad }}
+ log-system-load: {{ .Values.logSystemLoad | quote }}
+{{- end }}
+{{- if .Values.logOptions }}
+ log-opt: {{ .Values.logOptions | toJson | quote }}
+{{- end }}
+{{- if and .Values.sockops .Values.sockops.enabled }}
+ sockops-enable: {{ .Values.sockops.enabled | quote }}
+{{- end }}
+{{- if hasKey .Values.k8s "requireIPv4PodCIDR" }}
+ k8s-require-ipv4-pod-cidr: {{ .Values.k8s.requireIPv4PodCIDR | quote }}
+{{- end }}
+{{- if hasKey .Values.k8s "requireIPv6PodCIDR" }}
+ k8s-require-ipv6-pod-cidr: {{ .Values.k8s.requireIPv6PodCIDR | quote }}
+{{- end }}
+{{- if .Values.endpointStatus.enabled }}
+ endpoint-status: {{ required "endpointStatus.status required: policy, health, controllers, logs and / or state. For 2 or more options use a comma: \"policy, health\"" .Values.endpointStatus.status | quote }}
+{{- end }}
+{{- if and .Values.endpointRoutes .Values.endpointRoutes.enabled }}
+ enable-endpoint-routes: {{ .Values.endpointRoutes.enabled | quote }}
+{{- end }}
+{{- if .Values.cni.configMap }}
+ read-cni-conf: {{ .Values.cni.confFileMountPath }}/{{ .Values.cni.configMapKey }}
+ write-cni-conf-when-ready: {{ .Values.cni.hostConfDirMountPath }}/05-cilium.conflist
+{{- else if .Values.cni.readCniConf }}
+ read-cni-conf: {{ .Values.cni.readCniConf }}
+{{- end }}
+{{- if .Values.kubeConfigPath }}
+ k8s-kubeconfig-path: {{ .Values.kubeConfigPath | quote }}
+{{- end }}
+{{- if and ( .Values.endpointHealthChecking.enabled ) (or (eq .Values.cni.chainingMode "portmap") (eq .Values.cni.chainingMode "none")) }}
+ enable-endpoint-health-checking: "true"
+{{- else}}
+ # Disable health checking, when chaining mode is not set to portmap or none
+ enable-endpoint-health-checking: "false"
+{{- end }}
+{{- if hasKey .Values "healthChecking" }}
+ enable-health-checking: {{ .Values.healthChecking | quote }}
+{{- end }}
+{{- if or .Values.wellKnownIdentities.enabled .Values.etcd.managed }}
+ enable-well-known-identities: "true"
+{{- else }}
+ enable-well-known-identities: "false"
+{{- end }}
+ enable-remote-node-identity: {{ .Values.remoteNodeIdentity | quote }}
+
+{{- if hasKey .Values "synchronizeK8sNodes" }}
+ synchronize-k8s-nodes: {{ .Values.synchronizeK8sNodes | quote }}
+{{- end }}
+
+{{- if hasKey .Values "policyAuditMode" }}
+ policy-audit-mode: {{ .Values.policyAuditMode | quote }}
+{{- end }}
+
+{{- if ne $defaultOperatorApiServeAddr "localhost:9234" }}
+ operator-api-serve-addr: {{ $defaultOperatorApiServeAddr | quote }}
+{{- end }}
+
+{{- if .Values.hubble.enabled }}
+ # Enable Hubble gRPC service.
+ enable-hubble: {{ .Values.hubble.enabled | quote }}
+ # UNIX domain socket for Hubble server to listen to.
+ hubble-socket-path: {{ .Values.hubble.socketPath | quote }}
+{{- if hasKey .Values.hubble "eventQueueSize" }}
+ # Buffer size of the channel for Hubble to receive monitor events. If this field is not set,
+ # the buffer size is set to the default monitor queue size.
+ hubble-event-queue-size: {{ .Values.hubble.eventQueueSize | quote }}
+{{- end }}
+{{- if hasKey .Values.hubble "flowBufferSize" }}
+ # DEPRECATED: this block should be removed in 1.11
+ hubble-flow-buffer-size: {{ .Values.hubble.flowBufferSize | quote }}
+{{- end }}
+{{- if hasKey .Values.hubble "eventBufferCapacity" }}
+ # Capacity of the buffer to store recent events.
+ hubble-event-buffer-capacity: {{ .Values.hubble.eventBufferCapacity | quote }}
+{{- end }}
+{{- if .Values.hubble.metrics.enabled }}
+ # Address to expose Hubble metrics (e.g. ":7070"). Metrics server will be disabled if this
+ # field is not set.
+ hubble-metrics-server: ":{{ .Values.hubble.metrics.port }}"
+ # A space separated list of metrics to enable. See [0] for available metrics.
+ #
+ # https://github.com/cilium/hubble/blob/master/Documentation/metrics.md
+ hubble-metrics: {{- range .Values.hubble.metrics.enabled }}
+ {{.}}
+{{- end }}
+{{- end }}
+{{- if hasKey .Values.hubble "listenAddress" }}
+ # An additional address for Hubble server to listen to (e.g. ":4244").
+ hubble-listen-address: {{ .Values.hubble.listenAddress | quote }}
+{{- if .Values.hubble.tls.enabled }}
+ hubble-disable-tls: "false"
+ hubble-tls-cert-file: /var/lib/cilium/tls/hubble/server.crt
+ hubble-tls-key-file: /var/lib/cilium/tls/hubble/server.key
+ hubble-tls-client-ca-files: /var/lib/cilium/tls/hubble/client-ca.crt
+{{- else }}
+ hubble-disable-tls: "true"
+{{- end }}
+{{- end }}
+{{- end }}
+{{- if hasKey .Values "disableIptablesFeederRules" }}
+ # A space separated list of iptables chains to disable when installing feeder rules.
+ disable-iptables-feeder-rules: {{ .Values.disableIptablesFeederRules | join " " | quote }}
+{{- end }}
+ ipam: {{ $ipam | quote }}
+
+{{- if eq $ipam "cluster-pool" }}
+{{- if .Values.ipv4.enabled }}
+ cluster-pool-ipv4-cidr: {{ .Values.ipam.operator.clusterPoolIPv4PodCIDR | quote }}
+ cluster-pool-ipv4-mask-size: {{ .Values.ipam.operator.clusterPoolIPv4MaskSize | quote }}
+{{- end }}
+{{- if .Values.ipv6.enabled }}
+ cluster-pool-ipv6-cidr: {{ .Values.ipam.operator.clusterPoolIPv6PodCIDR | quote }}
+ cluster-pool-ipv6-mask-size: {{ .Values.ipam.operator.clusterPoolIPv6MaskSize | quote }}
+{{- end }}
+{{- end }}
+
+{{- if .Values.enableCnpStatusUpdates }}
+ disable-cnp-status-updates: {{ (not .Values.enableCnpStatusUpdates) | quote }}
+{{- else if (eq $defaultEnableCnpStatusUpdates "false") }}
+ disable-cnp-status-updates: "true"
+{{- end }}
+
+{{- if .Values.egressGateway.enabled }}
+ enable-egress-gateway: "true"
+{{- end }}
+
+{{- if .Values.enableK8sEventHandover }}
+ enable-k8s-event-handover: "true"
+{{- end }}
+
+{{- if hasKey .Values "crdWaitTimeout" }}
+ crd-wait-timeout: {{ .Values.crdWaitTimeout | quote }}
+{{- else if ( ne $crdWaitTimeout "5m" ) }}
+ crd-wait-timeout: {{ $crdWaitTimeout | quote }}
+{{- end }}
+
+{{- if .Values.enableK8sEndpointSlice }}
+ enable-k8s-endpoint-slice: {{ .Values.enableK8sEndpointSlice | quote }}
+{{- end }}
+
+{{- if hasKey .Values.k8s "serviceProxyName" }}
+ # Configure service proxy name for Cilium.
+ k8s-service-proxy-name: {{ .Values.k8s.serviceProxyName | quote }}
+{{- end }}
+
+{{- if and .Values.customCalls .Values.customCalls.enabled }}
+ # Enable tail call hooks for custom eBPF programs.
+ enable-custom-calls: {{ .Values.customCalls.enabled | quote }}
+{{- end }}
+
+{{- if and .Values.bgp.enabled (not .Values.bgp.announce.loadbalancerIP) }}
+{{ fail "BGP was enabled, but no announcements were enabled. Please enable one or more announcements." }}
+{{- else if and .Values.bgp.enabled .Values.bgp.announce.loadbalancerIP }}
+ bgp-announce-lb-ip: {{ .Values.bgp.announce.loadbalancerIP | quote }}
+{{- end }}
+
+{{- if hasKey .Values.cgroup "hostRoot" }}
+ cgroup-root: {{ .Values.cgroup.hostRoot | quote }}
+{{- end }}
+
+{{- if .Values.extraConfig }}
+{{ toYaml .Values.extraConfig | indent 2 }}
+{{- end }}
+{{- end }}
diff --git a/charts/cilium/templates/cilium-etcd-operator-clusterrole.yaml b/charts/cilium/templates/cilium-etcd-operator-clusterrole.yaml
new file mode 100644
index 0000000..d702793
--- /dev/null
+++ b/charts/cilium/templates/cilium-etcd-operator-clusterrole.yaml
@@ -0,0 +1,73 @@
+{{- if .Values.etcd.managed }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: cilium-etcd-operator
+rules:
+- apiGroups:
+ - etcd.database.coreos.com
+ resources:
+ - etcdclusters
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - delete
+ - get
+ - create
+- apiGroups:
+ - ""
+ resources:
+ - deployments
+ verbs:
+ - delete
+ - create
+ - get
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - list
+ - get
+ - delete
+- apiGroups:
+ - apps
+ resources:
+ - deployments
+ verbs:
+ - delete
+ - create
+ - get
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - componentstatuses
+ verbs:
+ - get
+- apiGroups:
+ - extensions
+ resources:
+ - deployments
+ verbs:
+ - delete
+ - create
+ - get
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - create
+ - delete
+{{- end }}
diff --git a/charts/cilium/templates/cilium-etcd-operator-clusterrolebinding.yaml b/charts/cilium/templates/cilium-etcd-operator-clusterrolebinding.yaml
new file mode 100644
index 0000000..026df49
--- /dev/null
+++ b/charts/cilium/templates/cilium-etcd-operator-clusterrolebinding.yaml
@@ -0,0 +1,14 @@
+{{- if and .Values.etcd.managed .Values.serviceAccounts.etcd.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: cilium-etcd-operator
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cilium-etcd-operator
+subjects:
+- kind: ServiceAccount
+ name: {{ .Values.serviceAccounts.etcd.name | quote }}
+ namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/cilium/templates/cilium-etcd-operator-deployment.yaml b/charts/cilium/templates/cilium-etcd-operator-deployment.yaml
new file mode 100644
index 0000000..8665cf6
--- /dev/null
+++ b/charts/cilium/templates/cilium-etcd-operator-deployment.yaml
@@ -0,0 +1,112 @@
+{{- if .Values.etcd.managed }}
+
+{{- /* Workaround so that we can set the minimal k8s version that we support */ -}}
+{{- $k8sVersion := .Capabilities.KubeVersion.Version -}}
+{{- $k8sMajor := .Capabilities.KubeVersion.Major -}}
+{{- $k8sMinor := .Capabilities.KubeVersion.Minor -}}
+
+{{- if .Values.Capabilities -}}
+{{- if .Values.Capabilities.KubeVersion -}}
+{{- if .Values.Capabilities.KubeVersion.Version -}}
+{{- $k8sVersion = .Values.Capabilities.KubeVersion.Version -}}
+{{- if .Values.Capabilities.KubeVersion.Major -}}
+{{- $k8sMajor = toString (.Values.Capabilities.KubeVersion.Major) -}}
+{{- if .Values.Capabilities.KubeVersion.Minor -}}
+{{- $k8sMinor = toString (.Values.Capabilities.KubeVersion.Minor) -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ io.cilium/app: etcd-operator
+ name: cilium-etcd-operator
+ name: cilium-etcd-operator
+ namespace: {{ .Release.Namespace }}
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ io.cilium/app: etcd-operator
+ name: cilium-etcd-operator
+{{- with .Values.etcd.updateStrategy }}
+ strategy:
+ {{- toYaml . | trim | nindent 4 }}
+{{- end }}
+ template:
+ metadata:
+{{- with .Values.etcd.podAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 8 }}
+{{- end }}
+ labels:
+ io.cilium/app: etcd-operator
+ name: cilium-etcd-operator
+{{- with .Values.etcd.podLabels }}
+ {{- toYaml . | nindent 8 }}
+{{- end }}
+ spec:
+{{- if .Values.etcd.affinity }}
+ affinity:
+{{ toYaml .Values.etcd.affinity | indent 8 }}
+{{- end }}
+{{- if .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{ toYaml .Values.imagePullSecrets | indent 8 }}
+{{- end }}
+ containers:
+ - args:
+{{- with .Values.etcd.extraArgs }}
+ {{- toYaml . | trim | nindent 8 }}
+{{- end }}
+ #- --etcd-node-selector=disktype=ssd,cputype=high
+ command:
+ - /usr/bin/cilium-etcd-operator
+ env:
+ - name: CILIUM_ETCD_OPERATOR_CLUSTER_DOMAIN
+ value: "{{ .Values.etcd.clusterDomain }}"
+ - name: CILIUM_ETCD_OPERATOR_ETCD_CLUSTER_SIZE
+ value: "{{ .Values.etcd.clusterSize }}"
+ - name: CILIUM_ETCD_OPERATOR_NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ - name: CILIUM_ETCD_OPERATOR_POD_NAME
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.name
+ - name: CILIUM_ETCD_OPERATOR_POD_UID
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.uid
+ - name: CILIUM_ETCD_META_ETCD_AUTO_COMPACTION_MODE
+ value: "revision"
+ - name: CILIUM_ETCD_META_ETCD_AUTO_COMPACTION_RETENTION
+ value: "25000"
+ image: {{ .Values.etcd.image.repository }}:{{ .Values.etcd.image.tag }}
+ imagePullPolicy: {{ .Values.etcd.image.pullPolicy }}
+ name: cilium-etcd-operator
+ dnsPolicy: ClusterFirst
+ hostNetwork: true
+{{- if and (or (and (eq .Release.Namespace "kube-system") (gt $k8sMinor "10")) (ge $k8sMinor "17") (gt $k8sMajor "1")) .Values.enableCriticalPriorityClass }}
+ priorityClassName: system-cluster-critical
+{{- end }}
+ restartPolicy: Always
+ serviceAccount: {{ .Values.serviceAccounts.etcd.name | quote }}
+ serviceAccountName: {{ .Values.serviceAccounts.etcd.name | quote }}
+{{- with .Values.etcd.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | trim | nindent 8 }}
+{{- end }}
+{{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | trim | nindent 6 }}
+{{- end }}
+{{- end }}
diff --git a/charts/cilium/templates/cilium-etcd-operator-serviceaccount.yaml b/charts/cilium/templates/cilium-etcd-operator-serviceaccount.yaml
new file mode 100644
index 0000000..9bc0a3e
--- /dev/null
+++ b/charts/cilium/templates/cilium-etcd-operator-serviceaccount.yaml
@@ -0,0 +1,11 @@
+{{- if and .Values.etcd.managed .Values.serviceAccounts.etcd.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Values.serviceAccounts.etcd.name | quote }}
+ namespace: {{ .Release.Namespace }}
+ {{- if .Values.serviceAccounts.etcd.annotations }}
+ annotations:
+{{ toYaml .Values.serviceAccounts.etcd.annotations | indent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/cilium/templates/cilium-nodeinit-daemonset.yaml b/charts/cilium/templates/cilium-nodeinit-daemonset.yaml
new file mode 100644
index 0000000..3b1d6ed
--- /dev/null
+++ b/charts/cilium/templates/cilium-nodeinit-daemonset.yaml
@@ -0,0 +1,290 @@
+{{- if .Values.nodeinit.enabled }}
+
+{{- /* Workaround so that we can set the minimal k8s version that we support */ -}}
+{{- $k8sVersion := .Capabilities.KubeVersion.Version -}}
+{{- $k8sMajor := .Capabilities.KubeVersion.Major -}}
+{{- $k8sMinor := .Capabilities.KubeVersion.Minor -}}
+
+{{- if .Values.Capabilities -}}
+{{- if .Values.Capabilities.KubeVersion -}}
+{{- if .Values.Capabilities.KubeVersion.Version -}}
+{{- $k8sVersion = .Values.Capabilities.KubeVersion.Version -}}
+{{- if .Values.Capabilities.KubeVersion.Major -}}
+{{- $k8sMajor = toString (.Values.Capabilities.KubeVersion.Major) -}}
+{{- if .Values.Capabilities.KubeVersion.Minor -}}
+{{- $k8sMinor = toString (.Values.Capabilities.KubeVersion.Minor) -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+ name: cilium-node-init
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: cilium-node-init
+spec:
+ selector:
+ matchLabels:
+ app: cilium-node-init
+ template:
+ metadata:
+ annotations:
+{{- with .Values.nodeinit.podAnnotations }}
+ {{- toYaml . | nindent 8 }}
+{{- end }}
+ labels:
+ app: cilium-node-init
+{{- with .Values.nodeinit.podLabels }}
+ {{- toYaml . | nindent 8 }}
+{{- end }}
+ spec:
+{{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | trim | nindent 6 }}
+{{- end }}
+ hostPID: true
+ hostNetwork: true
+{{- if and (or (and (eq .Release.Namespace "kube-system") (gt $k8sMinor "10")) (ge $k8sMinor "17") (gt $k8sMajor "1")) .Values.enableCriticalPriorityClass }}
+ priorityClassName: system-node-critical
+{{- end }}
+{{- if .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{ toYaml .Values.imagePullSecrets | indent 6 }}
+{{- end }}
+ volumes:
+ # To access iptables concurrently with other processes (e.g. kube-proxy)
+ - hostPath:
+ path: /run/xtables.lock
+ type: FileOrCreate
+ name: xtables-lock
+ containers:
+ - name: node-init
+ image: {{ .Values.nodeinit.image.repository }}:{{ .Values.nodeinit.image.tag }}
+ imagePullPolicy: {{ .Values.nodeinit.image.pullPolicy }}
+ securityContext:
+ privileged: true
+ volumeMounts:
+ # To access iptables concurrently with other processes (e.g. kube-proxy)
+ - mountPath: /run/xtables.lock
+ name: xtables-lock
+ lifecycle:
+{{- if .Values.eni.enabled }}
+ postStart:
+ exec:
+ command:
+ - "/bin/sh"
+ - "-c"
+ - |
+ #!/bin/bash
+
+ set -o errexit
+ set -o pipefail
+ set -o nounset
+
+ # When running in AWS ENI mode, it's likely that 'aws-node' has
+ # had a chance to install SNAT iptables rules. These can result
+ # in dropped traffic, so we should attempt to remove them.
+ # We do it using a 'postStart' hook since this may need to run
+ # for nodes which might have already been init'ed but may still
+ # have dangling rules. This is safe because there are no
+ # dependencies on anything that is part of the startup script
+ # itself, and can be safely run multiple times per node (e.g. in
+ # case of a restart).
+ if [[ "$(iptables-save | grep -c AWS-SNAT-CHAIN)" != "0" ]];
+ then
+ echo 'Deleting iptables rules created by the AWS CNI VPC plugin'
+ iptables-save | grep -v AWS-SNAT-CHAIN | iptables-restore
+ fi
+ echo 'Done!'
+{{- end }}
+{{- if .Values.nodeinit.revertReconfigureKubelet }}
+ preStop:
+ exec:
+ command:
+ - "nsenter"
+ - "-t"
+ - "1"
+ - "-m"
+ - "--"
+ - "/bin/sh"
+ - "-c"
+ - |
+ #!/bin/bash
+
+ set -o errexit
+ set -o pipefail
+ set -o nounset
+
+ if stat /tmp/node-deinit.cilium.io > /dev/null 2>&1; then
+ exit 0
+ fi
+
+ echo "Waiting on pods to stop..."
+ if [ ! -f /etc/crictl.yaml ] || grep -q 'docker' /etc/crictl.yaml; then
+ # Works for COS, ubuntu
+ while docker ps | grep -v "node-init" | grep -q "POD_cilium"; do sleep 1; done
+ else
+ # COS-beta (with containerd). Some versions of COS have crictl in /home/kubernetes/bin.
+ while PATH="${PATH}:/home/kubernetes/bin" crictl ps | grep -v "node-init" | grep -q "POD_cilium"; do sleep 1; done
+ fi
+
+ if ip link show cilium_host; then
+ echo "Deleting cilium_host interface..."
+ ip link del cilium_host
+ fi
+
+{{- if not (eq .Values.nodeinit.bootstrapFile "") }}
+ rm -f {{ .Values.nodeinit.bootstrapFile }}
+{{- end }}
+
+ rm -f /tmp/node-init.cilium.io
+ touch /tmp/node-deinit.cilium.io
+
+{{- if .Values.nodeinit.reconfigureKubelet }}
+ echo "Changing kubelet configuration to --network-plugin=kubenet"
+ sed -i "s:--network-plugin=cni\ --cni-bin-dir={{ .Values.cni.binPath }}:--network-plugin=kubenet:g" /etc/default/kubelet
+ echo "Restarting kubelet..."
+ systemctl restart kubelet
+{{- end }}
+
+{{- if (and .Values.gke.enabled (or .Values.masquerade .Values.gke.disableDefaultSnat))}}
+ # If the IP-MASQ chain exists, add back default jump rule from the GKE instance configure script
+ if iptables -w -t nat -L IP-MASQ > /dev/null; then
+ iptables -w -t nat -A POSTROUTING -m comment --comment "ip-masq: ensure nat POSTROUTING directs all non-LOCAL destination traffic to our custom IP-MASQ chain" -m addrtype ! --dst-type LOCAL -j IP-MASQ
+ fi
+{{- end }}
+
+ echo "Node de-initialization complete"
+{{- end }}
+ env:
+ - name: CHECKPOINT_PATH
+ value: /tmp/node-init.cilium.io
+ # STARTUP_SCRIPT is the script run on node bootstrap. Node
+ # bootstrapping can be customized in this script. This script is invoked
+ # using nsenter, so it runs in the host's network and mount namespace using
+ # the host's userland tools!
+ - name: STARTUP_SCRIPT
+ value: |
+ #!/bin/bash
+
+ set -o errexit
+ set -o pipefail
+ set -o nounset
+
+ echo "Link information:"
+ ip link
+
+ echo "Routing table:"
+ ip route
+
+ echo "Addressing:"
+ ip -4 a
+ ip -6 a
+
+{{- if .Values.nodeinit.removeCbrBridge }}
+ if ip link show cbr0; then
+ echo "Detected cbr0 bridge. Deleting interface..."
+ ip link del cbr0
+ fi
+{{- end }}
+
+{{- if .Values.nodeinit.reconfigureKubelet }}
+ # GKE: Alter the kubelet configuration to run in CNI mode
+ echo "Changing kubelet configuration to --network-plugin=cni --cni-bin-dir={{ .Values.cni.binPath }}"
+ mkdir -p {{ .Values.cni.binPath }}
+ sed -i "s:--network-plugin=kubenet:--network-plugin=cni\ --cni-bin-dir={{ .Values.cni.binPath }}:g" /etc/default/kubelet
+ echo "Restarting kubelet..."
+ systemctl restart kubelet
+{{- end }}
+
+{{- if (and .Values.gke.enabled (or .Values.masquerade .Values.gke.disableDefaultSnat))}}
+ # If Cilium is configured to manage masquerading of traffic leaving the node,
+ # we need to disable the IP-MASQ chain because even if ip-masq-agent
+ # is not installed, the node init script installs some default rules into
+ # the IP-MASQ chain.
+ # If we remove the jump to that ip-masq chain, then we ensure the ip masquerade
+ # configuration is solely managed by Cilium.
+ # Also, if Cilium is installed, it may be expected that it would be solely responsible
+ # for the networking configuration on that node. So provide the same functionality
+ # as the --disable-snat-flag for existing GKE clusters.
+ iptables -w -t nat -D POSTROUTING -m comment --comment "ip-masq: ensure nat POSTROUTING directs all non-LOCAL destination traffic to our custom IP-MASQ chain" -m addrtype ! --dst-type LOCAL -j IP-MASQ || true
+{{- end }}
+
+{{- if not (eq .Values.nodeinit.bootstrapFile "") }}
+ date > {{ .Values.nodeinit.bootstrapFile }}
+{{- end }}
+
+{{- if .Values.nodeinit.restartPods }}
+ echo "Restarting kubenet managed pods"
+ if [ ! -f /etc/crictl.yaml ] || grep -q 'docker' /etc/crictl.yaml; then
+ # Works for COS, ubuntu
+ # Note the first line is the containerID with a trailing \r
+ for f in `find /var/lib/cni/networks/ -type f ! -name lock ! -name last_reserved_ip.0`; do docker rm -f "$(sed 's/\r//;1q' $f)" || true; done
+ elif [ -n "$(docker ps --format '{{ "{{" }}.Image{{ "}}" }}' | grep ^[0-9]*\.dkr\.ecr\.[a-z]*-[a-z]*-[0-9]*\.amazonaws\.com/amazon-k8s-cni)" ]; then
+ timeout=1
+ for i in $(seq 1 7); do
+ echo "Checking introspection API"
+ curl localhost:61679 && retry=false || retry=true
+ if [ $retry == false ]; then break ; fi
+ sleep "$timeout"
+ timeout=$(($timeout * 2))
+ done
+
+ for pod in $(curl "localhost:61679/v1/pods" 2> /dev/null | jq -r '. | keys[]'); do
+ container_id=$(echo "$pod" | awk -F_ ' { print $3 } ' | cut -c1-12)
+ echo "Restarting ${container_id}"
+ docker kill "${container_id}" || true
+ done
+ else
+ # COS-beta (with containerd). Some versions of COS have crictl in /home/kubernetes/bin.
+ for f in `find /var/lib/cni/networks/ -type f ! -name lock ! -name last_reserved_ip.0`; do PATH="${PATH}:/home/kubernetes/bin" crictl stopp "$(sed 's/\r//;1q' $f)" || true; done
+ fi
+{{- end }}
+
+ # AKS: If azure-vnet is installed on the node, and (still) configured in bridge mode,
+ # configure it as 'transparent' to be consistent with Cilium's CNI chaining config.
+ # If the azure-vnet CNI config is not removed, kubelet will execute CNI CHECK commands
+ # against it every 5 seconds and write 'bridge' to its state file, causing inconsistent
+ # behaviour when Pods are removed.
+ if [ -f /etc/cni/net.d/10-azure.conflist ]; then
+ echo "Ensuring azure-vnet is configured in 'transparent' mode..."
+ sed -i 's/"mode":\s*"bridge"/"mode":"transparent"/g' /etc/cni/net.d/10-azure.conflist
+ fi
+
+{{- if .Values.azure.enabled }}
+ # The azure0 interface being present means the node was booted with azure-vnet configured
+ # in bridge mode. This means there might be ebtables rules and neight entries interfering
+ # with pod connectivity if we deploy with Azure IPAM.
+ if ip l show dev azure0 >/dev/null 2>&1; then
+
+ # In Azure IPAM mode, also remove the azure-vnet state file, otherwise ebtables rules get
+ # restored by the azure-vnet CNI plugin on every CNI CHECK, which can cause connectivity
+ # issues in Cilium-managed Pods. Since azure-vnet is no longer called on scheduling events,
+ # this file can be removed.
+ rm -f /var/run/azure-vnet.json
+
+ # This breaks connectivity for existing workload Pods when Cilium is scheduled, but we need
+ # to flush these to prevent Cilium-managed Pod IPs conflicting with Pod IPs previously allocated
+ # by azure-vnet. These ebtables DNAT rules contain fixed MACs that are no longer bound on the node,
+ # causing packets for these Pods to be redirected back out to the gateway, where they are dropped.
+ echo 'Flushing ebtables pre/postrouting rules in nat table.. (disconnecting non-Cilium Pods!)'
+ ebtables -t nat -F PREROUTING || true
+ ebtables -t nat -F POSTROUTING || true
+
+ # ip-masq-agent periodically injects PERM neigh entries towards the gateway
+ # for all other k8s nodes in the cluster. These are safe to flush, as ARP can
+ # resolve these nodes as usual. PERM entries will be automatically restored later.
+ echo 'Deleting all permanent neighbour entries on azure0...'
+ ip neigh show dev azure0 nud permanent | cut -d' ' -f1 | xargs -r -n1 ip neigh del dev azure0 to || true
+ fi
+{{- end }}
+
+{{- if .Values.nodeinit.revertReconfigureKubelet }}
+ rm -f /tmp/node-deinit.cilium.io
+{{- end }}
+ echo "Node initialization complete"
+{{- end }}
diff --git a/charts/cilium/templates/cilium-operator-clusterrole.yaml b/charts/cilium/templates/cilium-operator-clusterrole.yaml
new file mode 100644
index 0000000..33dcc8f
--- /dev/null
+++ b/charts/cilium/templates/cilium-operator-clusterrole.yaml
@@ -0,0 +1,120 @@
+{{- if .Values.operator.enabled }}
+
+{{- /* Workaround so that we can set the minimal k8s version that we support */ -}}
+{{- $k8sVersion := .Capabilities.KubeVersion.Version -}}
+{{- $k8sMajor := .Capabilities.KubeVersion.Major -}}
+{{- $k8sMinor := .Capabilities.KubeVersion.Minor -}}
+
+{{- if .Values.Capabilities -}}
+{{- if .Values.Capabilities.KubeVersion -}}
+{{- if .Values.Capabilities.KubeVersion.Version -}}
+{{- $k8sVersion = .Values.Capabilities.KubeVersion.Version -}}
+{{- if .Values.Capabilities.KubeVersion.Major -}}
+{{- $k8sMajor = toString (.Values.Capabilities.KubeVersion.Major) -}}
+{{- if .Values.Capabilities.KubeVersion.Minor -}}
+{{- $k8sMinor = toString (.Values.Capabilities.KubeVersion.Minor) -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: cilium-operator
+rules:
+- apiGroups:
+ - ""
+ resources:
+ # to automatically delete [core|kube]dns pods so that are starting to being
+ # managed by Cilium
+ - pods
+ verbs:
+ - get
+ - list
+ - watch
+ - delete
+- apiGroups:
+ - discovery.k8s.io
+ resources:
+ - endpointslices
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - services
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ # to perform LB IP allocation for BGP
+ - services/status
+ verbs:
+ - update
+- apiGroups:
+ - ""
+ resources:
+ # to perform the translation of a CNP that contains `ToGroup` to its endpoints
+ - services
+ - endpoints
+ # to check apiserver connectivity
+ - namespaces
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - cilium.io
+ resources:
+ - ciliumnetworkpolicies
+ - ciliumnetworkpolicies/status
+ - ciliumnetworkpolicies/finalizers
+ - ciliumclusterwidenetworkpolicies
+ - ciliumclusterwidenetworkpolicies/status
+ - ciliumclusterwidenetworkpolicies/finalizers
+ - ciliumendpoints
+ - ciliumendpoints/status
+ - ciliumendpoints/finalizers
+ - ciliumnodes
+ - ciliumnodes/status
+ - ciliumnodes/finalizers
+ - ciliumidentities
+ - ciliumidentities/status
+ - ciliumidentities/finalizers
+ - ciliumlocalredirectpolicies
+ - ciliumlocalredirectpolicies/status
+ - ciliumlocalredirectpolicies/finalizers
+ verbs:
+ - '*'
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - create
+ - get
+ - list
+ - update
+ - watch
+# For cilium-operator running in HA mode.
+#
+# Cilium operator running in HA mode requires the use of ResourceLock for Leader Election
+# between multiple running instances.
+# The preferred way of doing this is to use LeasesResourceLock as edits to Leases are less
+# common and fewer objects in the cluster watch "all Leases".
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - create
+ - get
+ - update
+{{- end }}
diff --git a/charts/cilium/templates/cilium-operator-clusterrolebinding.yaml b/charts/cilium/templates/cilium-operator-clusterrolebinding.yaml
new file mode 100644
index 0000000..4eb6c82
--- /dev/null
+++ b/charts/cilium/templates/cilium-operator-clusterrolebinding.yaml
@@ -0,0 +1,14 @@
+{{- if and .Values.operator.enabled .Values.serviceAccounts.operator.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: cilium-operator
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cilium-operator
+subjects:
+- kind: ServiceAccount
+ name: {{ .Values.serviceAccounts.operator.name | quote }}
+ namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/cilium/templates/cilium-operator-deployment.yaml b/charts/cilium/templates/cilium-operator-deployment.yaml
new file mode 100644
index 0000000..ff114c9
--- /dev/null
+++ b/charts/cilium/templates/cilium-operator-deployment.yaml
@@ -0,0 +1,302 @@
+{{- if .Values.operator.enabled }}
+
+{{- /* Workaround so that we can set the minimal k8s version that we support */ -}}
+{{- $k8sVersion := .Capabilities.KubeVersion.Version -}}
+{{- $k8sMajor := .Capabilities.KubeVersion.Major -}}
+{{- $k8sMinor := .Capabilities.KubeVersion.Minor -}}
+
+{{- if .Values.Capabilities -}}
+{{- if .Values.Capabilities.KubeVersion -}}
+{{- if .Values.Capabilities.KubeVersion.Version -}}
+{{- $k8sVersion = .Values.Capabilities.KubeVersion.Version -}}
+{{- if .Values.Capabilities.KubeVersion.Major -}}
+{{- $k8sMajor = toString (.Values.Capabilities.KubeVersion.Major) -}}
+{{- if .Values.Capabilities.KubeVersion.Minor -}}
+{{- $k8sMinor = toString (.Values.Capabilities.KubeVersion.Minor) -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ io.cilium/app: operator
+ name: cilium-operator
+ name: cilium-operator
+ namespace: {{ .Release.Namespace }}
+spec:
+ # See docs on ServerCapabilities.LeasesResourceLock in file pkg/k8s/version/version.go
+ # for more details.
+ replicas: {{ .Values.operator.replicas }}
+ selector:
+ matchLabels:
+ io.cilium/app: operator
+ name: cilium-operator
+{{- with .Values.operator.updateStrategy }}
+ strategy:
+ {{- toYaml . | trim | nindent 4 }}
+{{- end }}
+ template:
+ metadata:
+ annotations:
+{{- if .Values.operator.rollOutPods }}
+ # ensure pods roll when configmap updates
+ cilium.io/cilium-configmap-checksum: {{ include (print $.Template.BasePath "/cilium-configmap.yaml") . | sha256sum | quote }}
+{{- end }}
+{{- if and .Values.operator.prometheus.enabled (not .Values.operator.prometheus.serviceMonitor.enabled) }}
+ prometheus.io/port: {{ .Values.operator.prometheus.port | quote }}
+ prometheus.io/scrape: "true"
+{{- end }}
+{{- with .Values.operator.podAnnotations }}
+ {{- toYaml . | nindent 8 }}
+{{- end }}
+ labels:
+ io.cilium/app: operator
+ name: cilium-operator
+{{- with .Values.operator.podLabels }}
+ {{- toYaml . | nindent 8 }}
+{{- end }}
+ spec:
+ # In HA mode, cilium-operator pods must not be scheduled on the same
+ # node as they will clash with each other.
+ {{- if .Values.operator.affinity }}
+ affinity:
+ {{- toYaml .Values.operator.affinity | trim | nindent 8 }}
+ {{- end }}
+{{- if .Values.imagePullSecrets }}
+ imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 6 }}
+{{- end }}
+ containers:
+ - args:
+ - --config-dir=/tmp/cilium/config-map
+ - --debug=$(CILIUM_DEBUG)
+{{- with .Values.operator.extraArgs }}
+ {{- toYaml . | trim | nindent 8 }}
+{{- end }}
+ command:
+{{- if .Values.eni.enabled }}
+ - cilium-operator-aws
+{{- else if .Values.azure.enabled }}
+ - cilium-operator-azure
+{{- else if .Values.alibabacloud.enabled}}
+ - cilium-operator-alibabacloud
+{{- else }}
+ - cilium-operator-generic
+{{- end }}
+ env:
+ - name: K8S_NODE_NAME
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: spec.nodeName
+ - name: CILIUM_K8S_NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ - name: CILIUM_DEBUG
+ valueFrom:
+ configMapKeyRef:
+ key: debug
+ name: cilium-config
+ optional: true
+{{- if (and .Values.eni.enabled (not .Values.eni.iamRole )) }}
+ - name: AWS_ACCESS_KEY_ID
+ valueFrom:
+ secretKeyRef:
+ key: AWS_ACCESS_KEY_ID
+ name: cilium-aws
+ optional: true
+ - name: AWS_SECRET_ACCESS_KEY
+ valueFrom:
+ secretKeyRef:
+ key: AWS_SECRET_ACCESS_KEY
+ name: cilium-aws
+ optional: true
+ - name: AWS_DEFAULT_REGION
+ valueFrom:
+ secretKeyRef:
+ key: AWS_DEFAULT_REGION
+ name: cilium-aws
+ optional: true
+{{- end }}
+{{- if .Values.alibabacloud.enabled }}
+ - name: ALIBABA_CLOUD_ACCESS_KEY_ID
+ valueFrom:
+ secretKeyRef:
+ key: ALIBABA_CLOUD_ACCESS_KEY_ID
+ name: cilium-alibabacloud
+ optional: true
+ - name: ALIBABA_CLOUD_ACCESS_KEY_SECRET
+ valueFrom:
+ secretKeyRef:
+ key: ALIBABA_CLOUD_ACCESS_KEY_SECRET
+ name: cilium-alibabacloud
+ optional: true
+{{- end }}
+{{- if .Values.k8sServiceHost }}
+ - name: KUBERNETES_SERVICE_HOST
+ value: {{ .Values.k8sServiceHost | quote }}
+{{- end }}
+{{- if .Values.k8sServicePort }}
+ - name: KUBERNETES_SERVICE_PORT
+ value: {{ .Values.k8sServicePort | quote }}
+{{- end }}
+{{- if .Values.azure.subscriptionID }}
+ - name: AZURE_SUBSCRIPTION_ID
+ value: {{ .Values.azure.subscriptionID }}
+{{- end }}
+{{- if .Values.azure.tenantID }}
+ - name: AZURE_TENANT_ID
+ value: {{ .Values.azure.tenantID }}
+{{- end }}
+{{- if .Values.azure.resourceGroup }}
+ - name: AZURE_RESOURCE_GROUP
+ value: {{ .Values.azure.resourceGroup }}
+{{- end }}
+{{- if .Values.azure.clientID }}
+ - name: AZURE_CLIENT_ID
+ value: {{ .Values.azure.clientID }}
+{{- end }}
+{{- if .Values.azure.clientSecret }}
+ - name: AZURE_CLIENT_SECRET
+ value: {{ .Values.azure.clientSecret }}
+{{- end }}
+{{- range $key, $value := .Values.operator.extraEnv }}
+ - name: {{ $key }}
+ value: {{ $value }}
+{{- end }}
+{{- if .Values.eni.enabled }}
+ image: "{{ .Values.operator.image.repository }}-aws{{ .Values.operator.image.suffix }}:{{ .Values.operator.image.tag }}{{ if .Values.operator.image.useDigest }}@{{ .Values.operator.image.awsDigest }}{{ end }}"
+{{- else if .Values.azure.enabled }}
+ image: "{{ .Values.operator.image.repository }}-azure{{ .Values.operator.image.suffix }}:{{ .Values.operator.image.tag }}{{ if .Values.operator.image.useDigest }}@{{ .Values.operator.image.azureDigest }}{{ end }}"
+{{- else if .Values.alibabacloud.enabled }}
+ image: "{{ .Values.operator.image.repository }}-alibabacloud{{ .Values.operator.image.suffix }}:{{ .Values.operator.image.tag }}{{ if .Values.operator.image.useDigest }}@{{ .Values.operator.image.alibabacloudDigest }}{{ end }}"
+{{- else }}
+ image: "{{ .Values.operator.image.repository }}-generic{{ .Values.operator.image.suffix }}:{{ .Values.operator.image.tag }}{{ if .Values.operator.image.useDigest }}@{{ .Values.operator.image.genericDigest }}{{ end }}"
+{{- end }}
+ imagePullPolicy: {{ .Values.operator.image.pullPolicy }}
+ name: cilium-operator
+{{- if .Values.operator.prometheus.enabled }}
+ ports:
+ - containerPort: {{ .Values.operator.prometheus.port }}
+ hostPort: {{ .Values.operator.prometheus.port }}
+ name: prometheus
+ protocol: TCP
+{{- end }}
+ livenessProbe:
+ httpGet:
+{{- if .Values.ipv4.enabled }}
+ host: '127.0.0.1'
+{{- else }}
+ host: '::1'
+{{- end }}
+ path: /healthz
+ port: 9234
+ scheme: HTTP
+ initialDelaySeconds: 60
+ periodSeconds: 10
+ timeoutSeconds: 3
+ volumeMounts:
+ - mountPath: /tmp/cilium/config-map
+ name: cilium-config-path
+ readOnly: true
+{{- if .Values.etcd.enabled }}
+ - mountPath: /var/lib/etcd-config
+ name: etcd-config-path
+ readOnly: true
+{{- if or .Values.etcd.ssl .Values.etcd.managed }}
+ - mountPath: /var/lib/etcd-secrets
+ name: etcd-secrets
+ readOnly: true
+{{- end }}
+{{- end }}
+{{- if .Values.kubeConfigPath }}
+ - mountPath: {{ .Values.kubeConfigPath }}
+ name: kube-config
+ readOnly: true
+{{- end }}
+{{- range .Values.operator.extraHostPathMounts }}
+ - mountPath: {{ .mountPath }}
+ name: {{ .name }}
+ readOnly: {{ .readOnly }}
+{{- if .mountPropagation }}
+ mountPropagation: {{ .mountPropagation }}
+{{- end }}
+{{- end }}
+{{- if .Values.bgp.enabled }}
+ - mountPath: /var/lib/cilium/bgp
+ name: bgp-config-path
+ readOnly: true
+{{- end }}
+{{- if .Values.operator.resources }}
+ resources:
+ {{- toYaml .Values.operator.resources | trim | nindent 10 }}
+{{- end }}
+ hostNetwork: true
+{{- if (and .Values.etcd.managed (not .Values.etcd.k8sService)) }}
+ # In managed etcd mode, Cilium must be able to resolve the DNS name of
+ # the etcd service
+ dnsPolicy: ClusterFirstWithHostNet
+{{- end }}
+ restartPolicy: Always
+{{- if and (or (and (eq .Release.Namespace "kube-system") (gt $k8sMinor "10")) (ge $k8sMinor "17") (gt $k8sMajor "1")) .Values.enableCriticalPriorityClass }}
+ priorityClassName: system-cluster-critical
+{{- end }}
+ serviceAccount: {{ .Values.serviceAccounts.operator.name | quote }}
+ serviceAccountName: {{ .Values.serviceAccounts.operator.name | quote }}
+{{- with .Values.operator.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | trim | nindent 8 }}
+{{- end }}
+{{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | trim | nindent 6 }}
+{{- end }}
+ volumes:
+ # To read the configuration from the config map
+ - configMap:
+ name: cilium-config
+ name: cilium-config-path
+{{- if .Values.etcd.enabled }}
+ # To read the etcd config stored in config maps
+ - configMap:
+ defaultMode: 420
+ items:
+ - key: etcd-config
+ path: etcd.config
+ name: cilium-config
+ name: etcd-config-path
+{{- if or .Values.etcd.ssl .Values.etcd.managed }}
+ # To read the k8s etcd secrets in case the user might want to use TLS
+ - name: etcd-secrets
+ secret:
+ defaultMode: 420
+ optional: true
+ secretName: cilium-etcd-secrets
+{{- end }}
+{{- end }}
+{{- if .Values.kubeConfigPath }}
+ - hostPath:
+ path: {{ .Values.kubeConfigPath }}
+ type: FileOrCreate
+ name: kube-config
+{{- end }}
+{{- range .Values.operator.extraHostPathMounts }}
+ - name: {{ .name }}
+ hostPath:
+ path: {{ .hostPath }}
+{{- if .hostPathType }}
+ type: {{ .hostPathType }}
+{{- end }}
+{{- end }}
+{{- if .Values.bgp.enabled }}
+ - configMap:
+ name: bgp-config
+ name: bgp-config-path
+{{- end }}
+{{- end }}
diff --git a/charts/cilium/templates/cilium-operator-service.yaml b/charts/cilium/templates/cilium-operator-service.yaml
new file mode 100644
index 0000000..eb1dadd
--- /dev/null
+++ b/charts/cilium/templates/cilium-operator-service.yaml
@@ -0,0 +1,21 @@
+{{- if and (.Values.operator.enabled) (.Values.operator.prometheus.enabled) (.Values.operator.prometheus.serviceMonitor.enabled) }}
+kind: Service
+apiVersion: v1
+metadata:
+ name: cilium-operator
+ namespace: {{ .Release.Namespace }}
+ labels:
+ io.cilium/app: operator
+ name: cilium-operator
+spec:
+ clusterIP: None
+ type: ClusterIP
+ ports:
+ - name: metrics
+ port: 6942
+ protocol: TCP
+ targetPort: prometheus
+ selector:
+ io.cilium/app: operator
+ name: cilium-operator
+{{- end }}
diff --git a/charts/cilium/templates/cilium-operator-serviceaccount.yaml b/charts/cilium/templates/cilium-operator-serviceaccount.yaml
new file mode 100644
index 0000000..0c579b8
--- /dev/null
+++ b/charts/cilium/templates/cilium-operator-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{- if and .Values.operator.enabled .Values.serviceAccounts.operator.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Values.serviceAccounts.operator.name | quote }}
+ namespace: {{ .Release.Namespace }}
+ {{- if and .Values.eni.enabled .Values.eni.iamRole }}
+ {{ $_ := set .Values.serviceAccounts.operator.annotations "eks.amazonaws.com/role-arn" .Values.eni.iamRole }}
+ {{- end}}
+ {{- if .Values.serviceAccounts.operator.annotations }}
+ annotations:
+{{ toYaml .Values.serviceAccounts.operator.annotations | indent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/cilium/templates/cilium-operator-servicemonitor.yaml b/charts/cilium/templates/cilium-operator-servicemonitor.yaml
new file mode 100644
index 0000000..39ce055
--- /dev/null
+++ b/charts/cilium/templates/cilium-operator-servicemonitor.yaml
@@ -0,0 +1,30 @@
+{{- if and (.Values.operator.enabled) (.Values.operator.prometheus.enabled) (.Values.operator.prometheus.serviceMonitor.enabled) }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: cilium-operator
+ {{- if .Values.operator.prometheus.serviceMonitor.namespace }}
+ namespace: {{ .Values.operator.prometheus.serviceMonitor.namespace }}
+ {{- else }}
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+ labels:
+ {{- with .Values.operator.prometheus.serviceMonitor.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ selector:
+ matchLabels:
+ io.cilium/app: operator
+ name: cilium-operator
+ namespaceSelector:
+ matchNames:
+ - {{ .Release.Namespace }}
+ endpoints:
+ - port: metrics
+ interval: 10s
+ honorLabels: true
+ path: /metrics
+ targetLabels:
+ - io.cilium/app
+{{- end }}
diff --git a/charts/cilium/templates/cilium-preflight-clusterrole.yaml b/charts/cilium/templates/cilium-preflight-clusterrole.yaml
new file mode 100644
index 0000000..a0fe42e
--- /dev/null
+++ b/charts/cilium/templates/cilium-preflight-clusterrole.yaml
@@ -0,0 +1,110 @@
+{{- if .Values.preflight.enabled }}
+{{- /*
+Keep file in synced with cilium-agent-clusterrole.yaml
+*/ -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: cilium-pre-flight
+rules:
+- apiGroups:
+ - networking.k8s.io
+ resources:
+ - networkpolicies
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - discovery.k8s.io
+ resources:
+ - endpointslices
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - namespaces
+ - services
+ - nodes
+ - endpoints
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ - pods/finalizers
+ verbs:
+ - get
+ - list
+ - watch
+ - update
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - nodes
+ verbs:
+ - get
+ - list
+ - watch
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - nodes
+ - nodes/status
+ verbs:
+ - patch
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ # Deprecated for removal in v1.10
+ - create
+ - list
+ - watch
+ - update
+
+ # This is used when validating policies in preflight. This will need to stay
+ # until we figure out how to avoid "get" inside the preflight, and then
+ # should be removed ideally.
+ - get
+{{- if eq "k8s" .Values.tls.secretsBackend }}
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+{{- end }}
+- apiGroups:
+ - cilium.io
+ resources:
+ - ciliumnetworkpolicies
+ - ciliumnetworkpolicies/status
+ - ciliumnetworkpolicies/finalizers
+ - ciliumclusterwidenetworkpolicies
+ - ciliumclusterwidenetworkpolicies/status
+ - ciliumclusterwidenetworkpolicies/finalizers
+ - ciliumendpoints
+ - ciliumendpoints/status
+ - ciliumendpoints/finalizers
+ - ciliumnodes
+ - ciliumnodes/status
+ - ciliumnodes/finalizers
+ - ciliumidentities
+ - ciliumidentities/finalizers
+ - ciliumlocalredirectpolicies
+ - ciliumlocalredirectpolicies/status
+ - ciliumlocalredirectpolicies/finalizers
+ - ciliumegressnatpolicies
+ verbs:
+ - '*'
+{{- end }}
diff --git a/charts/cilium/templates/cilium-preflight-clusterrolebinding.yaml b/charts/cilium/templates/cilium-preflight-clusterrolebinding.yaml
new file mode 100644
index 0000000..832dfb5
--- /dev/null
+++ b/charts/cilium/templates/cilium-preflight-clusterrolebinding.yaml
@@ -0,0 +1,14 @@
+{{- if and (.Values.preflight.enabled) (.Values.serviceAccounts.preflight.create) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: cilium-pre-flight
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cilium-pre-flight
+subjects:
+- kind: ServiceAccount
+ name: {{ .Values.serviceAccounts.preflight.name | quote }}
+ namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/cilium/templates/cilium-preflight-daemonset.yaml b/charts/cilium/templates/cilium-preflight-daemonset.yaml
new file mode 100644
index 0000000..58d614b
--- /dev/null
+++ b/charts/cilium/templates/cilium-preflight-daemonset.yaml
@@ -0,0 +1,161 @@
+{{- if .Values.preflight.enabled }}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: cilium-pre-flight-check
+ namespace: {{ .Release.Namespace }}
+spec:
+ selector:
+ matchLabels:
+ k8s-app: cilium-pre-flight-check
+ kubernetes.io/cluster-service: "true"
+ template:
+ metadata:
+{{- with .Values.preflight.podAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 8 }}
+{{- end }}
+ labels:
+ k8s-app: cilium-pre-flight-check
+ kubernetes.io/cluster-service: "true"
+{{- with .Values.preflight.podLabels }}
+ {{- toYaml . | nindent 8 }}
+{{- end }}
+ spec:
+{{- if .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{ toYaml .Values.imagePullSecrets | indent 6 }}
+{{- end }}
+ initContainers:
+ - name: clean-cilium-state
+ image: "{{ .Values.preflight.image.repository }}:{{ .Values.preflight.image.tag }}{{ if .Values.preflight.image.useDigest }}@{{ .Values.preflight.image.digest }}{{ end }}"
+ imagePullPolicy: {{ .Values.preflight.image.pullPolicy }}
+ command: ["/bin/echo"]
+ args:
+ - "hello"
+ containers:
+ - name: cilium-pre-flight-check
+ image: "{{ .Values.preflight.image.repository }}:{{ .Values.preflight.image.tag }}{{ if .Values.preflight.image.useDigest }}@{{ .Values.preflight.image.digest }}{{ end }}"
+ imagePullPolicy: {{ .Values.preflight.image.pullPolicy }}
+ command: ["/bin/sh"]
+ args:
+ - -c
+ - "touch /tmp/ready; sleep 1h"
+ livenessProbe:
+ exec:
+ command:
+ - cat
+ - /tmp/ready
+ initialDelaySeconds: 5
+ periodSeconds: 5
+ readinessProbe:
+ exec:
+ command:
+ - cat
+ - /tmp/ready
+ initialDelaySeconds: 5
+ periodSeconds: 5
+ volumeMounts:
+ - mountPath: /var/run/cilium
+ name: cilium-run
+{{- if .Values.etcd.enabled }}
+ - mountPath: /var/lib/etcd-config
+ name: etcd-config-path
+ readOnly: true
+{{- if or .Values.etcd.ssl .Values.etcd.managed }}
+ - mountPath: /var/lib/etcd-secrets
+ name: etcd-secrets
+ readOnly: true
+{{- end }}
+{{- end }}
+
+{{- if ne .Values.preflight.tofqdnsPreCache "" }}
+ - name: cilium-pre-flight-fqdn-precache
+ image: "{{ .Values.preflight.image.repository }}:{{ .Values.preflight.image.tag }}{{ if .Values.preflight.image.useDigest }}@{{ .Values.preflight.image.digest }}{{ end }}"
+ imagePullPolicy: {{ .Values.preflight.image.pullPolicy }}
+ name: cilium-pre-flight-fqdn-precache
+ command: ["/bin/sh"]
+ args:
+ - -c
+ - "cilium preflight fqdn-poller --tofqdns-pre-cache {{ .Values.preflight.tofqdnsPreCache }} && touch /tmp/ready-tofqdns-precache"
+ livenessProbe:
+ exec:
+ command:
+ - cat
+ - /tmp/read-tofqdns-precachey
+ initialDelaySeconds: 5
+ periodSeconds: 5
+ readinessProbe:
+ exec:
+ command:
+ - cat
+ - /tmp/read-tofqdns-precachey
+ initialDelaySeconds: 5
+ periodSeconds: 5
+ env:
+{{- if .Values.k8sServiceHost }}
+ - name: KUBERNETES_SERVICE_HOST
+ value: {{ .Values.k8sServiceHost | quote }}
+{{- end }}
+{{- if .Values.k8sServicePort }}
+ - name: KUBERNETES_SERVICE_PORT
+ value: {{ .Values.k8sServicePort | quote }}
+{{- end }}
+ volumeMounts:
+ - mountPath: /var/run/cilium
+ name: cilium-run
+{{- if .Values.etcd.enabled }}
+ - mountPath: /var/lib/etcd-config
+ name: etcd-config-path
+ readOnly: true
+{{- if or .Values.etcd.ssl .Values.etcd.managed }}
+ - mountPath: /var/lib/etcd-secrets
+ name: etcd-secrets
+ readOnly: true
+{{- end }}
+{{- end }}
+{{- end }}
+ hostNetwork: true
+ # This is here to seamlessly allow migrate-identity to work with
+ # etcd-operator setups. The assumption is that other cases would also
+ # work since the cluster DNS would forward the request on.
+ # This differs from the cilium-agent daemonset, where this is only
+ # enabled when etcd.managed=true
+ dnsPolicy: ClusterFirstWithHostNet
+ restartPolicy: Always
+ serviceAccount: {{ .Values.serviceAccounts.preflight.name | quote }}
+ serviceAccountName: {{ .Values.serviceAccounts.preflight.name | quote }}
+ terminationGracePeriodSeconds: 1
+{{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | trim | nindent 6 }}
+{{- end }}
+ volumes:
+ # To keep state between restarts / upgrades
+ - hostPath:
+ path: /var/run/cilium
+ type: DirectoryOrCreate
+ name: cilium-run
+ - hostPath:
+ path: /sys/fs/bpf
+ type: DirectoryOrCreate
+ name: bpf-maps
+{{- if .Values.etcd.enabled }}
+ # To read the etcd config stored in config maps
+ - configMap:
+ defaultMode: 420
+ items:
+ - key: etcd-config
+ path: etcd.config
+ name: cilium-config
+ name: etcd-config-path
+ # To read the k8s etcd secrets in case the user might want to use TLS
+{{- if or .Values.etcd.ssl .Values.etcd.managed }}
+ - name: etcd-secrets
+ secret:
+ defaultMode: 420
+ optional: true
+ secretName: cilium-etcd-secrets
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/cilium/templates/cilium-preflight-deployment.yaml b/charts/cilium/templates/cilium-preflight-deployment.yaml
new file mode 100644
index 0000000..461a1a6
--- /dev/null
+++ b/charts/cilium/templates/cilium-preflight-deployment.yaml
@@ -0,0 +1,89 @@
+{{- if .Values.preflight.enabled }}
+{{- if .Values.preflight.validateCNPs }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: cilium-pre-flight-check
+ namespace: {{ .Release.Namespace }}
+spec:
+ selector:
+ matchLabels:
+ k8s-app: cilium-pre-flight-check-deployment
+ kubernetes.io/cluster-service: "true"
+ template:
+ metadata:
+{{- with .Values.preflight.podAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 8 }}
+{{- end }}
+ labels:
+ k8s-app: cilium-pre-flight-check-deployment
+ kubernetes.io/cluster-service: "true"
+{{- with .Values.preflight.podLabels }}
+ {{- toYaml . | nindent 8 }}
+{{- end }}
+ spec:
+ affinity:
+ podAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchExpressions:
+ - key: "k8s-app"
+ operator: In
+ values:
+ - cilium
+ topologyKey: "kubernetes.io/hostname"
+{{- if .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{ toYaml .Values.imagePullSecrets | indent 8 }}
+{{- end }}
+ containers:
+{{- if .Values.preflight.validateCNPs }}
+ - name: cnp-validator
+ image: "{{ .Values.preflight.image.repository }}:{{ .Values.preflight.image.tag }}{{ if .Values.preflight.image.useDigest }}@{{ .Values.preflight.image.digest }}{{ end }}"
+ imagePullPolicy: {{ .Values.preflight.image.pullPolicy }}
+ command: ["/bin/sh"]
+ args:
+ - -c
+ - "cilium preflight validate-cnp && touch /tmp/ready-validate-cnp && sleep 1h"
+ livenessProbe:
+ exec:
+ command:
+ - cat
+ - /tmp/ready-validate-cnp
+ initialDelaySeconds: 5
+ periodSeconds: 5
+ readinessProbe:
+ exec:
+ command:
+ - cat
+ - /tmp/ready-validate-cnp
+ initialDelaySeconds: 5
+ periodSeconds: 5
+{{- if not ( and ( empty ( .Values.k8sServiceHost )) ( empty ( .Values.k8sServicePort ))) }}
+ env:
+{{- if .Values.k8sServiceHost }}
+ - name: KUBERNETES_SERVICE_HOST
+ value: {{ .Values.k8sServiceHost | quote }}
+{{- end }}
+{{- if .Values.k8sServicePort }}
+ - name: KUBERNETES_SERVICE_PORT
+ value: {{ .Values.k8sServicePort | quote }}
+{{- end }}
+{{- end }}
+{{- end }}
+ hostNetwork: true
+ restartPolicy: Always
+ serviceAccount: {{ .Values.serviceAccounts.preflight.name | quote }}
+ serviceAccountName: {{ .Values.serviceAccounts.preflight.name | quote }}
+ terminationGracePeriodSeconds: 1
+{{- with .Values.preflight.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | trim | nindent 8 }}
+{{- end }}
+{{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | trim | nindent 6 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/cilium/templates/cilium-preflight-serviceaccount.yaml b/charts/cilium/templates/cilium-preflight-serviceaccount.yaml
new file mode 100644
index 0000000..0d62e00
--- /dev/null
+++ b/charts/cilium/templates/cilium-preflight-serviceaccount.yaml
@@ -0,0 +1,11 @@
+{{- if and .Values.preflight.enabled .Values.serviceAccounts.preflight.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Values.serviceAccounts.preflight.name | quote }}
+ namespace: {{ .Release.Namespace }}
+ {{- if .Values.serviceAccounts.preflight.annotations }}
+ annotations:
+{{ toYaml .Values.serviceAccounts.preflight.annotations | indent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/cilium/templates/cilium-resource-quota.yaml b/charts/cilium/templates/cilium-resource-quota.yaml
new file mode 100644
index 0000000..a985696
--- /dev/null
+++ b/charts/cilium/templates/cilium-resource-quota.yaml
@@ -0,0 +1,35 @@
+{{- if or .Values.resourceQuotas.enabled (and (ne .Release.Namespace "kube-system") .Values.gke.enabled) }}
+{{- if .Values.agent }}
+apiVersion: v1
+kind: ResourceQuota
+metadata:
+ name: cilium-resource-quota
+ namespace: {{ .Release.Namespace }}
+spec:
+ hard:
+ pods: {{ .Values.resourceQuotas.cilium.hard.pods | quote }}
+ scopeSelector:
+ matchExpressions:
+ - operator: In
+ scopeName: PriorityClass
+ values:
+ - system-node-critical
+{{- end }}
+{{- if .Values.operator.enabled }}
+---
+apiVersion: v1
+kind: ResourceQuota
+metadata:
+ name: cilium-operator-resource-quota
+ namespace: {{ .Release.Namespace }}
+spec:
+ hard:
+ pods: {{ .Values.resourceQuotas.operator.hard.pods | quote }}
+ scopeSelector:
+ matchExpressions:
+ - operator: In
+ scopeName: PriorityClass
+ values:
+ - system-cluster-critical
+{{- end }}
+{{- end }}
diff --git a/charts/cilium/templates/clustermesh-apiserver-admin-secret.yaml b/charts/cilium/templates/clustermesh-apiserver-admin-secret.yaml
new file mode 100644
index 0000000..4b02306
--- /dev/null
+++ b/charts/cilium/templates/clustermesh-apiserver-admin-secret.yaml
@@ -0,0 +1,20 @@
+{{- if and .Values.agent (not .Values.preflight.enabled) (or .Values.externalWorkloads.enabled .Values.clustermesh.useAPIServer) }}
+{{- $adminCertsProvided := and .Values.clustermesh.apiserver.tls.ca.cert .Values.clustermesh.apiserver.tls.admin.cert .Values.clustermesh.apiserver.tls.admin.key }}
+{{- $apiserverCertsGenerate := and .Values.clustermesh.apiserver.tls.auto.enabled (eq .Values.clustermesh.apiserver.tls.auto.method "helm") -}}
+{{- if or $adminCertsProvided $apiserverCertsGenerate }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: clustermesh-apiserver-admin-cert
+ namespace: {{ .Release.Namespace }}
+type: kubernetes.io/tls
+data:
+{{- if $apiserverCertsGenerate }}
+{{ include "clustermesh.apiserver.admin.gen-cert" . | indent 2 }}
+{{- else }}
+ ca.crt: {{ .Values.clustermesh.apiserver.tls.ca.cert }}
+ tls.crt: {{ .Values.clustermesh.apiserver.tls.admin.cert }}
+ tls.key: {{ .Values.clustermesh.apiserver.tls.admin.key }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/cilium/templates/clustermesh-apiserver-ca-secret.yaml b/charts/cilium/templates/clustermesh-apiserver-ca-secret.yaml
new file mode 100644
index 0000000..129f8eb
--- /dev/null
+++ b/charts/cilium/templates/clustermesh-apiserver-ca-secret.yaml
@@ -0,0 +1,17 @@
+{{- if and .Values.agent (not .Values.preflight.enabled) (or .Values.externalWorkloads.enabled .Values.clustermesh.useAPIServer) }}
+{{- if or (and .Values.clustermesh.apiserver.tls.auto.enabled (eq .Values.clustermesh.apiserver.tls.auto.method "helm")) (and .Values.clustermesh.apiserver.tls.ca.cert .Values.clustermesh.apiserver.tls.ca.key) }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: clustermesh-apiserver-ca-cert
+ namespace: {{ .Release.Namespace }}
+data:
+{{- if and .Values.clustermesh.apiserver.tls.auto.enabled (eq .Values.clustermesh.apiserver.tls.auto.method "helm") }}
+{{ include "clustermesh.apiserver.ca.gen-cert" . | indent 2 }}
+{{- else }}
+ ca.crt: {{ .Values.clustermesh.apiserver.tls.ca.cert }}
+ ca.key: {{ .Values.clustermesh.apiserver.tls.ca.key }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/cilium/templates/clustermesh-apiserver-client-secret.yaml b/charts/cilium/templates/clustermesh-apiserver-client-secret.yaml
new file mode 100644
index 0000000..d155a86
--- /dev/null
+++ b/charts/cilium/templates/clustermesh-apiserver-client-secret.yaml
@@ -0,0 +1,20 @@
+{{- if and .Values.agent (not .Values.preflight.enabled) .Values.externalWorkloads.enabled }}
+{{- $clientCertsProvided := and .Values.clustermesh.apiserver.tls.ca.cert .Values.clustermesh.apiserver.tls.client.cert .Values.clustermesh.apiserver.tls.client.key }}
+{{- $apiserverCertsGenerate := and .Values.clustermesh.apiserver.tls.auto.enabled (eq .Values.clustermesh.apiserver.tls.auto.method "helm") -}}
+{{- if or $clientCertsProvided $apiserverCertsGenerate }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: clustermesh-apiserver-client-cert
+ namespace: {{ .Release.Namespace }}
+type: kubernetes.io/tls
+data:
+{{- if $apiserverCertsGenerate }}
+{{ include "clustermesh.apiserver.client.gen-cert" . | indent 2 }}
+{{- else }}
+ ca.crt: {{ .Values.clustermesh.apiserver.tls.ca.cert }}
+ tls.crt: {{ .Values.clustermesh.apiserver.tls.client.cert }}
+ tls.key: {{ .Values.clustermesh.apiserver.tls.client.key }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/cilium/templates/clustermesh-apiserver-clusterrole.yaml b/charts/cilium/templates/clustermesh-apiserver-clusterrole.yaml
new file mode 100644
index 0000000..74bd961
--- /dev/null
+++ b/charts/cilium/templates/clustermesh-apiserver-clusterrole.yaml
@@ -0,0 +1,44 @@
+{{- if and (or .Values.externalWorkloads.enabled .Values.clustermesh.useAPIServer) .Values.serviceAccounts.clustermeshApiserver.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: clustermesh-apiserver
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - endpoints
+ - namespaces
+ - services
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - discovery.k8s.io
+ resources:
+ - endpointslices
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - list
+- apiGroups:
+ - cilium.io
+ resources:
+ - ciliumnodes
+ - ciliumnodes/status
+ - ciliumexternalworkloads
+ - ciliumexternalworkloads/status
+ - ciliumidentities
+ - ciliumidentities/status
+ - ciliumendpoints
+ - ciliumendpoints/status
+ verbs:
+ - '*'
+{{- end }}
diff --git a/charts/cilium/templates/clustermesh-apiserver-clusterrolebinding.yaml b/charts/cilium/templates/clustermesh-apiserver-clusterrolebinding.yaml
new file mode 100644
index 0000000..a69bb6d
--- /dev/null
+++ b/charts/cilium/templates/clustermesh-apiserver-clusterrolebinding.yaml
@@ -0,0 +1,14 @@
+{{- if and (or .Values.externalWorkloads.enabled .Values.clustermesh.useAPIServer) (.Values.serviceAccounts.clustermeshApiserver.create) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: clustermesh-apiserver
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: clustermesh-apiserver
+subjects:
+- kind: ServiceAccount
+ name: {{ .Values.serviceAccounts.clustermeshApiserver.name | quote }}
+ namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/cilium/templates/clustermesh-apiserver-deployment.yaml b/charts/cilium/templates/clustermesh-apiserver-deployment.yaml
new file mode 100644
index 0000000..dfe50ac
--- /dev/null
+++ b/charts/cilium/templates/clustermesh-apiserver-deployment.yaml
@@ -0,0 +1,169 @@
+{{- if (or .Values.externalWorkloads.enabled .Values.clustermesh.useAPIServer) }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: clustermesh-apiserver
+ labels:
+ k8s-app: clustermesh-apiserver
+ namespace: {{ .Release.Namespace }}
+spec:
+ replicas: {{ .Values.clustermesh.apiserver.replicas }}
+ selector:
+ matchLabels:
+ k8s-app: clustermesh-apiserver
+{{- with .Values.clustermesh.apiserver.updateStrategy }}
+ strategy: {{- toYaml . | nindent 4 }}
+{{- end }}
+ template:
+ metadata:
+ annotations:
+{{- with .Values.clustermesh.apiserver.podAnnotations }}
+ {{- toYaml . | nindent 8 }}
+{{- end }}
+ labels:
+ k8s-app: clustermesh-apiserver
+{{- with .Values.clustermesh.apiserver.podLabels }}
+ {{- toYaml . | nindent 8 }}
+{{- end }}
+ spec:
+{{- with .Values.imagePullSecrets }}
+ imagePullSecrets: {{- toYaml . | nindent 8 }}
+{{- end }}
+ restartPolicy: Always
+ serviceAccount: {{ .Values.serviceAccounts.clustermeshApiserver.name | quote }}
+ serviceAccountName: {{ .Values.serviceAccounts.clustermeshApiserver.name | quote }}
+ initContainers:
+ - name: etcd-init
+ image: {{ .Values.clustermesh.apiserver.etcd.image.repository }}:{{ .Values.clustermesh.apiserver.etcd.image.tag }}
+ imagePullPolicy: {{ .Values.clustermesh.apiserver.etcd.image.pullPolicy }}
+ env:
+ - name: ETCDCTL_API
+ value: "3"
+ - name: HOSTNAME_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ command: ["/bin/sh", "-c"]
+ args:
+ - >
+ rm -rf /var/run/etcd/*;
+ export ETCDCTL_API=3;
+ /usr/local/bin/etcd --data-dir=/var/run/etcd --name=clustermesh-apiserver --listen-client-urls=http://127.0.0.1:2379 --advertise-client-urls=http://127.0.0.1:2379 --initial-cluster-token=clustermesh-apiserver --initial-cluster-state=new --auto-compaction-retention=1 &
+ export rootpw=`head /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`;
+ echo $rootpw | etcdctl --interactive=false user add root;
+ etcdctl user grant-role root root;
+ export vmpw=`head /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`;
+ echo $vmpw | etcdctl --interactive=false user add externalworkload;
+ etcdctl role add externalworkload;
+ etcdctl role grant-permission externalworkload --from-key read '';
+ etcdctl role grant-permission externalworkload readwrite --prefix cilium/state/noderegister/v1/;
+ etcdctl role grant-permission externalworkload readwrite --prefix cilium/.initlock/;
+ etcdctl user grant-role externalworkload externalworkload;
+ export remotepw=`head /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`;
+ echo $remotepw | etcdctl --interactive=false user add remote;
+ etcdctl role add remote;
+ etcdctl role grant-permission remote --from-key read '';
+ etcdctl user grant-role remote remote;
+ etcdctl auth enable;
+ exit
+ volumeMounts:
+ - mountPath: /var/run/etcd
+ name: etcd-data-dir
+ containers:
+ - name: etcd
+ image: {{ .Values.clustermesh.apiserver.etcd.image.repository }}:{{ .Values.clustermesh.apiserver.etcd.image.tag }}
+ imagePullPolicy: {{ .Values.clustermesh.apiserver.etcd.image.pullPolicy }}
+ env:
+ - name: ETCDCTL_API
+ value: "3"
+ - name: HOSTNAME_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ command:
+ - /usr/local/bin/etcd
+ args:
+ - --data-dir=/var/run/etcd
+ - --name=clustermesh-apiserver
+ - --client-cert-auth
+ - --trusted-ca-file=/var/lib/etcd-secrets/ca.crt
+ - --cert-file=/var/lib/etcd-secrets/tls.crt
+ - --key-file=/var/lib/etcd-secrets/tls.key
+ - --listen-client-urls=https://127.0.0.1:2379,https://$(HOSTNAME_IP):2379
+ - --advertise-client-urls=https://$(HOSTNAME_IP):2379
+ - --initial-cluster-token=clustermesh-apiserver
+ - --auto-compaction-retention=1
+ volumeMounts:
+ - mountPath: /var/lib/etcd-secrets
+ name: etcd-server-secrets
+ readOnly: true
+ - mountPath: /var/run/etcd
+ name: etcd-data-dir
+ - name: "apiserver"
+ image: "{{ .Values.clustermesh.apiserver.image.repository }}:{{ .Values.clustermesh.apiserver.image.tag }}{{ if .Values.clustermesh.apiserver.image.useDigest }}@{{ .Values.clustermesh.apiserver.image.digest }}{{ end }}"
+ imagePullPolicy: {{ .Values.clustermesh.apiserver.image.pullPolicy }}
+ command:
+ - /usr/bin/clustermesh-apiserver
+ args:
+{{- if .Values.debug.enabled }}
+ - --debug
+{{- end }}
+ - --cluster-name=$(CLUSTER_NAME)
+ - --kvstore-opt
+ - etcd.config=/var/lib/cilium/etcd-config.yaml
+ env:
+ - name: CLUSTER_NAME
+ valueFrom:
+ configMapKeyRef:
+ key: cluster-name
+ name: cilium-config
+ - name: CLUSTER_ID
+ valueFrom:
+ configMapKeyRef:
+ key: cluster-id
+ name: cilium-config
+ optional: true
+ - name: IDENTITY_ALLOCATION_MODE
+ valueFrom:
+ configMapKeyRef:
+ key: identity-allocation-mode
+ name: cilium-config
+{{- with .Values.clustermesh.apiserver.resources }}
+ resources: {{- toYaml . | nindent 10 }}
+{{- end }}
+ volumeMounts:
+ - mountPath: /var/lib/cilium/etcd-secrets
+ name: etcd-admin-client
+ readOnly: true
+ volumes:
+ - name: etcd-server-secrets
+ projected:
+ defaultMode: 0420
+ sources:
+ - secret:
+ name: clustermesh-apiserver-ca-cert
+ items:
+ - key: ca.crt
+ path: ca.crt
+ - secret:
+ name: clustermesh-apiserver-server-cert
+ - name: etcd-admin-client
+ projected:
+ defaultMode: 0420
+ sources:
+ - secret:
+ name: clustermesh-apiserver-ca-cert
+ items:
+ - key: ca.crt
+ path: ca.crt
+ - secret:
+ name: clustermesh-apiserver-admin-cert
+ - name: etcd-data-dir
+ emptyDir: {}
+{{- with .Values.clustermesh.apiserver.nodeSelector }}
+ nodeSelector: {{- toYaml . | nindent 8 }}
+{{- end }}
+{{- with .Values.clustermesh.apiserver.tolerations }}
+ tolerations: {{- toYaml . | nindent 8 }}
+{{- end }}
+{{- end }}
diff --git a/charts/cilium/templates/clustermesh-apiserver-generate-certs-cronjob.yaml b/charts/cilium/templates/clustermesh-apiserver-generate-certs-cronjob.yaml
new file mode 100644
index 0000000..a1962c3
--- /dev/null
+++ b/charts/cilium/templates/clustermesh-apiserver-generate-certs-cronjob.yaml
@@ -0,0 +1,14 @@
+{{- if and (or .Values.externalWorkloads.enabled .Values.clustermesh.useAPIServer) .Values.clustermesh.apiserver.tls.auto.enabled (eq .Values.clustermesh.apiserver.tls.auto.method "cronJob") .Values.clustermesh.apiserver.tls.auto.schedule }}
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+ name: clustermesh-apiserver-generate-certs
+ namespace: {{ .Release.Namespace }}
+ labels:
+ k8s-app: clustermesh-apiserver-generate-certs
+spec:
+ schedule: {{ .Values.clustermesh.apiserver.tls.auto.schedule | quote }}
+ concurrencyPolicy: Forbid
+ jobTemplate:
+{{- include "clustermesh-apiserver-generate-certs.job.spec" . | nindent 4 }}
+{{- end }}
diff --git a/charts/cilium/templates/clustermesh-apiserver-generate-certs-job.yaml b/charts/cilium/templates/clustermesh-apiserver-generate-certs-job.yaml
new file mode 100644
index 0000000..c0e4f03
--- /dev/null
+++ b/charts/cilium/templates/clustermesh-apiserver-generate-certs-job.yaml
@@ -0,0 +1,10 @@
+{{- if and (or .Values.externalWorkloads.enabled .Values.clustermesh.useAPIServer) (eq .Values.clustermesh.apiserver.tls.auto.method "cronJob") }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: clustermesh-apiserver-generate-certs
+ namespace: {{ .Release.Namespace }}
+ labels:
+ k8s-app: clustermesh-apiserver-generate-certs
+{{ include "clustermesh-apiserver-generate-certs.job.spec" . }}
+{{- end }}
diff --git a/charts/cilium/templates/clustermesh-apiserver-generate-certs-role.yaml b/charts/cilium/templates/clustermesh-apiserver-generate-certs-role.yaml
new file mode 100644
index 0000000..45e59c8
--- /dev/null
+++ b/charts/cilium/templates/clustermesh-apiserver-generate-certs-role.yaml
@@ -0,0 +1,34 @@
+{{- if and (or .Values.externalWorkloads.enabled .Values.clustermesh.useAPIServer) .Values.clustermesh.apiserver.tls.auto.enabled (eq .Values.clustermesh.apiserver.tls.auto.method "cronJob") .Values.serviceAccounts.clustermeshcertgen.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: clustermesh-apiserver-generate-certs
+ namespace: {{ .Release.Namespace }}
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - create
+ - apiGroups:
+ - ""
+ resources:
+ - secrets
+ resourceNames:
+ - clustermesh-apiserver-ca-cert
+ verbs:
+ - get
+ - update
+ - apiGroups:
+ - ""
+ resources:
+ - secrets
+ resourceNames:
+ - clustermesh-apiserver-server-cert
+ - clustermesh-apiserver-admin-cert
+ - clustermesh-apiserver-remote-cert
+ - clustermesh-apiserver-client-cert
+ verbs:
+ - update
+{{- end }}
diff --git a/charts/cilium/templates/clustermesh-apiserver-generate-certs-rolebinding.yaml b/charts/cilium/templates/clustermesh-apiserver-generate-certs-rolebinding.yaml
new file mode 100644
index 0000000..d52e9c0
--- /dev/null
+++ b/charts/cilium/templates/clustermesh-apiserver-generate-certs-rolebinding.yaml
@@ -0,0 +1,15 @@
+{{- if and (or .Values.externalWorkloads.enabled .Values.clustermesh.useAPIServer) .Values.clustermesh.apiserver.tls.auto.enabled (eq .Values.clustermesh.apiserver.tls.auto.method "cronJob") .Values.serviceAccounts.clustermeshcertgen.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: clustermesh-apiserver-generate-certs
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: clustermesh-apiserver-generate-certs
+subjects:
+- kind: ServiceAccount
+ name: {{ .Values.serviceAccounts.clustermeshcertgen.name | quote }}
+ namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/cilium/templates/clustermesh-apiserver-generate-certs-serviceaccount.yaml b/charts/cilium/templates/clustermesh-apiserver-generate-certs-serviceaccount.yaml
new file mode 100644
index 0000000..a7583fa
--- /dev/null
+++ b/charts/cilium/templates/clustermesh-apiserver-generate-certs-serviceaccount.yaml
@@ -0,0 +1,10 @@
+{{- if and (or .Values.externalWorkloads.enabled .Values.clustermesh.useAPIServer) .Values.clustermesh.apiserver.tls.auto.enabled (eq .Values.clustermesh.apiserver.tls.auto.method "cronJob") .Values.serviceAccounts.clustermeshcertgen.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Values.serviceAccounts.clustermeshcertgen.name | quote }}
+ namespace: {{ .Release.Namespace }}
+{{- with .Values.serviceAccounts.clustermeshcertgen.annotations }}
+ annotations: {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- end }}
diff --git a/charts/cilium/templates/clustermesh-apiserver-remote-secret.yaml b/charts/cilium/templates/clustermesh-apiserver-remote-secret.yaml
new file mode 100644
index 0000000..0545990
--- /dev/null
+++ b/charts/cilium/templates/clustermesh-apiserver-remote-secret.yaml
@@ -0,0 +1,20 @@
+{{- if and .Values.agent (not .Values.preflight.enabled) .Values.clustermesh.useAPIServer }}
+{{- $remoteCertsProvided := and .Values.clustermesh.apiserver.tls.ca.cert .Values.clustermesh.apiserver.tls.remote.cert .Values.clustermesh.apiserver.tls.remote.key }}
+{{- $apiserverCertsGenerate := and .Values.clustermesh.apiserver.tls.auto.enabled (eq .Values.clustermesh.apiserver.tls.auto.method "helm") -}}
+{{- if or $remoteCertsProvided $apiserverCertsGenerate }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: clustermesh-apiserver-remote-cert
+ namespace: {{ .Release.Namespace }}
+type: kubernetes.io/tls
+data:
+{{- if $apiserverCertsGenerate }}
+{{ include "clustermesh.apiserver.remote.gen-cert" . | indent 2 }}
+{{- else }}
+ ca.crt: {{ .Values.clustermesh.apiserver.tls.ca.cert }}
+ tls.crt: {{ .Values.clustermesh.apiserver.tls.remote.cert }}
+ tls.key: {{ .Values.clustermesh.apiserver.tls.remote.key }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/cilium/templates/clustermesh-apiserver-server-secret.yaml b/charts/cilium/templates/clustermesh-apiserver-server-secret.yaml
new file mode 100644
index 0000000..4654e83
--- /dev/null
+++ b/charts/cilium/templates/clustermesh-apiserver-server-secret.yaml
@@ -0,0 +1,20 @@
+{{- if and .Values.agent (not .Values.preflight.enabled) (or .Values.externalWorkloads.enabled .Values.clustermesh.useAPIServer) }}
+{{- $serverCertsProvided := and .Values.clustermesh.apiserver.tls.ca.cert .Values.clustermesh.apiserver.tls.server.cert .Values.clustermesh.apiserver.tls.server.key }}
+{{- $apiserverCertsGenerate := and .Values.clustermesh.apiserver.tls.auto.enabled (eq .Values.clustermesh.apiserver.tls.auto.method "helm") -}}
+{{- if or $serverCertsProvided $apiserverCertsGenerate }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: clustermesh-apiserver-server-cert
+ namespace: {{ .Release.Namespace }}
+type: kubernetes.io/tls
+data:
+{{- if $apiserverCertsGenerate }}
+{{ include "clustermesh.apiserver.server.gen-cert" . | indent 2 }}
+{{- else }}
+ ca.crt: {{ .Values.clustermesh.apiserver.tls.ca.cert }}
+ tls.crt: {{ .Values.clustermesh.apiserver.tls.server.cert }}
+ tls.key: {{ .Values.clustermesh.apiserver.tls.server.key }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/cilium/templates/clustermesh-apiserver-service.yaml b/charts/cilium/templates/clustermesh-apiserver-service.yaml
new file mode 100644
index 0000000..16480bd
--- /dev/null
+++ b/charts/cilium/templates/clustermesh-apiserver-service.yaml
@@ -0,0 +1,24 @@
+{{- if (or .Values.externalWorkloads.enabled .Values.clustermesh.useAPIServer) }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: "clustermesh-apiserver"
+ namespace: {{ .Release.Namespace }}
+ labels:
+ k8s-app: clustermesh-apiserver
+{{- with .Values.clustermesh.apiserver.service.annotations }}
+ annotations: {{- toYaml . | nindent 4 }}
+{{- end }}
+spec:
+ type: {{ .Values.clustermesh.apiserver.service.type }}
+ selector:
+ k8s-app: clustermesh-apiserver
+ ports:
+ - port: 2379
+{{- if and (eq "NodePort" .Values.clustermesh.apiserver.service.type) .Values.clustermesh.apiserver.service.nodePort }}
+ nodePort: {{ .Values.clustermesh.apiserver.service.nodePort }}
+{{- end }}
+{{- if and (eq "LoadBalancer" .Values.clustermesh.apiserver.service.type) .Values.clustermesh.apiserver.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.clustermesh.apiserver.service.loadBalancerIP }}
+{{- end }}
+{{- end }}
diff --git a/charts/cilium/templates/clustermesh-apiserver-serviceaccount.yaml b/charts/cilium/templates/clustermesh-apiserver-serviceaccount.yaml
new file mode 100644
index 0000000..715d5c2
--- /dev/null
+++ b/charts/cilium/templates/clustermesh-apiserver-serviceaccount.yaml
@@ -0,0 +1,10 @@
+{{- if and (or .Values.externalWorkloads.enabled .Values.clustermesh.useAPIServer) .Values.serviceAccounts.clustermeshApiserver.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Values.serviceAccounts.clustermeshApiserver.name | quote }}
+ namespace: {{ .Release.Namespace }}
+{{- with .Values.serviceAccounts.clustermeshApiserver.annotations }}
+ annotations: {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- end }}
diff --git a/charts/cilium/templates/etcd-operator-clusterrole.yaml b/charts/cilium/templates/etcd-operator-clusterrole.yaml
new file mode 100644
index 0000000..5a87497
--- /dev/null
+++ b/charts/cilium/templates/etcd-operator-clusterrole.yaml
@@ -0,0 +1,54 @@
+{{- if .Values.etcd.managed }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: etcd-operator
+rules:
+- apiGroups:
+ - etcd.database.coreos.com
+ resources:
+ - etcdclusters
+ - etcdbackups
+ - etcdrestores
+ verbs:
+ - '*'
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - '*'
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ - services
+ - endpoints
+ - persistentvolumeclaims
+ - events
+ - deployments
+ verbs:
+ - '*'
+- apiGroups:
+ - apps
+ resources:
+ - deployments
+ verbs:
+ - '*'
+- apiGroups:
+ - extensions
+ resources:
+ - deployments
+ verbs:
+ - create
+ - get
+ - list
+ - patch
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+{{- end }}
diff --git a/charts/cilium/templates/etcd-operator-clusterrolebinding.yaml b/charts/cilium/templates/etcd-operator-clusterrolebinding.yaml
new file mode 100644
index 0000000..f2f36e2
--- /dev/null
+++ b/charts/cilium/templates/etcd-operator-clusterrolebinding.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.etcd.managed }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: etcd-operator
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: etcd-operator
+subjects:
+- kind: ServiceAccount
+ name: cilium-etcd-sa
+ namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/cilium/templates/etcd-operator-serviceaccount.yaml b/charts/cilium/templates/etcd-operator-serviceaccount.yaml
new file mode 100644
index 0000000..278d984
--- /dev/null
+++ b/charts/cilium/templates/etcd-operator-serviceaccount.yaml
@@ -0,0 +1,11 @@
+{{- if .Values.etcd.managed }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: cilium-etcd-sa
+ namespace: {{ .Release.Namespace }}
+ {{- if .Values.serviceAccounts.etcd.annotations }}
+ annotations:
+{{ toYaml .Values.serviceAccounts.etcd.annotations | indent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/cilium/templates/hubble-ca-configmap.yaml b/charts/cilium/templates/hubble-ca-configmap.yaml
new file mode 100644
index 0000000..50a05f2
--- /dev/null
+++ b/charts/cilium/templates/hubble-ca-configmap.yaml
@@ -0,0 +1,21 @@
+{{- if and (not .Values.preflight.enabled) .Values.agent .Values.hubble.enabled .Values.hubble.tls.enabled }}
+{{- $hubbleCAProvided := .Values.hubble.tls.ca.cert }}
+{{- $hubbleCAGenerate := and .Values.hubble.tls.auto.enabled (eq .Values.hubble.tls.auto.method "helm") .Values.hubble.relay.enabled -}}
+{{- if or $hubbleCAProvided $hubbleCAGenerate }}
+# NOTE: the hubble-ca-cert ConfigMap is deprecated and will be removed in v1.11
+# The Hubble CA certificate can be found in both the hubble-server-certs and
+# hubble-relay-client-certs Secrets under the ca.crt key.
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: hubble-ca-cert
+ namespace: {{ .Release.Namespace }}
+data:
+{{- if $hubbleCAGenerate }}
+{{ include "hubble.ca.gen-cert-only" . | indent 2 }}
+{{- else }}
+ ca.crt: |-
+{{ .Values.hubble.tls.ca.cert | b64dec | indent 4 -}}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/cilium/templates/hubble-generate-certs-ca-secret.yaml b/charts/cilium/templates/hubble-generate-certs-ca-secret.yaml
new file mode 100644
index 0000000..de579be
--- /dev/null
+++ b/charts/cilium/templates/hubble-generate-certs-ca-secret.yaml
@@ -0,0 +1,11 @@
+{{- if and .Values.hubble.tls.auto.enabled (eq .Values.hubble.tls.auto.method "cronJob") .Values.hubble.tls.ca.cert .Values.hubble.tls.ca.key }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: hubble-ca-secret
+ namespace: {{ .Release.Namespace }}
+data:
+ ca.crt: {{ .Values.hubble.tls.ca.cert }}
+ ca.key: {{ .Values.hubble.tls.ca.key }}
+{{- end }}
diff --git a/charts/cilium/templates/hubble-generate-certs-clusterrole.yaml b/charts/cilium/templates/hubble-generate-certs-clusterrole.yaml
new file mode 100644
index 0000000..fcd2530
--- /dev/null
+++ b/charts/cilium/templates/hubble-generate-certs-clusterrole.yaml
@@ -0,0 +1,41 @@
+{{- if and .Values.hubble.tls.auto.enabled (eq .Values.hubble.tls.auto.method "cronJob") .Values.serviceAccounts.hubblecertgen.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: hubble-generate-certs
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - secrets
+ - configmaps
+ verbs:
+ - create
+ - apiGroups:
+ - ""
+ resources:
+ - secrets
+ resourceNames:
+ - hubble-server-certs
+ - hubble-relay-client-certs
+ - hubble-relay-server-certs
+ verbs:
+ - update
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ resourceNames:
+ - hubble-ca-cert
+ verbs:
+ - update
+ - apiGroups:
+ - ""
+ resources:
+ - secrets
+ resourceNames:
+ - hubble-ca-secret
+ verbs:
+ - get
+ - update
+{{- end }}
diff --git a/charts/cilium/templates/hubble-generate-certs-clusterrolebinding.yaml b/charts/cilium/templates/hubble-generate-certs-clusterrolebinding.yaml
new file mode 100644
index 0000000..39e57c9
--- /dev/null
+++ b/charts/cilium/templates/hubble-generate-certs-clusterrolebinding.yaml
@@ -0,0 +1,14 @@
+{{- if and .Values.hubble.tls.auto.enabled (eq .Values.hubble.tls.auto.method "cronJob") .Values.serviceAccounts.hubblecertgen.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: hubble-generate-certs
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: hubble-generate-certs
+subjects:
+- kind: ServiceAccount
+ name: {{ .Values.serviceAccounts.hubblecertgen.name | quote }}
+ namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/cilium/templates/hubble-generate-certs-cronjob.yaml b/charts/cilium/templates/hubble-generate-certs-cronjob.yaml
new file mode 100644
index 0000000..d0c8385
--- /dev/null
+++ b/charts/cilium/templates/hubble-generate-certs-cronjob.yaml
@@ -0,0 +1,14 @@
+{{- if and .Values.hubble.tls.auto.enabled (eq .Values.hubble.tls.auto.method "cronJob") .Values.hubble.tls.auto.schedule }}
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+ name: hubble-generate-certs
+ namespace: {{ .Release.Namespace }}
+ labels:
+ k8s-app: hubble-generate-certs
+spec:
+ schedule: {{ .Values.hubble.tls.auto.schedule | quote }}
+ concurrencyPolicy: Forbid
+ jobTemplate:
+{{- include "hubble-generate-certs.job.spec" . | nindent 4 }}
+{{- end }}
diff --git a/charts/cilium/templates/hubble-generate-certs-job.yaml b/charts/cilium/templates/hubble-generate-certs-job.yaml
new file mode 100644
index 0000000..e6e9874
--- /dev/null
+++ b/charts/cilium/templates/hubble-generate-certs-job.yaml
@@ -0,0 +1,19 @@
+{{- if and .Values.hubble.tls.auto.enabled (eq .Values.hubble.tls.auto.method "cronJob") }}
+{{/*
+Because Kubernetes job specs are immutable, Helm will fail patch this job if
+the spec changes between releases. To avoid breaking the upgrade path, we
+generate a name for the job here which is based on the checksum of the spec.
+This will cause the name of the job to change if its content changes,
+and in turn cause Helm to do delete the old job and replace it with a new one.
+*/}}
+{{- $jobSpec := include "hubble-generate-certs.job.spec" . -}}
+{{- $checkSum := $jobSpec | sha256sum | trunc 10 -}}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: hubble-generate-certs-{{$checkSum}}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ k8s-app: hubble-generate-certs
+{{ $jobSpec }}
+{{- end }}
diff --git a/charts/cilium/templates/hubble-generate-certs-serviceaccount.yaml b/charts/cilium/templates/hubble-generate-certs-serviceaccount.yaml
new file mode 100644
index 0000000..b9cd557
--- /dev/null
+++ b/charts/cilium/templates/hubble-generate-certs-serviceaccount.yaml
@@ -0,0 +1,11 @@
+{{- if and .Values.hubble.tls.auto.enabled (eq .Values.hubble.tls.auto.method "cronJob") .Values.serviceAccounts.hubblecertgen.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Values.serviceAccounts.hubblecertgen.name | quote }}
+ namespace: {{ .Release.Namespace }}
+{{- if .Values.serviceAccounts.hubblecertgen.annotations }}
+ annotations:
+{{ toYaml .Values.serviceAccounts.hubblecertgen.annotations | indent 4 }}
+{{- end }}
+{{- end }}
diff --git a/charts/cilium/templates/hubble-relay-client-tls-secret.yaml b/charts/cilium/templates/hubble-relay-client-tls-secret.yaml
new file mode 100644
index 0000000..2a9a80c
--- /dev/null
+++ b/charts/cilium/templates/hubble-relay-client-tls-secret.yaml
@@ -0,0 +1,20 @@
+{{- if and (.Values.hubble.relay.enabled) (.Values.hubble.tls.enabled) }}
+{{- $clientCertsProvided := and .Values.hubble.tls.ca.cert .Values.hubble.relay.tls.client.cert .Values.hubble.relay.tls.client.key }}
+{{- $hubbleCertsGenerate := and .Values.hubble.tls.auto.enabled (eq .Values.hubble.tls.auto.method "helm") -}}
+{{- if or $clientCertsProvided $hubbleCertsGenerate }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: hubble-relay-client-certs
+ namespace: {{ .Release.Namespace }}
+type: kubernetes.io/tls
+data:
+{{- if $hubbleCertsGenerate }}
+{{ include "hubble.relay.gen-certs" . | indent 2 }}
+{{- else }}
+ ca.crt: {{ .Values.hubble.tls.ca.cert }}
+ tls.crt: {{ .Values.hubble.relay.tls.client.cert }}
+ tls.key: {{ .Values.hubble.relay.tls.client.key }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/cilium/templates/hubble-relay-configmap.yaml b/charts/cilium/templates/hubble-relay-configmap.yaml
new file mode 100644
index 0000000..0d281a0
--- /dev/null
+++ b/charts/cilium/templates/hubble-relay-configmap.yaml
@@ -0,0 +1,29 @@
+{{- if .Values.hubble.relay.enabled }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: hubble-relay-config
+ namespace: {{ .Release.Namespace }}
+data:
+ config.yaml: |
+ peer-service: unix://{{ .Values.hubble.socketPath }}
+ listen-address: {{ .Values.hubble.relay.listenHost }}:{{ .Values.hubble.relay.listenPort }}
+ dial-timeout: {{ .Values.hubble.relay.dialTimeout }}
+ retry-timeout: {{ .Values.hubble.relay.retryTimeout }}
+ sort-buffer-len-max: {{ .Values.hubble.relay.sortBufferLenMax }}
+ sort-buffer-drain-timeout: {{ .Values.hubble.relay.sortBufferDrainTimeout }}
+{{- if .Values.hubble.tls.enabled }}
+ tls-client-cert-file: /var/lib/hubble-relay/tls/client.crt
+ tls-client-key-file: /var/lib/hubble-relay/tls/client.key
+ tls-hubble-server-ca-files: /var/lib/hubble-relay/tls/hubble-server-ca.crt
+{{- else }}
+ disable-client-tls: true
+{{- end }}
+{{- if .Values.hubble.relay.tls.server.enabled }}
+ tls-server-cert-file: /var/lib/hubble-relay/tls/server.crt
+ tls-server-key-file: /var/lib/hubble-relay/tls/server.key
+{{- else }}
+ disable-server-tls: true
+{{- end }}
+{{- end }}
diff --git a/charts/cilium/templates/hubble-relay-deployment.yaml b/charts/cilium/templates/hubble-relay-deployment.yaml
new file mode 100644
index 0000000..e230859
--- /dev/null
+++ b/charts/cilium/templates/hubble-relay-deployment.yaml
@@ -0,0 +1,132 @@
+{{- if .Values.hubble.relay.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: hubble-relay
+ labels:
+ k8s-app: hubble-relay
+ namespace: {{ .Release.Namespace }}
+spec:
+
+ replicas: {{ .Values.hubble.relay.replicas }}
+ selector:
+ matchLabels:
+ k8s-app: hubble-relay
+{{- with .Values.hubble.relay.updateStrategy }}
+ strategy:
+{{ toYaml . | trim | indent 4 }}
+{{- end }}
+ template:
+ metadata:
+ annotations:
+{{- if .Values.hubble.relay.rollOutPods }}
+ # ensure pods roll when configmap updates
+ cilium.io/hubble-relay-configmap-checksum: {{ include (print $.Template.BasePath "/hubble-relay-configmap.yaml") . | sha256sum | quote }}
+{{- end }}
+{{- with .Values.hubble.relay.podAnnotations }}
+ {{- toYaml . | nindent 8 }}
+{{- end }}
+ labels:
+ k8s-app: hubble-relay
+{{- with .Values.hubble.relay.podLabels }}
+ {{- toYaml . | nindent 8 }}
+{{- end }}
+ spec:
+ affinity:
+ podAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchExpressions:
+ - key: "k8s-app"
+ operator: In
+ values:
+ - cilium
+ topologyKey: "kubernetes.io/hostname"
+{{- if .Values.imagePullSecrets }}
+ imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 8 }}
+{{- end }}
+ containers:
+ - name: hubble-relay
+ image: "{{ .Values.hubble.relay.image.repository }}:{{ .Values.hubble.relay.image.tag }}{{ if .Values.hubble.relay.image.useDigest }}@{{ .Values.hubble.relay.image.digest }}{{ end }}"
+ imagePullPolicy: {{ .Values.hubble.relay.image.pullPolicy }}
+ command:
+ - hubble-relay
+ args:
+ - serve
+{{- if .Values.debug.enabled }}
+ - "--debug"
+{{- end }}
+ ports:
+ - name: grpc
+ containerPort: {{ .Values.hubble.relay.listenPort }}
+ readinessProbe:
+ tcpSocket:
+ port: grpc
+ livenessProbe:
+ tcpSocket:
+ port: grpc
+{{- with .Values.hubble.relay.resources }}
+ resources:
+ {{- toYaml . | trim | nindent 12 }}
+{{- end }}
+ volumeMounts:
+ - mountPath: {{ dir .Values.hubble.socketPath }}
+ name: hubble-sock-dir
+ readOnly: true
+ - mountPath: /etc/hubble-relay
+ name: config
+ readOnly: true
+{{- if .Values.hubble.tls.enabled }}
+ - mountPath: /var/lib/hubble-relay/tls
+ name: tls
+ readOnly: true
+{{- end }}
+ restartPolicy: Always
+ serviceAccount: {{ .Values.serviceAccounts.relay.name | quote }}
+ serviceAccountName: {{ .Values.serviceAccounts.relay.name | quote }}
+ automountServiceAccountToken: false
+ terminationGracePeriodSeconds: 0
+{{- with .Values.hubble.relay.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | trim | nindent 8 }}
+{{- end }}
+{{- with .Values.hubble.relay.tolerations }}
+ tolerations:
+ {{- toYaml . | trim | nindent 8 }}
+{{- end }}
+ volumes:
+ - configMap:
+ name: hubble-relay-config
+ items:
+ - key: config.yaml
+ path: config.yaml
+ name: config
+ - hostPath:
+ path: {{ dir .Values.hubble.socketPath }}
+ type: Directory
+ name: hubble-sock-dir
+{{- if .Values.hubble.tls.enabled }}
+ - projected:
+ sources:
+ - secret:
+ name: hubble-relay-client-certs
+ items:
+ - key: ca.crt
+ path: hubble-server-ca.crt
+ - key: tls.crt
+ path: client.crt
+ - key: tls.key
+ path: client.key
+{{- if .Values.hubble.relay.tls.server.enabled }}
+ - secret:
+ name: hubble-relay-server-certs
+ items:
+ - key: tls.crt
+ path: server.crt
+ - key: tls.key
+ path: server.key
+{{- end }}
+ name: tls
+{{- end }}
+{{- end }}
diff --git a/charts/cilium/templates/hubble-relay-service.yaml b/charts/cilium/templates/hubble-relay-service.yaml
new file mode 100644
index 0000000..d50fa31
--- /dev/null
+++ b/charts/cilium/templates/hubble-relay-service.yaml
@@ -0,0 +1,23 @@
+{{- if .Values.hubble.relay.enabled }}
+kind: Service
+apiVersion: v1
+metadata:
+ name: hubble-relay
+ namespace: {{ .Release.Namespace }}
+ labels:
+ k8s-app: hubble-relay
+spec:
+ type: ClusterIP
+ selector:
+ k8s-app: hubble-relay
+ ports:
+ - protocol: TCP
+{{- if .Values.hubble.relay.servicePort }}
+ port: {{ .Values.hubble.relay.servicePort }}
+{{- else if .Values.hubble.relay.tls.server.enabled }}
+ port: 443
+{{- else }}
+ port: 80
+{{- end }}
+ targetPort: {{ .Values.hubble.relay.listenPort }}
+{{- end }}
diff --git a/charts/cilium/templates/hubble-relay-serviceaccount.yaml b/charts/cilium/templates/hubble-relay-serviceaccount.yaml
new file mode 100644
index 0000000..25ea262
--- /dev/null
+++ b/charts/cilium/templates/hubble-relay-serviceaccount.yaml
@@ -0,0 +1,11 @@
+{{- if and (.Values.hubble.relay.enabled) (.Values.serviceAccounts.relay.create) -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Values.serviceAccounts.relay.name | quote }}
+ namespace: {{ .Release.Namespace }}
+ {{- with .Values.serviceAccounts.relay.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/cilium/templates/hubble-relay-tls-server-secret.yaml b/charts/cilium/templates/hubble-relay-tls-server-secret.yaml
new file mode 100644
index 0000000..e07d00a
--- /dev/null
+++ b/charts/cilium/templates/hubble-relay-tls-server-secret.yaml
@@ -0,0 +1,20 @@
+{{- if and (.Values.hubble.relay.enabled) (.Values.hubble.relay.tls.server.enabled) }}
+{{- $serverCertsProvided := and .Values.hubble.tls.ca.cert .Values.hubble.relay.tls.server.cert .Values.hubble.relay.tls.server.key -}}
+{{- $hubbleCertsGenerate := and .Values.hubble.tls.auto.enabled (eq .Values.hubble.tls.auto.method "helm") -}}
+{{- if or $serverCertsProvided $hubbleCertsGenerate }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: hubble-relay-server-certs
+ namespace: {{ .Release.Namespace }}
+type: kubernetes.io/tls
+data:
+{{- if $hubbleCertsGenerate }}
+{{ include "hubble.relay.gen-certs" . | indent 2 }}
+{{- else }}
+ ca.crt: {{ .Values.hubble.tls.ca.cert }}
+ tls.crt: {{ .Values.hubble.relay.tls.server.cert }}
+ tls.key: {{ .Values.hubble.relay.tls.server.key }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/cilium/templates/hubble-server-secret.yaml b/charts/cilium/templates/hubble-server-secret.yaml
new file mode 100644
index 0000000..1cdb806
--- /dev/null
+++ b/charts/cilium/templates/hubble-server-secret.yaml
@@ -0,0 +1,20 @@
+{{- if and .Values.agent (not .Values.preflight.enabled) .Values.hubble.enabled .Values.hubble.tls.enabled }}
+{{- $hubbleCertsProvided := and .Values.hubble.tls.ca.cert .Values.hubble.tls.server.cert .Values.hubble.tls.server.key }}
+{{- $hubbleCertsGenerate := and .Values.hubble.tls.auto.enabled (eq .Values.hubble.tls.auto.method "helm") .Values.hubble.relay.enabled -}}
+{{- if or $hubbleCertsProvided $hubbleCertsGenerate }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: hubble-server-certs
+ namespace: {{ .Release.Namespace }}
+type: kubernetes.io/tls
+data:
+{{- if $hubbleCertsGenerate }}
+{{ include "hubble.server.gen-certs" . | indent 2 }}
+{{- else }}
+ ca.crt: {{ .Values.hubble.tls.ca.cert }}
+ tls.crt: {{ .Values.hubble.tls.server.cert }}
+ tls.key: {{ .Values.hubble.tls.server.key }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/cilium/templates/hubble-ui-clusterrole.yaml b/charts/cilium/templates/hubble-ui-clusterrole.yaml
new file mode 100644
index 0000000..fc4aa2f
--- /dev/null
+++ b/charts/cilium/templates/hubble-ui-clusterrole.yaml
@@ -0,0 +1,44 @@
+{{- if and (.Values.hubble.ui.enabled) (.Values.serviceAccounts.ui.create) }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: hubble-ui
+rules:
+ - apiGroups:
+ - networking.k8s.io
+ resources:
+ - networkpolicies
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - componentstatuses
+ - endpoints
+ - namespaces
+ - nodes
+ - pods
+ - services
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - cilium.io
+ resources:
+ - "*"
+ verbs:
+ - get
+ - list
+ - watch
+{{- end }}
diff --git a/charts/cilium/templates/hubble-ui-clusterrolebinding.yaml b/charts/cilium/templates/hubble-ui-clusterrolebinding.yaml
new file mode 100644
index 0000000..455a83d
--- /dev/null
+++ b/charts/cilium/templates/hubble-ui-clusterrolebinding.yaml
@@ -0,0 +1,14 @@
+{{- if and (.Values.hubble.ui.enabled) (.Values.serviceAccounts.ui.create) }}
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: hubble-ui
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: hubble-ui
+subjects:
+- kind: ServiceAccount
+ namespace: {{ .Release.Namespace }}
+ name: {{ .Values.serviceAccounts.ui.name | quote }}
+{{- end }}
diff --git a/charts/cilium/templates/hubble-ui-configmap.yaml b/charts/cilium/templates/hubble-ui-configmap.yaml
new file mode 100644
index 0000000..3739516
--- /dev/null
+++ b/charts/cilium/templates/hubble-ui-configmap.yaml
@@ -0,0 +1,10 @@
+{{- if .Values.hubble.ui.enabled }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: hubble-ui-envoy
+ namespace: {{ .Release.Namespace }}
+data:
+{{ (.Files.Glob "files/envoy/*").AsConfig | indent 2 }}
+{{- end }}
diff --git a/charts/cilium/templates/hubble-ui-deployment.yaml b/charts/cilium/templates/hubble-ui-deployment.yaml
new file mode 100644
index 0000000..967af00
--- /dev/null
+++ b/charts/cilium/templates/hubble-ui-deployment.yaml
@@ -0,0 +1,94 @@
+{{- if .Values.hubble.ui.enabled }}
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ namespace: {{ .Release.Namespace }}
+ labels:
+ k8s-app: hubble-ui
+ name: hubble-ui
+spec:
+ replicas: {{ .Values.hubble.ui.replicas }}
+ selector:
+ matchLabels:
+ k8s-app: hubble-ui
+ template:
+ metadata:
+ annotations:
+{{- if .Values.hubble.ui.rollOutPods }}
+ # ensure pods roll when configmap updates
+ cilium.io/hubble-ui-envoy-configmap-checksum: {{ include (print $.Template.BasePath "/hubble-ui-configmap.yaml") . | sha256sum | quote }}
+{{- end }}
+{{- with .Values.hubble.ui.podAnnotations }}
+ {{- toYaml . | nindent 8 }}
+{{- end }}
+ labels:
+ k8s-app: hubble-ui
+{{- with .Values.hubble.ui.podLabels }}
+ {{- toYaml . | nindent 8 }}
+{{- end }}
+ spec:
+ {{- if .Values.hubble.ui.securityContext.enabled }}
+ securityContext:
+ runAsUser: 1001
+ {{- end }}
+ serviceAccount: {{ .Values.serviceAccounts.ui.name | quote }}
+ serviceAccountName: {{ .Values.serviceAccounts.ui.name | quote }}
+{{- with .Values.hubble.ui.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | trim | nindent 8 }}
+{{- end }}
+{{- with .Values.hubble.ui.tolerations }}
+ tolerations:
+ {{- toYaml . | trim | nindent 6 }}
+{{- end }}
+{{- if .Values.imagePullSecrets }}
+ imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 6 }}
+{{- end }}
+ containers:
+ - name: frontend
+ image: "{{ .Values.hubble.ui.frontend.image.repository }}:{{ .Values.hubble.ui.frontend.image.tag }}"
+ imagePullPolicy: {{ .Values.hubble.ui.frontend.image.pullPolicy }}
+ ports:
+ - containerPort: 8080
+ name: http
+ resources:
+ {{- toYaml .Values.hubble.ui.frontend.resources | trim | nindent 12 }}
+ - name: backend
+ image: "{{ .Values.hubble.ui.backend.image.repository }}:{{ .Values.hubble.ui.backend.image.tag }}"
+ imagePullPolicy: {{ .Values.hubble.ui.backend.image.pullPolicy }}
+ env:
+ - name: EVENTS_SERVER_PORT
+ value: "8090"
+ - name: FLOWS_API_ADDR
+ value: "hubble-relay:80"
+ ports:
+ - containerPort: 8090
+ name: grpc
+ resources:
+ {{- toYaml .Values.hubble.ui.backend.resources | trim | nindent 12 }}
+ - name: proxy
+ image: "{{ .Values.hubble.ui.proxy.image.repository }}:{{ .Values.hubble.ui.proxy.image.tag }}"
+ imagePullPolicy: {{ .Values.hubble.ui.proxy.image.pullPolicy }}
+ ports:
+ - containerPort: 8081
+ name: http
+ resources:
+ {{- toYaml .Values.hubble.ui.proxy.resources | trim | nindent 12 }}
+ command: ["envoy"]
+ args:
+ [
+ "-c",
+ "/etc/envoy.yaml",
+ "-l",
+ "info"
+ ]
+ volumeMounts:
+ - name: hubble-ui-envoy-yaml
+ mountPath: /etc/envoy.yaml
+ subPath: envoy.yaml
+ volumes:
+ - name: hubble-ui-envoy-yaml
+ configMap:
+ name: hubble-ui-envoy
+{{- end }}
diff --git a/charts/cilium/templates/hubble-ui-ingress.yaml b/charts/cilium/templates/hubble-ui-ingress.yaml
new file mode 100644
index 0000000..f67a423
--- /dev/null
+++ b/charts/cilium/templates/hubble-ui-ingress.yaml
@@ -0,0 +1,26 @@
+{{- if and (.Values.hubble.ui.enabled) (.Values.hubble.ui.ingress.enabled) -}}
+apiVersion: {{ template "ingress.apiVersion" . }}
+kind: Ingress
+metadata:
+ name: hubble-ui
+ namespace: {{ .Release.Namespace }}
+ labels:
+ k8s-app: hubble-ui
+{{- with .Values.hubble.ui.ingress.annotations }}
+ annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+{{- if .Values.hubble.ui.ingress.tls }}
+ tls:
+{{ toYaml .Values.hubble.ui.ingress.tls | indent 4 }}
+{{- end }}
+ rules:
+ {{- range .Values.hubble.ui.ingress.hosts }}
+ - host: {{ . }}
+ http:
+ paths:
+ - path: /
+{{ include "ingress.paths" $ | indent 12 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/cilium/templates/hubble-ui-service.yaml b/charts/cilium/templates/hubble-ui-service.yaml
new file mode 100644
index 0000000..5aa701d
--- /dev/null
+++ b/charts/cilium/templates/hubble-ui-service.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.hubble.ui.enabled }}
+kind: Service
+apiVersion: v1
+metadata:
+ name: hubble-ui
+ labels:
+ k8s-app: hubble-ui
+ namespace: {{ .Release.Namespace }}
+spec:
+ selector:
+ k8s-app: hubble-ui
+ ports:
+ - name: http
+ port: 80
+ targetPort: 8081
+ type: ClusterIP
+{{- end }}
diff --git a/charts/cilium/templates/hubble-ui-serviceaccount.yaml b/charts/cilium/templates/hubble-ui-serviceaccount.yaml
new file mode 100644
index 0000000..0b4a85d
--- /dev/null
+++ b/charts/cilium/templates/hubble-ui-serviceaccount.yaml
@@ -0,0 +1,11 @@
+{{- if and (.Values.hubble.ui.enabled) (.Values.serviceAccounts.ui.create) -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Values.serviceAccounts.ui.name | quote }}
+ namespace: {{ .Release.Namespace }}
+ {{- with .Values.serviceAccounts.ui.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/cilium/templates/validate.yaml b/charts/cilium/templates/validate.yaml
new file mode 100644
index 0000000..1e9cbb8
--- /dev/null
+++ b/charts/cilium/templates/validate.yaml
@@ -0,0 +1,18 @@
+{{/* validate hubble config */}}
+{{- if .Values.hubble.ui.enabled }}
+ {{- if not .Values.hubble.relay.enabled }}
+ {{ fail "Hubble UI requires .Values.hubble.relay.enabled=true" }}
+ {{- end }}
+{{- end }}
+{{- if .Values.hubble.relay.enabled }}
+ {{- if not .Values.hubble.enabled }}
+ {{ fail "Hubble Relay requires .Values.hubble.enabled=true" }}
+ {{- end }}
+{{- end }}
+
+{{/* validate service monitoring CRDs */}}
+{{- if and (.Values.prometheus.enabled) (or (.Values.prometheus.serviceMonitor.enabled) (.Values.operator.prometheus.serviceMonitor.enabled)) }}
+ {{- if not (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") }}
+ {{ fail "Service Monitor requires monitoring.coreos.com/v1 CRDs. Please refer to https://github.com/prometheus-operator/prometheus-operator/blob/master/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml" }}
+ {{- end }}
+{{- end }}
diff --git a/charts/cilium/values.yaml b/charts/cilium/values.yaml
new file mode 100644
index 0000000..ff1e3b9
--- /dev/null
+++ b/charts/cilium/values.yaml
@@ -0,0 +1,1697 @@
+# upgradeCompatibility helps users upgrading to ensure that the configMap for
+# Cilium will not change critical values to ensure continued operation
+# This is flag is not required for new installations.
+# For example: 1.7, 1.8, 1.9
+# upgradeCompatibility: '1.8'
+
+debug:
+ # -- Enable debug logging
+ enabled: false
+ # verbose:
+
+rbac:
+ # -- Enable creation of Resource-Based Access Control configuration.
+ create: true
+
+# -- Configure image pull secrets for pulling container images
+imagePullSecrets:
+# - name: "image-pull-secret"
+
+# kubeConfigPath: ~/.kube/config
+# k8sServiceHost:
+# k8sServicePort:
+
+cluster:
+ # -- Name of the cluster. Only required for Cluster Mesh.
+ name: default
+ # -- (int) Unique ID of the cluster. Must be unique across all connected
+ # clusters and in the range of 1 to 255. Only required for Cluster Mesh.
+ id:
+
+# -- Define serviceAccount names for components.
+# @default -- Component's fully qualified name.
+serviceAccounts:
+ cilium:
+ create: true
+ name: cilium
+ annotations: {}
+ etcd:
+ create: true
+ name: cilium-etcd-operator
+ annotations: {}
+ operator:
+ create: true
+ name: cilium-operator
+ annotations: {}
+ preflight:
+ create: true
+ name: cilium-pre-flight
+ annotations: {}
+ relay:
+ create: true
+ name: hubble-relay
+ annotations: {}
+ ui:
+ create: true
+ name: hubble-ui
+ annotations: {}
+ clustermeshApiserver:
+ create: true
+ name: clustermesh-apiserver
+ annotations: {}
+ # -- Clustermeshcertgen is used if clustermesh.apiserver.tls.auto.method=cronJob
+ clustermeshcertgen:
+ create: true
+ name: clustermesh-apiserver-generate-certs
+ annotations: {}
+ # -- Hubblecertgen is used if hubble.tls.auto.method=cronJob
+ hubblecertgen:
+ create: true
+ name: hubble-generate-certs
+ annotations: {}
+
+# -- Install the cilium agent resources.
+agent: true
+
+# -- Agent container name.
+name: cilium
+
+# -- Roll out cilium agent pods automatically when configmap is updated.
+rollOutCiliumPods: false
+
+# -- Agent container image.
+image:
+ repository: quay.io/cilium/cilium
+ tag: v1.10.7
+ pullPolicy: IfNotPresent
+ # cilium-digest
+ digest: "sha256:e23f55e80e1988db083397987a89967aa204ad6fc32da243b9160fbcea29b0ca"
+ useDigest: true
+
+# -- Pod affinity for cilium-agent.
+affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: kubernetes.io/os
+ operator: In
+ values:
+ - linux
+ # Compatible with Kubernetes 1.12.x and 1.13.x
+ - matchExpressions:
+ - key: beta.kubernetes.io/os
+ operator: In
+ values:
+ - linux
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchExpressions:
+ - key: k8s-app
+ operator: In
+ values:
+ - cilium
+ topologyKey: kubernetes.io/hostname
+
+# -- The priority class to use for cilium-agent.
+priorityClassName: ""
+
+# -- Additional agent container arguments.
+extraArgs: []
+
+# -- Additional agent container environment variables.
+extraEnv: {}
+
+# -- Additional InitContainers to initialize the pod.
+extraInitContainers: []
+
+# -- Additional agent hostPath mounts.
+extraHostPathMounts: []
+ # - name: host-mnt-data
+ # mountPath: /host/mnt/data
+ # hostPath: /mnt/data
+ # hostPathType: Directory
+ # readOnly: true
+ # mountPropagation: HostToContainer
+
+# -- Additional agent ConfigMap mounts.
+extraConfigmapMounts: []
+ # - name: certs-configmap
+ # mountPath: /certs
+ # configMap: certs-configmap
+ # readOnly: true
+
+# -- extraConfig allows you to specify additional configuration parameters to be
+# included in the cilium-config configmap.
+extraConfig: {}
+# my-config-a: "1234"
+# my-config-b: |-
+# test 1
+# test 2
+# test 3
+
+# -- Node tolerations for agent scheduling to nodes with taints
+# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+tolerations:
+- operator: Exists
+ # - key: "key"
+ # operator: "Equal|Exists"
+ # value: "value"
+ # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
+
+# -- Annotations to be added to agent pods
+podAnnotations: {}
+
+# -- Labels to be added to agent pods
+podLabels: {}
+
+# -- PodDisruptionBudget settings
+# ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
+podDisruptionBudget:
+ enabled: true
+ maxUnavailable: 2
+
+# -- Agent resource limits & requests
+# ref: https://kubernetes.io/docs/user-guide/compute-resources/
+resources: {}
+ # limits:
+ # cpu: 4000m
+ # memory: 4Gi
+ # requests:
+ # cpu: 100m
+ # memory: 512Mi
+
+# -- Security context to be added to agent pods
+securityContext: {}
+ # runAsUser: 0
+
+# -- Cilium agent update strategy
+updateStrategy:
+ rollingUpdate:
+ maxUnavailable: 2
+ type: RollingUpdate
+
+# Configuration Values for cilium-agent
+
+# -- Enable installation of PodCIDR routes between worker
+# nodes if worker nodes share a common L2 network segment.
+autoDirectNodeRoutes: false
+
+azure:
+ # -- Enable Azure integration
+ enabled: false
+ # resourceGroup: group1
+ # subscriptionID: 00000000-0000-0000-0000-000000000000
+ # tenantID: 00000000-0000-0000-0000-000000000000
+ # clientID: 00000000-0000-0000-0000-000000000000
+ # clientSecret: 00000000-0000-0000-0000-000000000000
+ # userAssignedIdentityID: 00000000-0000-0000-0000-000000000000
+
+alibabacloud:
+ # -- Enable AlibabaCloud ENI integration
+ enabled: false
+
+# -- Optimize TCP and UDP workloads and enable rate-limiting traffic from
+# individual Pods with EDT (Earliest Departure Time)
+# through the "kubernetes.io/egress-bandwidth" Pod annotation.
+bandwidthManager: false
+
+# -- Configure BGP
+bgp:
+ # -- Enable BGP support inside Cilium; embeds a new ConfigMap for BGP inside
+ # cilium-agent and cilium-operator
+ enabled: false
+ announce:
+ # -- Enable allocation and announcement of service LoadBalancer IPs
+ loadbalancerIP: false
+
+bpf:
+ # -- Enable BPF clock source probing for more efficient tick retrieval.
+ clockProbe: false
+
+ # -- Enables pre-allocation of eBPF map values. This increases
+ # memory usage but can reduce latency.
+ preallocateMaps: false
+
+ # -- Configure the maximum number of entries in the TCP connection tracking
+ # table.
+ # ctTcpMax: '524288'
+
+ # -- Configure the maximum number of entries for the non-TCP connection
+ # tracking table.
+ # ctAnyMax: '262144'
+
+ # -- Configure the maximum number of service entries in the
+ # load balancer maps.
+ lbMapMax: 65536
+
+ # -- Configure the maximum number of entries for the NAT table.
+ # natMax: 524288
+
+ # -- Configure the maximum number of entries for the neighbor table.
+ # neighMax: 524288
+
+ # -- Configure the maximum number of entries in endpoint policy map (per endpoint).
+ policyMapMax: 16384
+
+ # -- Configure auto-sizing for all BPF maps based on available memory.
+ # ref: https://docs.cilium.io/en/stable/concepts/ebpf/maps/#ebpf-maps
+ #mapDynamicSizeRatio: 0.0025
+
+ # -- Configure the level of aggregation for monitor notifications.
+ # Valid options are none, low, medium, maximum.
+ monitorAggregation: medium
+
+ # -- Configure the typical time between monitor notifications for
+ # active connections.
+ monitorInterval: "5s"
+
+ # -- Configure which TCP flags trigger notifications when seen for the
+ # first time in a connection.
+ monitorFlags: "all"
+
+ # -- Allow cluster external access to ClusterIP services.
+ lbExternalClusterIP: false
+
+ # -- Enable native IP masquerade support in eBPF
+ #masquerade: false
+
+ # -- Configure whether direct routing mode should route traffic via
+ # host stack (true) or directly and more efficiently out of BPF (false) if
+ # the kernel supports it. The latter has the implication that it will also
+ # bypass netfilter in the host namespace.
+ #hostRouting: true
+
+ # -- Configure the eBPF-based TPROXY to reduce reliance on iptables rules
+ # for implementing Layer 7 policy.
+ # tproxy: true
+
+ # -- Configure the FIB lookup bypass optimization for nodeport reverse
+ # NAT handling.
+ # lbBypassFIBLookup: true
+
+# -- Clean all eBPF datapath state from the initContainer of the cilium-agent
+# DaemonSet.
+#
+# WARNING: Use with care!
+cleanBpfState: false
+
+# -- Clean all local Cilium state from the initContainer of the cilium-agent
+# DaemonSet. Implies cleanBpfState: true.
+#
+# WARNING: Use with care!
+cleanState: false
+
+cni:
+ # -- Install the CNI configuration and binary files into the filesystem.
+ install: true
+
+ # -- Configure chaining on top of other CNI plugins. Possible values:
+ # - none
+ # - generic-veth
+ # - aws-cni
+ # - portmap
+ chainingMode: none
+
+ # -- Make Cilium take ownership over the `/etc/cni/net.d` directory on the
+ # node, renaming all non-Cilium CNI configurations to `*.cilium_bak`.
+ # This ensures no Pods can be scheduled using other CNI plugins during Cilium
+ # agent downtime.
+ exclusive: true
+
+ # -- Skip writing of the CNI configuration. This can be used if
+ # writing of the CNI configuration is performed by external automation.
+ customConf: false
+
+ # -- Configure the path to the CNI configuration directory on the host.
+ confPath: /etc/cni/net.d
+
+ # -- Configure the path to the CNI binary directory on the host.
+ binPath: /opt/cni/bin
+
+ # -- Specify the path to a CNI config to read from on agent start.
+ # This can be useful if you want to manage your CNI
+ # configuration outside of a Kubernetes environment. This parameter is
+ # mutually exclusive with the 'cni.configMap' parameter.
+ # readCniConf: /host/etc/cni/net.d/05-cilium.conf
+
+ # -- When defined, configMap will mount the provided value as ConfigMap and
+ # interpret the cniConf variable as CNI configuration file and write it
+ # when the agent starts up
+ # configMap: cni-configuration
+
+ # -- Configure the key in the CNI ConfigMap to read the contents of
+ # the CNI configuration from.
+ configMapKey: cni-config
+
+ # -- Configure the path to where to mount the ConfigMap inside the agent pod.
+ confFileMountPath: /tmp/cni-configuration
+
+ # -- Configure the path to where the CNI configuration directory is mounted
+ # inside the agent pod.
+ hostConfDirMountPath: /host/etc/cni/net.d
+
+# -- Configure how frequently garbage collection should occur for the datapath
+# connection tracking table.
+# conntrackGCInterval: "0s"
+
+# -- Configure container runtime specific integration.
+containerRuntime:
+ # -- Enables specific integrations for container runtimes.
+ # Supported values:
+ # - containerd
+ # - crio
+ # - docker
+ # - none
+ # - auto (automatically detect the container runtime)
+ integration: none
+ # -- Configure the path to the container runtime control socket.
+ # socketPath: /path/to/runtime.sock
+
+# crdWaitTimeout: ""
+
+# -- Tail call hooks for custom eBPF programs.
+customCalls:
+ # -- Enable tail call hooks for custom eBPF programs.
+ enabled: false
+
+# -- Configure which datapath mode should be used for configuring container
+# connectivity. Valid options are "veth" or "ipvlan".
+datapathMode: veth
+
+daemon:
+ # -- Configure where Cilium runtime state should be stored.
+ runPath: "/var/run/cilium"
+
+# -- Specify which network interfaces can run the eBPF datapath. This means
+# that a packet sent from a pod to a destination outside the cluster will be
+# masqueraded (to an output device IPv4 address), if the output device runs the
+# program. When not specified, probing will automatically detect devices.
+# devices: ""
+
+# -- Chains to ignore when installing feeder rules.
+# disableIptablesFeederRules: ""
+
+# -- Limit egress masquerading to interface selector.
+# egressMasqueradeInterfaces: ""
+
+# -- Whether to enable CNP status updates.
+enableCnpStatusUpdates: false
+
+# -- Configures the use of the KVStore to optimize Kubernetes event handling by
+# mirroring it into the KVstore for reduced overhead in large clusters.
+enableK8sEventHandover: false
+
+# TODO: Add documentation
+# enableIdentityMark: false
+
+# enableK8sEndpointSlice: false
+
+# -- Enables the fallback compatibility solution for when the xt_socket kernel
+# module is missing and it is needed for the datapath L7 redirection to work
+# properly. See documentation for details on when this can be disabled:
+# http://docs.cilium.io/en/stable/install/system_requirements/#admin-kernel-version.
+enableXTSocketFallback: true
+
+encryption:
+ # -- Enable transparent network encryption.
+ enabled: false
+
+ # -- Encryption method. Can be either ipsec or wireguard.
+ type: ipsec
+
+ # -- Enable encryption for pure node to node traffic.
+ # This option is only effective when encryption.type is set to ipsec.
+ nodeEncryption: false
+
+ ipsec:
+ # -- Name of the key file inside the Kubernetes secret configured via secretName.
+ keyFile: ""
+
+ # -- Path to mount the secret inside the Cilium pod.
+ mountPath: ""
+
+ # -- Name of the Kubernetes secret containing the encryption keys.
+ secretName: ""
+
+ # -- The interface to use for encrypted traffic.
+ interface: ""
+
+ # -- Deprecated in favor of encryption.ipsec.keyFile.
+ # Name of the key file inside the Kubernetes secret configured via secretName.
+ # This option is only effective when encryption.type is set to ipsec.
+ keyFile: keys
+
+ # -- Deprecated in favor of encryption.ipsec.mountPath.
+ # Path to mount the secret inside the Cilium pod.
+ # This option is only effective when encryption.type is set to ipsec.
+ mountPath: /etc/ipsec
+
+ # -- Deprecated in favor of encryption.ipsec.secretName.
+ # Name of the Kubernetes secret containing the encryption keys.
+ # This option is only effective when encryption.type is set to ipsec.
+ secretName: cilium-ipsec-keys
+
+ # -- Deprecated in favor of encryption.ipsec.interface.
+ # The interface to use for encrypted traffic.
+ # This option is only effective when encryption.type is set to ipsec.
+ interface: ""
+
+endpointHealthChecking:
+ # -- Enable connectivity health checking between virtual endpoints.
+ enabled: true
+
+# -- Enable endpoint status.
+# Status can be: policy, health, controllers, logs and / or state. For 2 or more options use a comma.
+endpointStatus:
+ enabled: false
+ status: ""
+
+endpointRoutes:
+ # -- Enable use of per endpoint routes instead of routing via
+ # the cilium_host interface.
+ enabled: false
+
+eni:
+ # -- Enable Elastic Network Interface (ENI) integration.
+ enabled: false
+ # -- Update ENI Adapter limits from the EC2 API
+ updateEC2AdapterLimitViaAPI: false
+ # -- Release IPs not used from the ENI
+ awsReleaseExcessIPs: false
+ # -- EC2 API endpoint to use
+ ec2APIEndpoint: ""
+ # -- Tags to apply to the newly created ENIs
+ eniTags: {}
+ # -- If using IAM role for Service Accounts will not try to
+ # inject identity values from cilium-aws kubernetes secret.
+ # Adds annotation to service account if managed by Helm.
+ # See https://github.com/aws/amazon-eks-pod-identity-webhook
+ iamRole: ""
+ # -- Filter via subnet IDs which will dictate which subnets are going to be used to create new ENIs
+ subnetIDsFilter: ""
+ # -- Filter via tags (k=v) which will dictate which subnets are going to be used to create new ENIs
+ subnetTagsFilter: ""
+
+externalIPs:
+ # -- Enable ExternalIPs service support.
+ enabled: false
+
+# fragmentTracking enables IPv4 fragment tracking support in the datapath.
+# fragmentTracking: true
+
+gke:
+ # -- Enable Google Kubernetes Engine integration
+ enabled: false
+
+# -- Enable connectivity health checking.
+healthChecking: true
+
+# -- TCP port for the agent health API. This is not the port for cilium-health.
+healthPort: 9876
+
+# -- Enables the enforcement of host policies in the eBPF datapath.
+hostFirewall: false
+
+hostPort:
+ # -- Enable hostPort service support.
+ enabled: false
+
+# -- Configure ClusterIP service handling in the host namespace (the node).
+hostServices:
+ # -- Enable host reachable services.
+ enabled: false
+
+ # -- Supported list of protocols to apply ClusterIP translation to.
+ protocols: tcp,udp
+
+ # -- Disable socket lb for non-root ns. This is used to enable Istio routing rules.
+ # hostNamespaceOnly: false
+
+# -- Configure certificate generation for Hubble integration.
+# If hubble.tls.auto.method=cronJob, these values are used
+# for the Kubernetes CronJob which will be scheduled regularly to
+# (re)generate any certificates not provided manually.
+certgen:
+ image:
+ repository: quay.io/cilium/certgen
+ tag: v0.1.5
+ pullPolicy: IfNotPresent
+ # -- Seconds after which the completed job pod will be deleted
+ ttlSecondsAfterFinished: 1800
+ # -- Labels to be added to hubble-certgen pods
+ podLabels: {}
+
+hubble:
+ # -- Enable Hubble (true by default).
+ enabled: true
+
+ # -- Buffer size of the channel Hubble uses to receive monitor events. If this
+ # value is not set, the queue size is set to the default monitor queue size.
+ # eventQueueSize: ""
+
+ # -- Number of recent flows for Hubble to cache. Defaults to 4095.
+ # Possible values are:
+ # 1, 3, 7, 15, 31, 63, 127, 255, 511, 1023,
+ # 2047, 4095, 8191, 16383, 32767, 65535
+ # eventBufferCapacity: "4095"
+
+ # -- Hubble metrics configuration.
+ # See https://docs.cilium.io/en/stable/configuration/metrics/#hubble-metrics
+ # for more comprehensive documentation about Hubble metrics.
+ metrics:
+ # -- Configures the list of metrics to collect. If empty or null, metrics
+ # are disabled.
+ # Example:
+ #
+ # enabled:
+ # - dns:query;ignoreAAAA
+ # - drop
+ # - tcp
+ # - flow
+ # - icmp
+ # - http
+ #
+ # You can specify the list of metrics from the helm CLI:
+ #
+ # --set metrics.enabled="{dns:query;ignoreAAAA,drop,tcp,flow,icmp,http}"
+ #
+ enabled: ~
+ # -- Configure the port the hubble metric server listens on.
+ port: 9091
+ serviceMonitor:
+ # -- Create ServiceMonitor resources for Prometheus Operator.
+ # This requires the prometheus CRDs to be available.
+ # ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml)
+ enabled: false
+ # -- Labels to add to ServiceMonitor hubble
+ labels: {}
+
+ # -- Unix domain socket path to listen to when Hubble is enabled.
+ socketPath: /var/run/cilium/hubble.sock
+
+ # -- An additional address for Hubble to listen to.
+ # Set this field ":4244" if you are enabling Hubble Relay, as it assumes that
+ # Hubble is listening on port 4244.
+ listenAddress: ":4244"
+
+ # -- TLS configuration for Hubble
+ tls:
+ # -- Enable mutual TLS for listenAddress. Setting this value to false is
+ # highly discouraged as the Hubble API provides access to potentially
+ # sensitive network flow metadata and is exposed on the host network.
+ enabled: true
+ # -- Configure automatic TLS certificates generation.
+ auto:
+ # -- Auto-generate certificates.
+ # When set to true, automatically generate a CA and certificates to
+ # enable mTLS between Hubble server and Hubble Relay instances. If set to
+ # false, the certs for Hubble server need to be provided by setting
+ # appropriate values below.
+ enabled: true
+ # -- Set the method to auto-generate certificates. Supported values:
+ # - helm: This method uses Helm to generate all certificates.
+ # - cronJob: This method uses a Kubernetes CronJob the generate any
+ # certificates not provided by the user at installation
+ # time.
+ method: helm
+ # -- Generated certificates validity duration in days.
+ certValidityDuration: 1095
+ # -- Schedule for certificates regeneration (regardless of their expiration date).
+ # Only used if method is "cronJob". If nil, then no recurring job will be created.
+ # Instead, only the one-shot job is deployed to generate the certificates at
+ # installation time.
+ #
+ # Defaults to midnight of the first day of every fourth month. For syntax, see
+ # https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/#schedule
+ schedule: "0 0 1 */4 *"
+ # -- base64 encoded PEM values for the Hubble CA certificate and private key.
+ ca:
+ cert: ""
+ # -- The CA private key (optional). If it is provided, then it will be
+ # used by hubble.tls.auto.method=cronJob to generate all other certificates.
+ # Otherwise, a ephemeral CA is generated if hubble.tls.auto.enabled=true.
+ key: ""
+ # -- base64 encoded PEM values for the Hubble server certificate and private key
+ server:
+ cert: ""
+ key: ""
+
+ relay:
+ # -- Enable Hubble Relay (requires hubble.enabled=true)
+ enabled: false
+
+ # -- Roll out Hubble Relay pods automatically when configmap is updated.
+ rollOutPods: false
+
+ # -- Hubble-relay container image.
+ image:
+ repository: quay.io/cilium/hubble-relay
+ tag: v1.10.7
+ # hubble-relay-digest
+ digest: "sha256:385fcc4fa315eb6b66626c3e5f607b6b6514c8c3a863c47c2b2dbc97790acb47"
+ useDigest: true
+ pullPolicy: IfNotPresent
+
+ # -- Specifies the resources for the hubble-relay pods
+ resources: {}
+
+ # -- Number of replicas run for the hubble-relay deployment.
+ replicas: 1
+
+ # -- Node labels for pod assignment
+ # ref: https://kubernetes.io/docs/user-guide/node-selection/
+ nodeSelector: {}
+
+ # -- Annotations to be added to hubble-relay pods
+ podAnnotations: {}
+
+ # -- Labels to be added to hubble-relay pods
+ podLabels: {}
+
+ # -- Node tolerations for pod assignment on nodes with taints
+ # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ #
+ tolerations: []
+
+ # -- hubble-relay update strategy
+ updateStrategy:
+ rollingUpdate:
+ maxUnavailable: 1
+ type: RollingUpdate
+
+ # -- Host to listen to. Specify an empty string to bind to all the interfaces.
+ listenHost: ""
+
+ # -- Port to listen to.
+ listenPort: "4245"
+
+ # -- TLS configuration for Hubble Relay
+ tls:
+ # -- base64 encoded PEM values for the hubble-relay client certificate and private key
+ # This keypair is presented to Hubble server instances for mTLS
+ # authentication and is required when hubble.tls.enabled is true.
+ # These values need to be set manually if hubble.tls.auto.enabled is false.
+ client:
+ cert: ""
+ key: ""
+ # -- base64 encoded PEM values for the hubble-relay server certificate and private key
+ server:
+ # When set to true, enable TLS on for Hubble Relay server
+ # (ie: for clients connecting to the Hubble Relay API).
+ enabled: false
+ # These values need to be set manually if hubble.tls.auto.enabled is false.
+ cert: ""
+ key: ""
+
+ # -- Dial timeout to connect to the local hubble instance to receive peer information (e.g. "30s").
+ dialTimeout: ~
+
+ # -- Backoff duration to retry connecting to the local hubble instance in case of failure (e.g. "30s").
+ retryTimeout: ~
+
+ # -- Max number of flows that can be buffered for sorting before being sent to the
+ # client (per request) (e.g. 100).
+ sortBufferLenMax: ~
+
+ # -- When the per-request flows sort buffer is not full, a flow is drained every
+ # time this timeout is reached (only affects requests in follow-mode) (e.g. "1s").
+ sortBufferDrainTimeout: ~
+
+ # -- Port to use for the k8s service backed by hubble-relay pods.
+ # If not set, it is dynamically assigned to port 443 if TLS is enabled and to
+ # port 80 if not.
+ # servicePort: 80
+
+ ui:
+ # -- Whether to enable the Hubble UI.
+ enabled: false
+
+ # -- Roll out Hubble-ui pods automatically when configmap is updated.
+ rollOutPods: false
+
+ backend:
+ # -- Hubble-ui backend image.
+ image:
+ repository: quay.io/cilium/hubble-ui-backend
+ tag: v0.8.5@sha256:2bce50cf6c32719d072706f7ceccad654bfa907b2745a496da99610776fe31ed
+ pullPolicy: IfNotPresent
+ # [Example]
+ # resources:
+ # limits:
+ # cpu: 1000m
+ # memory: 1024M
+ # requests:
+ # cpu: 100m
+ # memory: 64Mi
+ # -- Resource requests and limits for the 'backend' container of the 'hubble-ui' deployment.
+ resources: {}
+
+ frontend:
+ # -- Hubble-ui frontend image.
+ image:
+ repository: quay.io/cilium/hubble-ui
+ tag: v0.8.5@sha256:4eaca1ec1741043cfba6066a165b3bf251590cf4ac66371c4f63fbed2224ebb4
+ pullPolicy: IfNotPresent
+ # [Example]
+ # resources:
+ # limits:
+ # cpu: 1000m
+ # memory: 1024M
+ # requests:
+ # cpu: 100m
+ # memory: 64Mi
+ # -- Resource requests and limits for the 'frontend' container of the 'hubble-ui' deployment.
+ resources: {}
+
+ proxy:
+ # -- Hubble-ui ingress proxy image.
+ image:
+ repository: docker.io/envoyproxy/envoy
+ tag: v1.18.4@sha256:e5c2bb2870d0e59ce917a5100311813b4ede96ce4eb0c6bfa879e3fbe3e83935
+ pullPolicy: IfNotPresent
+ # [Example]
+ # resources:
+ # limits:
+ # cpu: 1000m
+ # memory: 1024M
+ # requests:
+ # cpu: 100m
+ # memory: 64Mi
+ # -- Resource requests and limits for the 'proxy' container of the 'hubble-ui' deployment.
+ resources: {}
+
+ # -- The number of replicas of Hubble UI to deploy.
+ replicas: 1
+
+ # -- Annotations to be added to hubble-ui pods
+ podAnnotations: {}
+
+ # -- Labels to be added to hubble-ui pods
+ podLabels: {}
+
+ # -- Node labels for pod assignment
+ # ref: https://kubernetes.io/docs/user-guide/node-selection/
+ nodeSelector: {}
+
+ # -- Node tolerations for pod assignment on nodes with taints
+ # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ #
+ tolerations: []
+
+ # -- hubble-ui update strategy.
+ updateStrategy:
+ rollingUpdate:
+ maxUnavailable: 1
+ type: RollingUpdate
+
+ securityContext:
+ # -- Whether to set the security context on the Hubble UI pods.
+ enabled: true
+
+ # -- hubble-ui ingress configuration.
+ ingress:
+ enabled: false
+ annotations: {}
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: "true"
+ hosts:
+ - chart-example.local
+ tls: []
+ # - secretName: chart-example-tls
+ # hosts:
+ # - chart-example.local
+
+
+# -- Method to use for identity allocation (`crd` or `kvstore`).
+identityAllocationMode: "crd"
+
+# TODO: Add documentation
+# identityChangeGracePeriod: "5s"
+
+# TODO: Add documentation
+# identityGCInterval:
+
+# TODO: Add documentation
+# identityHeartbeatTimeout: ""
+
+
+# -- Configure whether to install iptables rules to allow for TPROXY
+# (L7 proxy injection), iptables-based masquerading and compatibility
+# with kube-proxy.
+installIptablesRules: true
+
+# -- Install Iptables rules to skip netfilter connection tracking on all pod
+# traffic. This option is only effective when Cilium is running in direct
+# routing and full KPR mode. Moreover, this option cannot be enabled when Cilium
+# is running in a managed Kubernetes environment or in a chained CNI setup.
+installNoConntrackIptablesRules: false
+
+ipam:
+ # -- Configure IP Address Management mode.
+ # ref: https://docs.cilium.io/en/stable/concepts/networking/ipam/
+ mode: "cluster-pool"
+ operator:
+ # -- IPv4 CIDR range to delegate to individual nodes for IPAM.
+ clusterPoolIPv4PodCIDR: "10.0.0.0/8"
+ # -- IPv4 CIDR mask size to delegate to individual nodes for IPAM.
+ clusterPoolIPv4MaskSize: 24
+ # -- IPv6 CIDR range to delegate to individual nodes for IPAM.
+ clusterPoolIPv6PodCIDR: "fd00::/104"
+ # -- IPv6 CIDR mask size to delegate to individual nodes for IPAM.
+ clusterPoolIPv6MaskSize: 120
+
+# -- Configure the eBPF-based ip-masq-agent
+ipMasqAgent:
+ enabled: false
+
+# iptablesLockTimeout defines the iptables "--wait" option when invoked from Cilium.
+# iptablesLockTimeout: "5s"
+
+ipv4:
+ # -- Enable IPv4 support.
+ enabled: true
+
+ipv6:
+ # -- Enable IPv6 support.
+ enabled: false
+
+ipvlan:
+ # -- Enable the IPVLAN datapath
+ enabled: false
+
+ # -- masterDevice is the name of the device to use to attach secondary IPVLAN
+ # devices
+ # masterDevice: eth0
+
+# -- Configure Kubernetes specific configuration
+k8s: {}
+ # -- requireIPv4PodCIDR enables waiting for Kubernetes to provide the PodCIDR
+ # range via the Kubernetes node resource
+ # requireIPv4PodCIDR: false
+
+ # -- requireIPv6PodCIDR enables waiting for Kubernetes to provide the PodCIDR
+ # range via the Kubernetes node resource
+ # requireIPv6PodCIDR: false
+
+# -- Keep the deprecated selector labels when deploying Cilium DaemonSet.
+keepDeprecatedLabels: false
+
+# -- Keep the deprecated probes when deploying Cilium DaemonSet
+keepDeprecatedProbes: false
+
+startupProbe:
+ # -- failure threshold of startup probe.
+ # 105 x 2s translates to the old behaviour of the readiness probe (120s delay + 30 x 3s)
+ failureThreshold: 105
+ # -- interval between checks of the startup probe
+ periodSeconds: 2
+livenessProbe:
+ # -- failure threshold of liveness probe
+ failureThreshold: 10
+ # -- interval between checks of the liveness probe
+ periodSeconds: 30
+readinessProbe:
+ # -- failure threshold of readiness probe
+ failureThreshold: 3
+ # -- interval between checks of the readiness probe
+ periodSeconds: 30
+
+# -- Configure the kube-proxy replacement in Cilium BPF datapath
+# Valid options are "disabled", "probe", "partial", "strict".
+# ref: https://docs.cilium.io/en/stable/gettingstarted/kubeproxy-free/
+#kubeProxyReplacement: "disabled"
+
+# -- healthz server bind address for the kube-proxy replacement.
+# To enable set the value to '0.0.0.0:10256' for all ipv4
+# addresses and this '[::]:10256' for all ipv6 addresses.
+# By default it is disabled.
+kubeProxyReplacementHealthzBindAddr: ""
+
+l2NeighDiscovery:
+ # -- Enable L2 neighbour discovery in the agent
+ enabled: true
+ # -- Set period for arping
+ arping-refresh-period: "5m"
+
+# -- Enable Layer 7 network policy.
+l7Proxy: true
+
+# -- Enable Local Redirect Policy.
+localRedirectPolicy: false
+
+# To include or exclude matched resources from cilium identity evaluation
+# labels: ""
+
+# logOptions allows you to define logging options. eg:
+# logOptions:
+# format: json
+
+# -- Enables periodic logging of system load
+logSystemLoad: false
+
+
+# -- Configure maglev consistent hashing
+maglev: {}
+ # -- tableSize is the size (parameter M) for the backend table of one
+ # service entry
+ # tableSize:
+
+ # -- hashSeed is the cluster-wide base64 encoded seed for the hashing
+ # hashSeed:
+
+# -- Enables masquerading of IPv4 traffic leaving the node from endpoints.
+enableIPv4Masquerade: true
+
+# -- Enables masquerading of IPv6 traffic leaving the node from endpoints.
+enableIPv6Masquerade: true
+
+# -- Enables egress gateway (beta) to redirect and SNAT the traffic that
+# leaves the cluster.
+egressGateway:
+ enabled: false
+
+# -- Specify the CIDR for native routing (ie to avoid IP masquerade for).
+# This value corresponds to the configured cluster-cidr.
+# nativeRoutingCIDR:
+
+monitor:
+ # -- Enable the cilium-monitor sidecar.
+ enabled: false
+
+# -- Configure service load balancing
+# loadBalancer:
+ # -- standalone enables the standalone L4LB which does not connect to
+ # kube-apiserver.
+ # standalone: false
+
+ # -- algorithm is the name of the load balancing algorithm for backend
+ # selection e.g. random or maglev
+ # algorithm: random
+
+ # -- mode is the operation mode of load balancing for remote backends
+ # e.g. snat, dsr, hybrid
+ # mode: snat
+
+ # -- acceleration is the option to accelerate service handling via XDP
+ # e.g. native, disabled
+ # acceleration: disabled
+
+ # -- dsrDispatch configures whether IP option or IPIP encapsulation is
+ # used to pass a service IP and port to remote backend
+ # dsrDispatch: opt
+
+# -- Configure N-S k8s service loadbalancing
+nodePort:
+ # -- Enable the Cilium NodePort service implementation.
+ enabled: false
+
+ # -- Port range to use for NodePort services.
+ # range: "30000,32767"
+
+ # -- Set to true to prevent applications binding to service ports.
+ bindProtection: true
+
+ # -- Append NodePort range to ip_local_reserved_ports if clash with ephemeral
+ # ports is detected.
+ autoProtectPortRange: true
+
+ # -- Enable healthcheck nodePort server for NodePort services
+ enableHealthCheck: true
+
+# policyAuditMode: false
+
+# -- The agent can be put into one of the three policy enforcement modes:
+# default, always and never.
+# ref: https://docs.cilium.io/en/stable/policy/intro/#policy-enforcement-modes
+policyEnforcementMode: "default"
+
+pprof:
+ # -- Enable Go pprof debugging
+ enabled: false
+
+# -- Configure prometheus metrics on the configured port at /metrics
+prometheus:
+ enabled: false
+ port: 9090
+ serviceMonitor:
+ # -- Enable service monitors.
+ # This requires the prometheus CRDs to be available (see https://github.com/prometheus-operator/prometheus-operator/blob/master/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml)
+ #
+ enabled: false
+ # -- Labels to add to ServiceMonitor cilium-agent
+ labels: {}
+ # -- Specify the Kubernetes namespace where Prometheus expects to find
+ # service monitors configured.
+ # namespace: ""
+ # -- Metrics that should be enabled or disabled from the default metric
+ # list. (+metric_foo to enable metric_foo , -metric_bar to disable
+ # metric_bar).
+ # ref: https://docs.cilium.io/en/stable/operations/metrics/#exported-metrics
+ metrics: ~
+
+# -- Configure Istio proxy options.
+proxy:
+ prometheus:
+ enabled: true
+ port: "9095"
+ # -- Regular expression matching compatible Istio sidecar istio-proxy
+ # container image names
+ sidecarImageRegex: "cilium/istio_proxy"
+
+# -- Enable use of the remote node identity.
+# ref: https://docs.cilium.io/en/v1.7/install/upgrade/#configmap-remote-node-identity
+remoteNodeIdentity: true
+
+# -- Enable resource quotas for priority classes used in the cluster.
+resourceQuotas:
+ enabled: false
+ cilium:
+ hard:
+ # 5k nodes * 2 DaemonSets (Cilium and cilium node init)
+ pods: "10k"
+ operator:
+ hard:
+ # 15 "clusterwide" Cilium Operator pods for HA
+ pods: "15"
+
+# Need to document default
+##################
+#sessionAffinity: false
+
+# -- Do not run Cilium agent when running with clean mode. Useful to completely
+# uninstall Cilium as it will stop Cilium from starting and create artifacts
+# in the node.
+sleepAfterInit: false
+
+# -- Configure BPF socket operations configuration
+sockops:
+ # enabled enables installation of socket options acceleration.
+ enabled: false
+
+# TODO: Add documentation, default value
+# svcSourceRangeCheck:
+
+# synchronizeK8sNodes: true
+
+# -- Configure TLS configuration in the agent.
+tls:
+ enabled: true
+ secretsBackend: local
+
+# -- Configure the encapsulation configuration for communication between nodes.
+# Possible values:
+# - disabled
+# - vxlan (default)
+# - geneve
+tunnel: "vxlan"
+
+wellKnownIdentities:
+ # -- Enable the use of well-known identities.
+ enabled: false
+
+
+etcd:
+ # -- Enable etcd mode for the agent.
+ enabled: false
+
+ # -- cilium-etcd-operator image.
+ image:
+ repository: quay.io/cilium/cilium-etcd-operator
+ tag: v2.0.7
+ pullPolicy: IfNotPresent
+
+ # -- cilium-etcd-operator priorityClassName
+ priorityClassName: ""
+
+ # -- Additional cilium-etcd-operator container arguments.
+ extraArgs: []
+
+ # -- Additional InitContainers to initialize the pod.
+ extraInitContainers: []
+
+ # -- Additional cilium-etcd-operator hostPath mounts.
+ extraHostPathMounts: []
+ # - name: textfile-dir
+ # mountPath: /srv/txt_collector
+ # hostPath: /var/lib/cilium-etcd-operator
+ # readOnly: true
+ # mountPropagation: HostToContainer
+
+ # -- Additional cilium-etcd-operator ConfigMap mounts.
+ extraConfigmapMounts: []
+ # - name: certs-configmap
+ # mountPath: /certs
+ # configMap: certs-configmap
+ # readOnly: true
+
+ # -- Node tolerations for cilium-etcd-operator scheduling to nodes with taints
+ # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ tolerations:
+ - operator: Exists
+ # - key: "key"
+ # operator: "Equal|Exists"
+ # value: "value"
+ # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
+
+ # -- Node labels for cilium-etcd-operator pod assignment
+ # ref: https://kubernetes.io/docs/user-guide/node-selection/
+ nodeSelector: {}
+
+ # -- Annotations to be added to cilium-etcd-operator pods
+ podAnnotations: {}
+
+ # -- Labels to be added to cilium-etcd-operator pods
+ podLabels: {}
+
+ # -- PodDisruptionBudget settings
+ # ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
+ #
+ podDisruptionBudget:
+ enabled: true
+ maxUnavailable: 2
+
+ # -- cilium-etcd-operator resource limits & requests
+ # ref: https://kubernetes.io/docs/user-guide/compute-resources/
+ #
+ resources: {}
+ # limits:
+ # cpu: 4000m
+ # memory: 4Gi
+ # requests:
+ # cpu: 100m
+ # memory: 512Mi
+
+ # -- Security context to be added to cilium-etcd-operator pods
+ #
+ securityContext: {}
+ # runAsUser: 0
+
+ # -- cilium-etcd-operator update strategy
+ updateStrategy:
+ rollingUpdate:
+ maxSurge: 1
+ maxUnavailable: 1
+ type: RollingUpdate
+
+ # -- If etcd is behind a k8s service set this option to true so that Cilium
+ # does the service translation automatically without requiring a DNS to be
+ # running.
+ k8sService: false
+
+ # -- Cluster domain for cilium-etcd-operator.
+ clusterDomain: cluster.local
+
+ # -- List of etcd endpoints (not needed when using managed=true).
+ endpoints:
+ - https://CHANGE-ME:2379
+
+ # -- Enable use of TLS/SSL for connectivity to etcd. (auto-enabled if
+ # managed=true)
+ ssl: false
+
+operator:
+ # -- Enable the cilium-operator component (required).
+ enabled: true
+
+ # -- Roll out cilium-operator pods automatically when configmap is updated.
+ rollOutPods: false
+
+ # -- cilium-operator image.
+ image:
+ repository: quay.io/cilium/operator
+ tag: v1.10.7
+ # operator-generic-digest
+ genericDigest: "sha256:d0b491d8d8cb45862ed7f0410f65e7c141832f0f95262643fa5ff1edfcddcafe"
+ # operator-azure-digest
+ azureDigest: "sha256:556d692b2f08822101c159d9d6f731efe6c437d2b80f0ef96813e8745203c852"
+ # operator-aws-digest
+ awsDigest: "sha256:97b378e0e3b6b5ade6ae1706024c7a25fe6fc48e00102b65a6b7ac51d6327f40"
+ # operator-alibabacloud-digest
+ alibabacloudDigest: "sha256:7a6ccc99195ae6a8216d2a1e1e0cc05d49c2d263b194895da264899fe9d0f45a"
+ useDigest: true
+ pullPolicy: IfNotPresent
+ suffix: ""
+
+ # -- Number of replicas to run for the cilium-operator deployment
+ replicas: 2
+
+ # -- For using with an existing serviceAccount.
+ serviceAccountName: cilium-operator
+
+ # -- cilium-operator priorityClassName
+ priorityClassName: ""
+
+ # -- cilium-operator update strategy
+ updateStrategy:
+ rollingUpdate:
+ maxSurge: 1
+ maxUnavailable: 1
+ type: RollingUpdate
+
+ # -- cilium-operator affinity
+ affinity:
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchExpressions:
+ - key: io.cilium/app
+ operator: In
+ values:
+ - operator
+ topologyKey: kubernetes.io/hostname
+
+
+ # -- Additional cilium-operator container arguments.
+ extraArgs: []
+
+ # -- Additional cilium-operator environment variables.
+ extraEnv: {}
+
+ # -- Additional InitContainers to initialize the pod.
+ extraInitContainers: []
+
+ # -- Additional cilium-operator hostPath mounts.
+ extraHostPathMounts: []
+ # - name: host-mnt-data
+ # mountPath: /host/mnt/data
+ # hostPath: /mnt/data
+ # hostPathType: Directory
+ # readOnly: true
+ # mountPropagation: HostToContainer
+
+ # -- Additional cilium-operator ConfigMap mounts.
+ extraConfigmapMounts: []
+ # - name: certs-configmap
+ # mountPath: /certs
+ # configMap: certs-configmap
+ # readOnly: true
+
+ # -- Node tolerations for cilium-operator scheduling to nodes with taints
+ # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ tolerations:
+ - operator: Exists
+ # - key: "key"
+ # operator: "Equal|Exists"
+ # value: "value"
+ # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
+
+ # -- Node labels for cilium-operator pod assignment
+ # ref: https://kubernetes.io/docs/user-guide/node-selection/
+ #
+ nodeSelector: {}
+
+ # -- Annotations to be added to cilium-operator pods
+ podAnnotations: {}
+
+ # -- Labels to be added to cilium-operator pods
+ podLabels: {}
+
+ # -- PodDisruptionBudget settings
+ # ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
+ #
+ podDisruptionBudget:
+ enabled: false
+ maxUnavailable: 1
+
+ # -- cilium-operator resource limits & requests
+ # ref: https://kubernetes.io/docs/user-guide/compute-resources/
+ #
+ resources: {}
+ # limits:
+ # cpu: 1000m
+ # memory: 1Gi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+
+ # -- Security context to be added to cilium-operator pods
+ #
+ securityContext: {}
+ # runAsUser: 0
+
+ # -- Interval for endpoint garbage collection.
+ endpointGCInterval: "5m0s"
+
+ # -- Interval for identity garbage collection.
+ identityGCInterval: "15m0s"
+
+ # -- Timeout for identity heartbeats.
+ identityHeartbeatTimeout: "30m0s"
+
+ # -- Enable prometheus metrics for cilium-operator on the configured port at
+ # /metrics
+ prometheus:
+ enabled: false
+ port: 6942
+ serviceMonitor:
+ # -- Enable service monitors.
+ # This requires the prometheus CRDs to be available (see https://github.com/prometheus-operator/prometheus-operator/blob/master/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml)
+ ##
+ enabled: false
+ # -- Labels to add to ServiceMonitor cilium-operator
+ labels: {}
+
+ # -- Skip CRDs creation for cilium-operator
+ skipCRDCreation: false
+
+
+nodeinit:
+ # -- Enable the node initialization DaemonSet
+ enabled: false
+
+ # -- node-init image.
+ image:
+ repository: quay.io/cilium/startup-script
+ tag: 62bfbe88c17778aad7bef9fa57ff9e2d4a9ba0d8
+ pullPolicy: IfNotPresent
+
+ # -- The priority class to use for the nodeinit pod.
+ priorityClassName: ""
+
+ # -- node-init update strategy
+ updateStrategy:
+ type: RollingUpdate
+
+ # -- Additional nodeinit environment variables.
+ extraEnv: {}
+
+ # -- Additional nodeinit init containers.
+ extraInitContainers: []
+
+ # -- Additional nodeinit host path mounts.
+ extraHostPathMounts: []
+ # - name: textfile-dir
+ # mountPath: /srv/txt_collector
+ # hostPath: /var/lib/nodeinit
+ # readOnly: true
+ # mountPropagation: HostToContainer
+
+ # -- Additional nodeinit ConfigMap mounts.
+ extraConfigmapMounts: []
+ # - name: certs-configmap
+ # mountPath: /certs
+ # configMap: certs-configmap
+ # readOnly: true
+
+ # -- Node tolerations for nodeinit scheduling to nodes with taints
+ # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ #
+ tolerations:
+ - operator: Exists
+ # - key: "key"
+ # operator: "Equal|Exists"
+ # value: "value"
+ # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
+
+ # -- Node labels for nodeinit pod assignment
+ # ref: https://kubernetes.io/docs/user-guide/node-selection/
+ #
+ nodeSelector: {}
+
+ # -- Annotations to be added to node-init pods.
+ podAnnotations: {}
+
+ # -- Labels to be added to node-init pods.
+ podLabels: {}
+
+ # -- PodDisruptionBudget settings
+ # ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
+ #
+ podDisruptionBudget:
+ enabled: true
+ maxUnavailable: 2
+
+ # -- nodeinit resource limits & requests
+ # ref: https://kubernetes.io/docs/user-guide/compute-resources/
+ #
+ resources:
+ requests:
+ cpu: 100m
+ memory: 100Mi
+
+ # -- Security context to be added to nodeinit pods.
+ #
+ securityContext: {}
+ # runAsUser: 0
+
+ # -- bootstrapFile is the location of the file where the bootstrap timestamp is
+ # written by the node-init DaemonSet
+ bootstrapFile: "/tmp/cilium-bootstrap-time"
+
+preflight:
+ # -- Enable Cilium pre-flight resources (required for upgrade)
+ enabled: false
+
+ # -- Cilium pre-flight image.
+ image:
+ repository: quay.io/cilium/cilium
+ tag: v1.10.7
+ # cilium-digest
+ digest: "sha256:e23f55e80e1988db083397987a89967aa204ad6fc32da243b9160fbcea29b0ca"
+ useDigest: true
+ pullPolicy: IfNotPresent
+
+ # -- The priority class to use for the preflight pod.
+ priorityClassName: ""
+
+ # -- preflight update strategy
+ updateStrategy:
+ type: RollingUpdate
+
+ # -- Additional preflight environment variables.
+ extraEnv: {}
+
+ # -- Additional preflight init containers.
+ extraInitContainers: []
+
+ # -- Additional preflight host path mounts.
+ extraHostPathMounts: []
+ # - name: textfile-dir
+ # mountPath: /srv/txt_collector
+ # hostPath: /var/lib/preflight
+ # readOnly: true
+ # mountPropagation: HostToContainer
+
+ # -- Additional preflight ConfigMap mounts.
+ extraConfigmapMounts: []
+ # - name: certs-configmap
+ # mountPath: /certs
+ # configMap: certs-configmap
+ # readOnly: true
+
+ # -- Node tolerations for preflight scheduling to nodes with taints
+ # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ #
+ tolerations:
+ - effect: NoSchedule
+ key: node.kubernetes.io/not-ready
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/master
+ - effect: NoSchedule
+ key: node.cloudprovider.kubernetes.io/uninitialized
+ value: "true"
+ - key: CriticalAddonsOnly
+ operator: "Exists"
+ # - key: "key"
+ # operator: "Equal|Exists"
+ # value: "value"
+ # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
+
+ # -- Node labels for preflight pod assignment
+ # ref: https://kubernetes.io/docs/user-guide/node-selection/
+ #
+ nodeSelector: {}
+
+ # -- Annotations to be added to preflight pods
+ podAnnotations: {}
+
+ # -- Labels to be added to the preflight pod.
+ podLabels: {}
+
+ # -- PodDisruptionBudget settings
+ # ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
+ #
+ podDisruptionBudget:
+ enabled: true
+ maxUnavailable: 2
+
+ # -- preflight resource limits & requests
+ # ref: https://kubernetes.io/docs/user-guide/compute-resources/
+ #
+ resources: {}
+ # limits:
+ # cpu: 4000m
+ # memory: 4Gi
+ # requests:
+ # cpu: 100m
+ # memory: 512Mi
+
+ # -- Security context to be added to preflight pods
+ #
+ securityContext: {}
+ # runAsUser: 0
+
+ # -- Path to write the `--tofqdns-pre-cache` file to.
+ tofqdnsPreCache: ""
+ # -- By default we should always validate the installed CNPs before upgrading
+ # Cilium. This will make sure the user will have the policies deployed in the
+ # cluster with the right schema.
+ validateCNPs: true
+
+# -- Explicitly enable or disable priority class.
+# .Capabilities.KubeVersion is unsettable in `helm template` calls,
+# it depends on k8s libraries version that Helm was compiled against.
+# This option allows to explicitly disable setting the priority class, which
+# is useful for rendering charts for gke clusters in advance.
+enableCriticalPriorityClass: true
+
+# disableEnvoyVersionCheck removes the check for Envoy, which can be useful
+# on AArch64 as the images do not currently ship a version of Envoy.
+#disableEnvoyVersionCheck: false
+
+clustermesh:
+ # -- Deploy clustermesh-apiserver for clustermesh
+ useAPIServer: false
+
+ apiserver:
+ # -- Clustermesh API server image.
+ image:
+ repository: quay.io/cilium/clustermesh-apiserver
+ tag: v1.10.7
+ # clustermesh-apiserver-digest
+ digest: "sha256:9afb0a15afffdf84812c8174df9de86e35239fb87a6ffd9539877a9e643d8132"
+ useDigest: true
+ pullPolicy: IfNotPresent
+
+ etcd:
+ # -- Clustermesh API server etcd image.
+ image:
+ repository: quay.io/coreos/etcd
+ tag: v3.4.13
+ pullPolicy: IfNotPresent
+
+ service:
+ # -- The type of service used for apiserver access.
+ type: NodePort
+ # -- Optional port to use as the node port for apiserver access.
+ nodePort: 32379
+ # -- Optional loadBalancer IP address to use with type LoadBalancer.
+ # loadBalancerIP:
+
+ # -- Annotations for the clustermesh-apiserver
+ # For GKE LoadBalancer, use annotation cloud.google.com/load-balancer-type: "Internal"
+ # For EKS LoadBalancer, use annotation service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
+ annotations: {}
+
+ # -- Number of replicas run for the clustermesh-apiserver deployment.
+ replicas: 1
+
+ # -- Node labels for pod assignment
+ # ref: https://kubernetes.io/docs/user-guide/node-selection/
+ nodeSelector: {}
+
+ # -- Annotations to be added to clustermesh-apiserver pods
+ podAnnotations: {}
+
+ # -- Labels to be added to clustermesh-apiserver pods
+ podLabels: {}
+
+ # -- Resource requests and limits for the clustermesh-apiserver container of the clustermesh-apiserver deployment, such as
+ # resources:
+ # limits:
+ # cpu: 1000m
+ # memory: 1024M
+ # requests:
+ # cpu: 100m
+ # memory: 64Mi
+ resources: {}
+
+ # -- Node tolerations for pod assignment on nodes with taints
+ # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ tolerations: []
+
+ # -- clustermesh-apiserver update strategy
+ updateStrategy:
+ rollingUpdate:
+ maxUnavailable: 1
+ type: RollingUpdate
+
+ tls:
+ # -- Configure automatic TLS certificates generation.
+ # A Kubernetes CronJob is used the generate any
+ # certificates not provided by the user at installation
+ # time.
+ auto:
+ # -- When set to true, automatically generate a CA and certificates to
+ # enable mTLS between clustermesh-apiserver and external workload instances.
+ # If set to false, the certs to be provided by setting appropriate values below.
+ enabled: true
+ # Sets the method to auto-generate certificates. Supported values:
+ # - helm: This method uses Helm to generate all certificates.
+ # - cronJob: This method uses a Kubernetes CronJob the generate any
+ # certificates not provided by the user at installation
+ # time.
+ method: helm
+ # -- Generated certificates validity duration in days.
+ certValidityDuration: 1095
+ # -- Schedule for certificates regeneration (regardless of their expiration date).
+ # Only used if method is "cronJob". If nil, then no recurring job will be created.
+ # Instead, only the one-shot job is deployed to generate the certificates at
+ # installation time.
+ #
+ # Due to the out-of-band distribution of client certs to external workloads the
+ # CA is (re)regenerated only if it is not provided as a helm value and the k8s
+ # secret is manually deleted.
+ #
+ # Defaults to none. Commented syntax gives midnight of the first day of every
+ # fourth month. For syntax, see
+ # https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/#schedule
+ # schedule: "0 0 1 */4 *"
+ # -- base64 encoded PEM values for the ExternalWorkload CA certificate and private key.
+ ca:
+ # -- Optional CA cert. If it is provided, it will be used by the 'cronJob' method to
+ # generate all other certificates. Otherwise, an ephemeral CA is generated.
+ cert: ""
+ # -- Optional CA private key. If it is provided, it will be used by the 'cronJob' method to
+ # generate all other certificates. Otherwise, an ephemeral CA is generated.
+ key: ""
+ # -- base64 encoded PEM values for the clustermesh-apiserver server certificate and private key.
+ # Used if 'auto' is not enabled.
+ server:
+ cert: ""
+ key: ""
+ # -- base64 encoded PEM values for the clustermesh-apiserver admin certificate and private key.
+ # Used if 'auto' is not enabled.
+ admin:
+ cert: ""
+ key: ""
+ # -- base64 encoded PEM values for the clustermesh-apiserver client certificate and private key.
+ # Used if 'auto' is not enabled.
+ client:
+ cert: ""
+ key: ""
+ # -- base64 encoded PEM values for the clustermesh-apiserver remote cluster certificate and private key.
+ # Used if 'auto' is not enabled.
+ remote:
+ cert: ""
+ key: ""
+
+# -- Configure external workloads support
+externalWorkloads:
+ # -- Enable support for external workloads, such as VMs (false by default).
+ enabled: false
+
+# -- Configure cgroup related configuration
+cgroup:
+ autoMount:
+ # -- Enable auto mount of cgroup2 filesystem.
+ # When `autoMount` is enabled, cgroup2 filesystem is mounted at
+ # `cgroup.hostRoot` path on the underlying host and inside the cilium agent pod.
+ # If users disable `autoMount`, it's expected that users have mounted
+ # cgroup2 filesystem at the specified `cgroup.hostRoot` volume, and then the
+ # volume will be mounted inside the cilium agent pod at the same path.
+ enabled: true
+ # -- Configure cgroup root where cgroup2 filesystem is mounted on the host (see also: `cgroup.autoMount`)
+ hostRoot: /run/cilium/cgroupv2
diff --git a/charts/coredns/.helmignore b/charts/coredns/.helmignore
new file mode 100644
index 0000000..7c04072
--- /dev/null
+++ b/charts/coredns/.helmignore
@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+OWNERS
diff --git a/charts/coredns/Chart.yaml b/charts/coredns/Chart.yaml
new file mode 100644
index 0000000..15a0837
--- /dev/null
+++ b/charts/coredns/Chart.yaml
@@ -0,0 +1,21 @@
+annotations:
+ artifacthub.io/changes: |
+ - Initial helm chart changelog
+apiVersion: v2
+appVersion: 1.9.3
+description: CoreDNS is a DNS server that chains plugins and provides Kubernetes DNS
+ Services
+home: https://coredns.io
+icon: https://coredns.io/images/CoreDNS_Colour_Horizontal.png
+keywords:
+- coredns
+- dns
+- kubedns
+maintainers:
+- name: mrueg
+- name: haad
+name: coredns
+sources:
+- https://github.com/coredns/coredns
+type: application
+version: 1.19.4
diff --git a/charts/coredns/README.md b/charts/coredns/README.md
new file mode 100644
index 0000000..b8ce2ca
--- /dev/null
+++ b/charts/coredns/README.md
@@ -0,0 +1,188 @@
+# CoreDNS
+
+[CoreDNS](https://coredns.io/) is a DNS server that chains plugins and provides DNS Services
+
+# TL;DR;
+
+```console
+$ helm repo add coredns https://coredns.github.io/helm
+$ helm --namespace=kube-system install coredns coredns/coredns
+```
+
+## Introduction
+
+This chart bootstraps a [CoreDNS](https://github.com/coredns/coredns) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. This chart will provide DNS Services and can be deployed in multiple configuration to support various scenarios listed below:
+
+ - CoreDNS as a cluster dns service and a drop-in replacement for Kube/SkyDNS. This is the default mode and CoreDNS is deployed as cluster-service in kube-system namespace. This mode is chosen by setting `isClusterService` to true.
+ - CoreDNS as an external dns service. In this mode CoreDNS is deployed as any kubernetes app in user specified namespace. The CoreDNS service can be exposed outside the cluster by using using either the NodePort or LoadBalancer type of service. This mode is chosen by setting `isClusterService` to false.
+ - CoreDNS as an external dns provider for kubernetes federation. This is a sub case of 'external dns service' which uses etcd plugin for CoreDNS backend. This deployment mode as a dependency on `etcd-operator` chart, which needs to be pre-installed.
+
+## Prerequisites
+
+- Kubernetes 1.10 or later
+
+## Installing the Chart
+
+The chart can be installed as follows:
+
+```console
+$ helm repo add coredns https://coredns.github.io/helm
+$ helm --namespace=kube-system install coredns coredns/coredns
+```
+
+The command deploys CoreDNS on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists various ways to override default configuration during deployment.
+
+> **Tip**: List all releases using `helm list --all-namespaces`
+
+## Uninstalling the Chart
+
+To uninstall/delete the `coredns` deployment:
+
+```console
+$ helm uninstall coredns
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+
+| Parameter | Description | Default |
+|:------------------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------------------|
+| `image.repository` | The image repository to pull from | coredns/coredns |
+| `image.tag` | The image tag to pull from | `1.9.3` |
+| `image.pullPolicy` | Image pull policy | IfNotPresent |
+| `image.pullSecrets` | Specify container image pull secrets | `[]` |
+| `replicaCount` | Number of replicas | 1 |
+| `resources.limits.cpu` | Container maximum CPU | `100m` |
+| `resources.limits.memory` | Container maximum memory | `128Mi` |
+| `resources.requests.cpu` | Container requested CPU | `100m` |
+| `resources.requests.memory` | Container requested memory | `128Mi` |
+| `serviceType` | Kubernetes Service type | `ClusterIP` |
+| `prometheus.service.enabled` | Set this to `true` to create Service for Prometheus metrics | `false` |
+| `prometheus.service.annotations` | Annotations to add to the metrics Service | `{prometheus.io/scrape: "true", prometheus.io/port: "9153"}`|
+| `prometheus.monitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` |
+| `prometheus.monitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | {} |
+| `prometheus.monitor.namespace` | Selector to select which namespaces the Endpoints objects are discovered from. | `""` |
+| `prometheus.monitor.interval` | Scrape interval for polling the metrics endpoint. (E.g. "30s") | `""` |
+| `service.clusterIP` | IP address to assign to service | `""` |
+| `service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` |
+| `service.externalIPs` | External IP addresses | [] |
+| `service.externalTrafficPolicy` | Enable client source IP preservation | [] |
+| `service.annotations` | Annotations to add to service | {} |
+| `serviceAccount.create` | If true, create & use serviceAccount | false |
+| `serviceAccount.name` | If not set & create is true, use template fullname | |
+| `rbac.create` | If true, create & use RBAC resources | true |
+| `rbac.pspEnable` | Specifies whether a PodSecurityPolicy should be created. | `false` |
+| `isClusterService` | Specifies whether chart should be deployed as cluster-service or normal k8s app. | true |
+| `priorityClassName` | Name of Priority Class to assign pods | `""` |
+| `servers` | Configuration for CoreDNS and plugins | See values.yml |
+| `livenessProbe.enabled` | Enable/disable the Liveness probe | `true` |
+| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `60` |
+| `livenessProbe.periodSeconds` | How often to perform the probe | `10` |
+| `livenessProbe.timeoutSeconds` | When the probe times out | `5` |
+| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `5` |
+| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` |
+| `readinessProbe.enabled` | Enable/disable the Readiness probe | `true` |
+| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `30` |
+| `readinessProbe.periodSeconds` | How often to perform the probe | `10` |
+| `readinessProbe.timeoutSeconds` | When the probe times out | `5` |
+| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `5` |
+| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` |
+| `affinity` | Affinity settings for pod assignment | {} |
+| `nodeSelector` | Node labels for pod assignment | {} |
+| `tolerations` | Tolerations for pod assignment | [] |
+| `zoneFiles` | Configure custom Zone files | [] |
+| `extraVolumes` | Optional array of volumes to create | [] |
+| `extraVolumeMounts` | Optional array of volumes to mount inside the CoreDNS container | [] |
+| `extraSecrets` | Optional array of secrets to mount inside the CoreDNS container | [] |
+| `customLabels` | Optional labels for Deployment(s), Pod, Service, ServiceMonitor objects | {} |
+| `customAnnotations` | Optional annotations for Deployment(s), Pod, Service, ServiceMonitor objects
+| `rollingUpdate.maxUnavailable` | Maximum number of unavailable replicas during rolling update | `1` |
+| `rollingUpdate.maxSurge` | Maximum number of pods created above desired number of pods | `25%` |
+| `podDisruptionBudget` | Optional PodDisruptionBudget | {} |
+| `podAnnotations` | Optional Pod only Annotations | {} |
+| `terminationGracePeriodSeconds` | Optional duration in seconds the pod needs to terminate gracefully. | 30 |
+| `preStopSleep` | Definition of Kubernetes preStop hook executed before Pod termination | {} |
+| `hpa.enabled` | Enable Hpa autoscaler instead of proportional one | `false` |
+| `hpa.minReplicas` | Hpa minimum number of CoreDNS replicas | `1` |
+| `hpa.maxReplicas` | Hpa maximum number of CoreDNS replicas | `2` |
+| `hpa.metrics` | Metrics definitions used by Hpa to scale up and down | {} |
+| `autoscaler.enabled` | Optionally enabled a cluster-proportional-autoscaler for CoreDNS | `false` |
+| `autoscaler.coresPerReplica` | Number of cores in the cluster per CoreDNS replica | `256` |
+| `autoscaler.nodesPerReplica` | Number of nodes in the cluster per CoreDNS replica | `16` |
+| `autoscaler.min` | Min size of replicaCount | 0 |
+| `autoscaler.max` | Max size of replicaCount | 0 (aka no max) |
+| `autoscaler.includeUnschedulableNodes` | Should the replicas scale based on the total number or only schedulable nodes | `false` |
+| `autoscaler.preventSinglePointFailure` | If true does not allow single points of failure to form | `true` |
+| `autoscaler.customFlags` | A list of custom flags to pass into cluster-proportional-autoscaler | (no args) |
+| `autoscaler.image.repository` | The image repository to pull autoscaler from | k8s.gcr.io/cpa/cluster-proportional-autoscaler |
+| `autoscaler.image.tag` | The image tag to pull autoscaler from | `1.8.5` |
+| `autoscaler.image.pullPolicy` | Image pull policy for the autoscaler | IfNotPresent |
+| `autoscaler.image.pullSecrets` | Specify container image pull secrets | `[]` |
+| `autoscaler.priorityClassName` | Optional priority class for the autoscaler pod. `priorityClassName` used if not set. | `""` |
+| `autoscaler.affinity` | Affinity settings for pod assignment for autoscaler | {} |
+| `autoscaler.nodeSelector` | Node labels for pod assignment for autoscaler | {} |
+| `autoscaler.tolerations` | Tolerations for pod assignment for autoscaler | [] |
+| `autoscaler.resources.limits.cpu` | Container maximum CPU for cluster-proportional-autoscaler | `20m` |
+| `autoscaler.resources.limits.memory` | Container maximum memory for cluster-proportional-autoscaler | `10Mi` |
+| `autoscaler.resources.requests.cpu` | Container requested CPU for cluster-proportional-autoscaler | `20m` |
+| `autoscaler.resources.requests.memory` | Container requested memory for cluster-proportional-autoscaler | `10Mi` |
+| `autoscaler.configmap.annotations` | Annotations to add to autoscaler config map. For example to stop CI renaming them | {} |
+| `autoscaler.livenessProbe.enabled` | Enable/disable the Liveness probe | `true` |
+| `autoscaler.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `10` |
+| `autoscaler.livenessProbe.periodSeconds` | How often to perform the probe | `5` |
+| `autoscaler.livenessProbe.timeoutSeconds` | When the probe times out | `5` |
+| `autoscaler.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `3` |
+| `autoscaler.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` |
+| `deployment.enabled` | Optionally disable the main deployment and its respective resources. | `true` |
+| `deployment.name` | Name of the deployment if `deployment.enabled` is true. Otherwise the name of an existing deployment for the autoscaler or HPA to target. | `""` |
+| `deployment.annotations` | Annotations to add to the main deployment | `{}` |
+
+See `values.yaml` for configuration notes. Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+
+```console
+$ helm install coredns \
+ coredns/coredns \
+ --set rbac.create=false
+```
+
+The above command disables automatic creation of RBAC rules.
+
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
+
+```console
+$ helm install coredns coredns/coredns -f values.yaml
+```
+
+> **Tip**: You can use the default [values.yaml](values.yaml)
+
+
+## Caveats
+
+The chart will automatically determine which protocols to listen on based on
+the protocols you define in your zones. This means that you could potentially
+use both "TCP" and "UDP" on a single port.
+Some cloud environments like "GCE" or "Azure container service" cannot
+create external loadbalancers with both "TCP" and "UDP" protocols. So
+When deploying CoreDNS with `serviceType="LoadBalancer"` on such cloud
+environments, make sure you do not attempt to use both protocols at the same
+time.
+
+## Autoscaling
+
+By setting `autoscaler.enabled = true` a
+[cluster-proportional-autoscaler](https://github.com/kubernetes-incubator/cluster-proportional-autoscaler)
+will be deployed. This will default to a coredns replica for every 256 cores, or
+16 nodes in the cluster. These can be changed with `autoscaler.coresPerReplica`
+and `autoscaler.nodesPerReplica`. When cluster is using large nodes (with more
+cores), `coresPerReplica` should dominate. If using small nodes,
+`nodesPerReplica` should dominate.
+
+This also creates a ServiceAccount, ClusterRole, and ClusterRoleBinding for
+the autoscaler deployment.
+
+`replicaCount` is ignored if this is enabled.
+
+By setting `hpa.enabled = true` a [Horizontal Pod Autoscaler](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)
+is enabled for Coredns deployment. This can scale number of replicas based on meitrics
+like CpuUtilization, MemoryUtilization or Custom ones.
diff --git a/charts/coredns/templates/NOTES.txt b/charts/coredns/templates/NOTES.txt
new file mode 100644
index 0000000..3a1883b
--- /dev/null
+++ b/charts/coredns/templates/NOTES.txt
@@ -0,0 +1,30 @@
+{{- if .Values.isClusterService }}
+CoreDNS is now running in the cluster as a cluster-service.
+{{- else }}
+CoreDNS is now running in the cluster.
+It can be accessed using the below endpoint
+{{- if contains "NodePort" .Values.serviceType }}
+ export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "coredns.fullname" . }})
+ export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+ echo "$NODE_IP:$NODE_PORT"
+{{- else if contains "LoadBalancer" .Values.serviceType }}
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ You can watch the status by running 'kubectl get svc -w {{ template "coredns.fullname" . }}'
+
+ export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "coredns.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+ echo $SERVICE_IP
+{{- else if contains "ClusterIP" .Values.serviceType }}
+ "{{ template "coredns.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local"
+ from within the cluster
+{{- end }}
+{{- end }}
+
+It can be tested with the following:
+
+1. Launch a Pod with DNS tools:
+
+kubectl run -it --rm --restart=Never --image=infoblox/dnstools:latest dnstools
+
+2. Query the DNS server:
+
+/ # host kubernetes
diff --git a/charts/coredns/templates/_helpers.tpl b/charts/coredns/templates/_helpers.tpl
new file mode 100644
index 0000000..ade1523
--- /dev/null
+++ b/charts/coredns/templates/_helpers.tpl
@@ -0,0 +1,162 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "coredns.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "coredns.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Generate the list of ports automatically from the server definitions
+*/}}
+{{- define "coredns.servicePorts" -}}
+ {{/* Set ports to be an empty dict */}}
+ {{- $ports := dict -}}
+ {{/* Iterate through each of the server blocks */}}
+ {{- range .Values.servers -}}
+ {{/* Capture port to avoid scoping awkwardness */}}
+ {{- $port := toString .port -}}
+
+ {{/* If none of the server blocks has mentioned this port yet take note of it */}}
+ {{- if not (hasKey $ports $port) -}}
+ {{- $ports := set $ports $port (dict "istcp" false "isudp" false) -}}
+ {{- end -}}
+ {{/* Retrieve the inner dict that holds the protocols for a given port */}}
+ {{- $innerdict := index $ports $port -}}
+
+ {{/*
+ Look at each of the zones and check which protocol they serve
+ At the moment the following are supported by CoreDNS:
+ UDP: dns://
+ TCP: tls://, grpc://
+ */}}
+ {{- range .zones -}}
+ {{- if has (default "" .scheme) (list "dns://") -}}
+ {{/* Optionally enable tcp for this service as well */}}
+ {{- if eq (default false .use_tcp) true }}
+ {{- $innerdict := set $innerdict "istcp" true -}}
+ {{- end }}
+ {{- $innerdict := set $innerdict "isudp" true -}}
+ {{- end -}}
+
+ {{- if has (default "" .scheme) (list "tls://" "grpc://") -}}
+ {{- $innerdict := set $innerdict "istcp" true -}}
+ {{- end -}}
+ {{- end -}}
+
+ {{/* If none of the zones specify scheme, default to dns:// on both tcp & udp */}}
+ {{- if and (not (index $innerdict "istcp")) (not (index $innerdict "isudp")) -}}
+ {{- $innerdict := set $innerdict "isudp" true -}}
+ {{- $innerdict := set $innerdict "istcp" true -}}
+ {{- end -}}
+
+ {{- if .nodePort -}}
+ {{- $innerdict := set $innerdict "nodePort" .nodePort -}}
+ {{- end -}}
+
+ {{/* Write the dict back into the outer dict */}}
+ {{- $ports := set $ports $port $innerdict -}}
+ {{- end -}}
+
+ {{/* Write out the ports according to the info collected above */}}
+ {{- range $port, $innerdict := $ports -}}
+ {{- $portList := list -}}
+ {{- if index $innerdict "isudp" -}}
+ {{- $portList = append $portList (dict "port" ($port | int) "protocol" "UDP" "name" (printf "udp-%s" $port)) -}}
+ {{- end -}}
+ {{- if index $innerdict "istcp" -}}
+ {{- $portList = append $portList (dict "port" ($port | int) "protocol" "TCP" "name" (printf "tcp-%s" $port)) -}}
+ {{- end -}}
+
+ {{- range $portDict := $portList -}}
+ {{- if index $innerdict "nodePort" -}}
+ {{- $portDict := set $portDict "nodePort" (get $innerdict "nodePort" | int) -}}
+ {{- end -}}
+
+ {{- printf "- %s\n" (toJson $portDict) -}}
+ {{- end -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Generate the list of ports automatically from the server definitions
+*/}}
+{{- define "coredns.containerPorts" -}}
+ {{/* Set ports to be an empty dict */}}
+ {{- $ports := dict -}}
+ {{/* Iterate through each of the server blocks */}}
+ {{- range .Values.servers -}}
+ {{/* Capture port to avoid scoping awkwardness */}}
+ {{- $port := toString .port -}}
+
+ {{/* If none of the server blocks has mentioned this port yet take note of it */}}
+ {{- if not (hasKey $ports $port) -}}
+ {{- $ports := set $ports $port (dict "istcp" false "isudp" false) -}}
+ {{- end -}}
+ {{/* Retrieve the inner dict that holds the protocols for a given port */}}
+ {{- $innerdict := index $ports $port -}}
+
+ {{/*
+ Look at each of the zones and check which protocol they serve
+ At the moment the following are supported by CoreDNS:
+ UDP: dns://
+ TCP: tls://, grpc://
+ */}}
+ {{- range .zones -}}
+ {{- if has (default "" .scheme) (list "dns://") -}}
+ {{/* Optionally enable tcp for this service as well */}}
+ {{- if eq (default false .use_tcp) true }}
+ {{- $innerdict := set $innerdict "istcp" true -}}
+ {{- end }}
+ {{- $innerdict := set $innerdict "isudp" true -}}
+ {{- end -}}
+
+ {{- if has (default "" .scheme) (list "tls://" "grpc://") -}}
+ {{- $innerdict := set $innerdict "istcp" true -}}
+ {{- end -}}
+ {{- end -}}
+
+ {{/* If none of the zones specify scheme, default to dns:// on both tcp & udp */}}
+ {{- if and (not (index $innerdict "istcp")) (not (index $innerdict "isudp")) -}}
+ {{- $innerdict := set $innerdict "isudp" true -}}
+ {{- $innerdict := set $innerdict "istcp" true -}}
+ {{- end -}}
+
+ {{/* Write the dict back into the outer dict */}}
+ {{- $ports := set $ports $port $innerdict -}}
+ {{- end -}}
+
+ {{/* Write out the ports according to the info collected above */}}
+ {{- range $port, $innerdict := $ports -}}
+ {{- if index $innerdict "isudp" -}}
+ {{- printf "- {containerPort: %v, protocol: UDP, name: udp-%s}\n" $port $port -}}
+ {{- end -}}
+ {{- if index $innerdict "istcp" -}}
+ {{- printf "- {containerPort: %v, protocol: TCP, name: tcp-%s}\n" $port $port -}}
+ {{- end -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "coredns.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+ {{ default (include "coredns.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
diff --git a/charts/coredns/templates/clusterrole-autoscaler.yaml b/charts/coredns/templates/clusterrole-autoscaler.yaml
new file mode 100644
index 0000000..1d738fa
--- /dev/null
+++ b/charts/coredns/templates/clusterrole-autoscaler.yaml
@@ -0,0 +1,39 @@
+{{- if and .Values.autoscaler.enabled .Values.rbac.create }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "coredns.fullname" . }}-autoscaler
+ labels:
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name }}-autoscaler
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: "CoreDNS"
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}-autoscaler
+{{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels | indent 4 }}
+{{- end }}
+{{- with .Values.customAnnotations }}
+ annotations:
+{{- toYaml . | nindent 4 }}
+{{- end }}
+rules:
+ - apiGroups: [""]
+ resources: ["nodes"]
+ verbs: ["list","watch"]
+ - apiGroups: [""]
+ resources: ["replicationcontrollers/scale"]
+ verbs: ["get", "update"]
+ - apiGroups: ["extensions", "apps"]
+ resources: ["deployments/scale", "replicasets/scale"]
+ verbs: ["get", "update"]
+# Remove the configmaps rule once below issue is fixed:
+# kubernetes-incubator/cluster-proportional-autoscaler#16
+ - apiGroups: [""]
+ resources: ["configmaps"]
+ verbs: ["get", "create"]
+{{- end }}
diff --git a/charts/coredns/templates/clusterrole.yaml b/charts/coredns/templates/clusterrole.yaml
new file mode 100644
index 0000000..8544681
--- /dev/null
+++ b/charts/coredns/templates/clusterrole.yaml
@@ -0,0 +1,45 @@
+{{- if and .Values.deployment.enabled .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "coredns.fullname" . }}
+ labels:
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name | quote }}
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: "CoreDNS"
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - endpoints
+ - services
+ - pods
+ - namespaces
+ verbs:
+ - list
+ - watch
+- apiGroups:
+ - discovery.k8s.io
+ resources:
+ - endpointslices
+ verbs:
+ - list
+ - watch
+{{- if .Values.rbac.pspEnable }}
+- apiGroups:
+ - policy
+ - extensions
+ resources:
+ - podsecuritypolicies
+ verbs:
+ - use
+ resourceNames:
+ - {{ template "coredns.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/coredns/templates/clusterrolebinding-autoscaler.yaml b/charts/coredns/templates/clusterrolebinding-autoscaler.yaml
new file mode 100644
index 0000000..82a91d0
--- /dev/null
+++ b/charts/coredns/templates/clusterrolebinding-autoscaler.yaml
@@ -0,0 +1,32 @@
+{{- if and .Values.autoscaler.enabled .Values.rbac.create }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ template "coredns.fullname" . }}-autoscaler
+ labels:
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name }}-autoscaler
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: "CoreDNS"
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}-autoscaler
+{{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels | indent 4 }}
+{{- end }}
+{{- with .Values.customAnnotations }}
+ annotations:
+{{- toYaml . | nindent 4 }}
+{{- end }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "coredns.fullname" . }}-autoscaler
+subjects:
+- kind: ServiceAccount
+ name: {{ template "coredns.fullname" . }}-autoscaler
+ namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/coredns/templates/clusterrolebinding.yaml b/charts/coredns/templates/clusterrolebinding.yaml
new file mode 100644
index 0000000..1d3cb53
--- /dev/null
+++ b/charts/coredns/templates/clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{- if and .Values.deployment.enabled .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ template "coredns.fullname" . }}
+ labels:
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name | quote }}
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: "CoreDNS"
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "coredns.fullname" . }}
+subjects:
+- kind: ServiceAccount
+ name: {{ template "coredns.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/coredns/templates/configmap-autoscaler.yaml b/charts/coredns/templates/configmap-autoscaler.yaml
new file mode 100644
index 0000000..c690e7a
--- /dev/null
+++ b/charts/coredns/templates/configmap-autoscaler.yaml
@@ -0,0 +1,42 @@
+{{- if .Values.autoscaler.enabled }}
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: {{ template "coredns.fullname" . }}-autoscaler
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name }}-autoscaler
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: "CoreDNS"
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}-autoscaler
+ {{- if .Values.customLabels }}
+ {{- toYaml .Values.customLabels | nindent 4 }}
+ {{- end }}
+ {{- if or .Values.autoscaler.configmap.annotations .Values.customAnnotations }}
+ annotations:
+ {{- if .Values.customAnnotations }}
+ {{- toYaml .Values.customAnnotations | nindent 4 }}
+ {{- end }}
+ {{- if .Values.autoscaler.configmap.annotations -}}
+ {{ toYaml .Values.autoscaler.configmap.annotations | nindent 4 }}
+ {{- end }}
+ {{- end }}
+data:
+ # When cluster is using large nodes(with more cores), "coresPerReplica" should dominate.
+ # If using small nodes, "nodesPerReplica" should dominate.
+ linear: |-
+ {
+ "coresPerReplica": {{ .Values.autoscaler.coresPerReplica | float64 }},
+ "nodesPerReplica": {{ .Values.autoscaler.nodesPerReplica | float64 }},
+ "preventSinglePointFailure": {{ .Values.autoscaler.preventSinglePointFailure }},
+ "min": {{ .Values.autoscaler.min | int }},
+ "max": {{ .Values.autoscaler.max | int }},
+ "includeUnschedulableNodes": {{ .Values.autoscaler.includeUnschedulableNodes }}
+ }
+{{- end }}
diff --git a/charts/coredns/templates/configmap.yaml b/charts/coredns/templates/configmap.yaml
new file mode 100644
index 0000000..a1d8668
--- /dev/null
+++ b/charts/coredns/templates/configmap.yaml
@@ -0,0 +1,43 @@
+{{- if .Values.deployment.enabled }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "coredns.fullname" . }}
+ labels:
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name | quote }}
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: "CoreDNS"
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}
+{{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels | indent 4 }}
+{{- end }}
+{{- with .Values.customAnnotations }}
+ annotations:
+{{- toYaml . | nindent 4 }}
+{{- end }}
+data:
+ Corefile: |-
+ {{- range $name, $conf := .Values.extraConfig }}
+ {{ $name }}{{ if $conf.parameters }} {{ $conf.parameters }}{{ end }}
+ {{- end }}
+ {{ range .Values.servers }}
+ {{- range $idx, $zone := .zones }}{{ if $idx }} {{ else }}{{ end }}{{ default "" $zone.scheme }}{{ default "." $zone.zone }}{{ else }}.{{ end -}}
+ {{- if .port }}:{{ .port }} {{ end -}}
+ {
+ {{- range .plugins }}
+ {{ .name }}{{ if .parameters }} {{ .parameters }}{{ end }}{{ if .configBlock }} {
+{{ .configBlock | indent 12 }}
+ }{{ end }}
+ {{- end }}
+ }
+ {{ end }}
+ {{- range .Values.zoneFiles }}
+ {{ .filename }}: {{ toYaml .contents | indent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/coredns/templates/deployment-autoscaler.yaml b/charts/coredns/templates/deployment-autoscaler.yaml
new file mode 100644
index 0000000..31bcc96
--- /dev/null
+++ b/charts/coredns/templates/deployment-autoscaler.yaml
@@ -0,0 +1,96 @@
+{{- if and (.Values.autoscaler.enabled) (not .Values.hpa.enabled) }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ template "coredns.fullname" . }}-autoscaler
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name }}-autoscaler
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: "CoreDNS"
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}-autoscaler
+{{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels | indent 4 }}
+{{- end }}
+{{- with .Values.customAnnotations }}
+ annotations:
+{{- toYaml . | nindent 4 }}
+{{- end }}
+spec:
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name }}-autoscaler
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}-autoscaler
+ template:
+ metadata:
+ labels:
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name }}-autoscaler
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}-autoscaler
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ {{- if .Values.customLabels }}
+ {{ toYaml .Values.customLabels | nindent 8 }}
+ {{- end }}
+ annotations:
+ checksum/configmap: {{ include (print $.Template.BasePath "/configmap-autoscaler.yaml") . | sha256sum }}
+ {{- if .Values.isClusterService }}
+ scheduler.alpha.kubernetes.io/critical-pod: ''
+ scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
+ {{- end }}
+ spec:
+ serviceAccountName: {{ template "coredns.fullname" . }}-autoscaler
+ {{- $priorityClassName := default .Values.priorityClassName .Values.autoscaler.priorityClassName }}
+ {{- if $priorityClassName }}
+ priorityClassName: {{ $priorityClassName | quote }}
+ {{- end }}
+ {{- if .Values.autoscaler.affinity }}
+ affinity:
+{{ toYaml .Values.autoscaler.affinity | indent 8 }}
+ {{- end }}
+ {{- if .Values.autoscaler.tolerations }}
+ tolerations:
+{{ toYaml .Values.autoscaler.tolerations | indent 8 }}
+ {{- end }}
+ {{- if .Values.autoscaler.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.autoscaler.nodeSelector | indent 8 }}
+ {{- end }}
+ containers:
+ - name: autoscaler
+ image: "{{ .Values.autoscaler.image.repository }}:{{ .Values.autoscaler.image.tag }}"
+ imagePullPolicy: {{ .Values.autoscaler.image.pullPolicy }}
+ resources:
+{{ toYaml .Values.autoscaler.resources | indent 10 }}
+ {{- if .Values.autoscaler.livenessProbe.enabled }}
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: 8080
+ scheme: HTTP
+ initialDelaySeconds: {{ .Values.autoscaler.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.autoscaler.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.autoscaler.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.autoscaler.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.autoscaler.livenessProbe.failureThreshold }}
+ {{- end }}
+ command:
+ - /cluster-proportional-autoscaler
+ - --namespace={{ .Release.Namespace }}
+ - --configmap={{ template "coredns.fullname" . }}-autoscaler
+ - --target=Deployment/{{ default (include "coredns.fullname" .) .Values.deployment.name }}
+ - --logtostderr=true
+ - --v=2
+ {{- if .Values.autoscaler.customFlags }}
+{{ toYaml .Values.autoscaler.customFlags | indent 10 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/coredns/templates/deployment.yaml b/charts/coredns/templates/deployment.yaml
new file mode 100644
index 0000000..5d05c22
--- /dev/null
+++ b/charts/coredns/templates/deployment.yaml
@@ -0,0 +1,163 @@
+{{- if .Values.deployment.enabled }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ default (include "coredns.fullname" .) .Values.deployment.name }}
+ labels:
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name | quote }}
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: "CoreDNS"
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}
+ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels | indent 4 }}
+{{- end }}
+ {{- if or .Values.deployment.annotations .Values.customAnnotations }}
+ annotations:
+ {{- if .Values.customAnnotations }}
+ {{- toYaml .Values.customAnnotations | nindent 4 }}
+ {{- end }}
+ {{- if .Values.deployment.annotations }}
+ {{- toYaml .Values.deployment.annotations | nindent 4 }}
+ {{- end }}
+ {{- end }}
+spec:
+ {{- if not .Values.autoscaler.enabled }}
+ replicas: {{ .Values.replicaCount }}
+ {{- end }}
+ strategy:
+ type: RollingUpdate
+ rollingUpdate:
+ maxUnavailable: {{ .Values.rollingUpdate.maxUnavailable }}
+ maxSurge: {{ .Values.rollingUpdate.maxSurge }}
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name | quote }}
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}
+ template:
+ metadata:
+ labels:
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name | quote }}
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+{{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels | indent 8 }}
+{{- end }}
+ annotations:
+ checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ {{- if .Values.isClusterService }}
+ scheduler.alpha.kubernetes.io/critical-pod: ''
+ scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
+ {{- end }}
+{{- if .Values.podAnnotations }}
+{{ toYaml .Values.podAnnotations | indent 8 }}
+{{- end }}
+ spec:
+ {{- if .Values.terminationGracePeriodSeconds }}
+ terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
+ {{- end }}
+ serviceAccountName: {{ template "coredns.serviceAccountName" . }}
+ {{- if .Values.priorityClassName }}
+ priorityClassName: {{ .Values.priorityClassName | quote }}
+ {{- end }}
+ {{- if .Values.isClusterService }}
+ dnsPolicy: Default
+ {{- end }}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+ {{- if .Values.tolerations }}
+ tolerations:
+{{ toYaml .Values.tolerations | indent 8 }}
+ {{- end }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end }}
+ containers:
+ - name: "coredns"
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ args: [ "-conf", "/etc/coredns/Corefile" ]
+ volumeMounts:
+ - name: config-volume
+ mountPath: /etc/coredns
+{{- range .Values.extraSecrets }}
+ - name: {{ .name }}
+ mountPath: {{ .mountPath }}
+ readOnly: true
+{{- end }}
+{{- if .Values.extraVolumeMounts }}
+{{- toYaml .Values.extraVolumeMounts | nindent 8}}
+{{- end }}
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
+ ports:
+{{ include "coredns.containerPorts" . | indent 8 }}
+ {{- if .Values.livenessProbe.enabled }}
+ livenessProbe:
+ httpGet:
+ path: /health
+ port: 8080
+ scheme: HTTP
+ initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
+ {{- end }}
+ {{- if .Values.readinessProbe.enabled }}
+ readinessProbe:
+ httpGet:
+ path: /ready
+ port: 8181
+ scheme: HTTP
+ initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.readinessProbe.successThreshold }}
+ failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
+ {{- end }}
+ {{- if .Values.preStopSleep }}
+ lifecycle:
+ preStop:
+ exec:
+ command: ["/usr/bin/sleep", "{{ .Values.preStopSleep }}"]
+ {{- end }}
+{{- if .Values.securityContext }}
+ securityContext:
+{{- toYaml .Values.securityContext | nindent 10 }}
+{{- end }}
+ volumes:
+ - name: config-volume
+ configMap:
+ name: {{ template "coredns.fullname" . }}
+ items:
+ - key: Corefile
+ path: Corefile
+ {{ range .Values.zoneFiles }}
+ - key: {{ .filename }}
+ path: {{ .filename }}
+ {{ end }}
+{{- range .Values.extraSecrets }}
+ - name: {{ .name }}
+ secret:
+ secretName: {{ .name }}
+ defaultMode: 400
+{{- end }}
+{{- if .Values.extraVolumes }}
+{{ toYaml .Values.extraVolumes | indent 8 }}
+{{- end }}
+{{- end }}
diff --git a/charts/coredns/templates/hpa.yaml b/charts/coredns/templates/hpa.yaml
new file mode 100644
index 0000000..79fc4cc
--- /dev/null
+++ b/charts/coredns/templates/hpa.yaml
@@ -0,0 +1,37 @@
+{{- if and (.Values.hpa.enabled) (not .Values.autoscaler.enabled) }}
+---
+apiVersion: autoscaling/v2beta2
+kind: HorizontalPodAutoscaler
+metadata:
+ name: {{ template "coredns.fullname" . }}
+ labels:
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name | quote }}
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: "CoreDNS"
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}
+{{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels | indent 4 }}
+{{- end }}
+{{- with .Values.customAnnotations }}
+ annotations:
+{{- toYaml . | nindent 4 }}
+{{- end }}
+spec:
+ scaleTargetRef:
+ apiVersion: apps/v1
+ kind: Deployment
+ name: {{ default (include "coredns.fullname" .) .Values.deployment.name }}
+ minReplicas: {{ .Values.hpa.minReplicas }}
+ maxReplicas: {{ .Values.hpa.maxReplicas }}
+ metrics:
+{{ toYaml .Values.hpa.metrics | indent 4 }}
+{{- if .Values.hpa.behavior }}
+ behavior:
+{{ toYaml .Values.hpa.behavior | indent 4 }}
+{{- end }}
+{{- end }}
diff --git a/charts/coredns/templates/poddisruptionbudget.yaml b/charts/coredns/templates/poddisruptionbudget.yaml
new file mode 100644
index 0000000..9d0c96f
--- /dev/null
+++ b/charts/coredns/templates/poddisruptionbudget.yaml
@@ -0,0 +1,32 @@
+{{- if and .Values.deployment.enabled .Values.podDisruptionBudget -}}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+ name: {{ template "coredns.fullname" . }}
+ labels:
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name | quote }}
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: "CoreDNS"
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}
+{{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels | indent 4 }}
+{{- end }}
+{{- with .Values.customAnnotations }}
+ annotations:
+{{- toYaml . | nindent 4 }}
+{{- end }}
+spec:
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name | quote }}
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}
+{{ toYaml .Values.podDisruptionBudget | indent 2 }}
+{{- end }}
diff --git a/charts/coredns/templates/podsecuritypolicy.yaml b/charts/coredns/templates/podsecuritypolicy.yaml
new file mode 100644
index 0000000..8a5d727
--- /dev/null
+++ b/charts/coredns/templates/podsecuritypolicy.yaml
@@ -0,0 +1,57 @@
+{{- if and .Values.deployment.enabled .Values.rbac.pspEnable }}
+{{ if .Capabilities.APIVersions.Has "policy/v1beta1" }}
+apiVersion: policy/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end -}}
+kind: PodSecurityPolicy
+metadata:
+ name: {{ template "coredns.fullname" . }}
+ labels:
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name | quote }}
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: "CoreDNS"
+ {{- else }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}
+ {{- end }}
+spec:
+ privileged: false
+ # Required to prevent escalations to root.
+ allowPrivilegeEscalation: false
+ # Add back CAP_NET_BIND_SERVICE so that coredns can run on port 53
+ allowedCapabilities:
+ - CAP_NET_BIND_SERVICE
+ # Allow core volume types.
+ volumes:
+ - 'configMap'
+ - 'emptyDir'
+ - 'projected'
+ - 'secret'
+ - 'downwardAPI'
+ hostNetwork: false
+ hostIPC: false
+ hostPID: false
+ runAsUser:
+ # Require the container to run without root privileges.
+ rule: 'RunAsAny'
+ seLinux:
+ # This policy assumes the nodes are using AppArmor rather than SELinux.
+ rule: 'RunAsAny'
+ supplementalGroups:
+ rule: 'MustRunAs'
+ ranges:
+ # Forbid adding the root group.
+ - min: 1
+ max: 65535
+ fsGroup:
+ rule: 'MustRunAs'
+ ranges:
+ # Forbid adding the root group.
+ - min: 1
+ max: 65535
+ readOnlyRootFilesystem: false
+{{- end }}
diff --git a/charts/coredns/templates/service-metrics.yaml b/charts/coredns/templates/service-metrics.yaml
new file mode 100644
index 0000000..bd1eaae
--- /dev/null
+++ b/charts/coredns/templates/service-metrics.yaml
@@ -0,0 +1,43 @@
+{{- if and .Values.deployment.enabled .Values.prometheus.service.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "coredns.fullname" . }}-metrics
+ labels:
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name | quote }}
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: "CoreDNS"
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}
+ app.kubernetes.io/component: metrics
+{{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels | indent 4 }}
+{{- end }}
+ {{- if or .Values.prometheus.service.annotations .Values.service.annotations .Values.customAnnotations }}
+ annotations:
+ {{- if .Values.prometheus.service.annotations }}
+ {{- toYaml .Values.prometheus.service.annotations | nindent 4 }}
+ {{- end }}
+ {{- if .Values.service.annotations }}
+ {{- toYaml .Values.service.annotations | nindent 4 }}
+ {{- end }}
+ {{- if .Values.customAnnotations }}
+ {{- toYaml .Values.customAnnotations | nindent 4 }}
+ {{- end }}
+ {{- end }}
+spec:
+ selector:
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name | quote }}
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}
+ ports:
+ - name: metrics
+ port: 9153
+ targetPort: 9153
+{{- end }}
diff --git a/charts/coredns/templates/service.yaml b/charts/coredns/templates/service.yaml
new file mode 100644
index 0000000..94d6055
--- /dev/null
+++ b/charts/coredns/templates/service.yaml
@@ -0,0 +1,52 @@
+{{- if .Values.deployment.enabled }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ default (include "coredns.fullname" .) .Values.service.name }}
+ labels:
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name | quote }}
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: "CoreDNS"
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}
+{{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels | indent 4 }}
+{{- end }}
+ {{- if or .Values.service.annotations .Values.customAnnotations }}
+ annotations:
+ {{- if .Values.service.annotations }}
+ {{- toYaml .Values.service.annotations | nindent 4 }}
+ {{- end }}
+ {{- if .Values.customAnnotations }}
+ {{- toYaml .Values.customAnnotations | nindent 4 }}
+ {{- end }}
+ {{- end }}
+spec:
+ selector:
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name | quote }}
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}
+ {{- if .Values.service.clusterIP }}
+ clusterIP: {{ .Values.service.clusterIP }}
+ {{- end }}
+ {{- if .Values.service.externalIPs }}
+ externalIPs:
+ {{ toYaml .Values.service.externalIPs | indent 4 }}
+ {{- end }}
+ {{- if .Values.service.externalTrafficPolicy }}
+ externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
+ {{- end }}
+ {{- if .Values.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+ {{- end }}
+ ports:
+{{ include "coredns.servicePorts" . | indent 2 -}}
+ type: {{ default "ClusterIP" .Values.serviceType }}
+{{- end }}
diff --git a/charts/coredns/templates/serviceaccount-autoscaler.yaml b/charts/coredns/templates/serviceaccount-autoscaler.yaml
new file mode 100644
index 0000000..b0479e9
--- /dev/null
+++ b/charts/coredns/templates/serviceaccount-autoscaler.yaml
@@ -0,0 +1,31 @@
+{{- if and .Values.autoscaler.enabled .Values.rbac.create }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ template "coredns.fullname" . }}-autoscaler
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name }}-autoscaler
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: "CoreDNS"
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}-autoscaler
+{{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels | indent 4 }}
+{{- end }}
+{{- with .Values.customAnnotations }}
+ annotations:
+{{- toYaml . | nindent 4 }}
+{{- end }}
+{{- if .Values.autoscaler.image.pullSecrets }}
+imagePullSecrets:
+{{- range .Values.autoscaler.image.pullSecrets }}
+ - name: {{ . }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/coredns/templates/serviceaccount.yaml b/charts/coredns/templates/serviceaccount.yaml
new file mode 100644
index 0000000..abc9646
--- /dev/null
+++ b/charts/coredns/templates/serviceaccount.yaml
@@ -0,0 +1,31 @@
+{{- if and .Values.deployment.enabled .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ template "coredns.serviceAccountName" . }}
+ labels:
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name | quote }}
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: "CoreDNS"
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}
+ {{- if or .Values.serviceAccount.annotations .Values.customAnnotations }}
+ annotations:
+ {{- if .Values.customAnnotations }}
+ {{- toYaml .Values.customAnnotations | nindent 4 }}
+ {{- end }}
+ {{- if .Values.serviceAccount.annotations }}
+ {{- toYaml .Values.serviceAccount.annotations | nindent 4 }}
+ {{- end }}
+ {{- end }}
+{{- if .Values.image.pullSecrets }}
+imagePullSecrets:
+{{- range .Values.image.pullSecrets }}
+ - name: {{ . }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/coredns/templates/servicemonitor.yaml b/charts/coredns/templates/servicemonitor.yaml
new file mode 100644
index 0000000..9e6f143
--- /dev/null
+++ b/charts/coredns/templates/servicemonitor.yaml
@@ -0,0 +1,40 @@
+{{- if and .Values.deployment.enabled .Values.prometheus.monitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ template "coredns.fullname" . }}
+ {{- if .Values.prometheus.monitor.namespace }}
+ namespace: {{ .Values.prometheus.monitor.namespace }}
+ {{- end }}
+ labels:
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name | quote }}
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: "CoreDNS"
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}
+ {{- if .Values.prometheus.monitor.additionalLabels }}
+{{ toYaml .Values.prometheus.monitor.additionalLabels | indent 4 }}
+ {{- end }}
+{{- with .Values.customAnnotations }}
+ annotations:
+{{- toYaml . | nindent 4 }}
+{{- end }}
+spec:
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name | quote }}
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}
+ app.kubernetes.io/component: metrics
+ endpoints:
+ - port: metrics
+ {{- if .Values.prometheus.monitor.interval }}
+ interval: {{ .Values.prometheus.monitor.interval }}
+ {{- end }}
+{{- end }}
diff --git a/charts/coredns/values.yaml b/charts/coredns/values.yaml
new file mode 100644
index 0000000..37cbb0c
--- /dev/null
+++ b/charts/coredns/values.yaml
@@ -0,0 +1,321 @@
+# Default values for coredns.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+image:
+ repository: coredns/coredns
+ tag: "1.9.3"
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ##
+ # pullSecrets:
+ # - myRegistryKeySecretName
+
+replicaCount: 1
+
+resources:
+ limits:
+ cpu: 100m
+ memory: 128Mi
+ requests:
+ cpu: 100m
+ memory: 128Mi
+
+## Create HorizontalPodAutoscaler object.
+##
+# autoscaling:
+# minReplicas: 1
+# maxReplicas: 10
+# metrics:
+# - type: Resource
+# resource:
+# name: cpu
+# targetAverageUtilization: 60
+# - type: Resource
+# resource:
+# name: memory
+# targetAverageUtilization: 60
+
+rollingUpdate:
+ maxUnavailable: 1
+ maxSurge: 25%
+
+# Under heavy load it takes more that standard time to remove Pod endpoint from a cluster.
+# This will delay termination of our pod by `preStopSleep`. To make sure kube-proxy has
+# enough time to catch up.
+# preStopSleep: 5
+terminationGracePeriodSeconds: 30
+
+podAnnotations: {}
+# cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
+
+serviceType: "ClusterIP"
+
+prometheus:
+ service:
+ enabled: false
+ annotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/port: "9153"
+ monitor:
+ enabled: false
+ additionalLabels: {}
+ namespace: ""
+ interval: ""
+
+service:
+# clusterIP: ""
+# loadBalancerIP: ""
+# externalIPs: []
+# externalTrafficPolicy: ""
+ # The name of the Service
+ # If not set, a name is generated using the fullname template
+ name: ""
+ annotations: {}
+
+serviceAccount:
+ create: false
+ # The name of the ServiceAccount to use
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+ annotations: {}
+
+rbac:
+ # If true, create & use RBAC resources
+ create: true
+ # If true, create and use PodSecurityPolicy
+ pspEnable: false
+ # The name of the ServiceAccount to use.
+ # If not set and create is true, a name is generated using the fullname template
+ # name:
+
+# isClusterService specifies whether chart should be deployed as cluster-service or normal k8s app.
+isClusterService: true
+
+# Optional priority class to be used for the coredns pods. Used for autoscaler if autoscaler.priorityClassName not set.
+priorityClassName: ""
+
+# Default zone is what Kubernetes recommends:
+# https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#coredns-configmap-options
+servers:
+- zones:
+ - zone: .
+ port: 53
+ # If serviceType is nodePort you can specify nodePort here
+ # nodePort: 30053
+ plugins:
+ - name: errors
+ # Serves a /health endpoint on :8080, required for livenessProbe
+ - name: health
+ configBlock: |-
+ lameduck 5s
+ # Serves a /ready endpoint on :8181, required for readinessProbe
+ - name: ready
+ # Required to query kubernetes API for data
+ - name: kubernetes
+ parameters: cluster.local in-addr.arpa ip6.arpa
+ configBlock: |-
+ pods insecure
+ fallthrough in-addr.arpa ip6.arpa
+ ttl 30
+ # Serves a /metrics endpoint on :9153, required for serviceMonitor
+ - name: prometheus
+ parameters: 0.0.0.0:9153
+ - name: forward
+ parameters: . /etc/resolv.conf
+ - name: cache
+ parameters: 30
+ - name: loop
+ - name: reload
+ - name: loadbalance
+
+# Complete example with all the options:
+# - zones: # the `zones` block can be left out entirely, defaults to "."
+# - zone: hello.world. # optional, defaults to "."
+# scheme: tls:// # optional, defaults to "" (which equals "dns://" in CoreDNS)
+# - zone: foo.bar.
+# scheme: dns://
+# use_tcp: true # set this parameter to optionally expose the port on tcp as well as udp for the DNS protocol
+# # Note that this will not work if you are also exposing tls or grpc on the same server
+# port: 12345 # optional, defaults to "" (which equals 53 in CoreDNS)
+# plugins: # the plugins to use for this server block
+# - name: kubernetes # name of plugin, if used multiple times ensure that the plugin supports it!
+# parameters: foo bar # list of parameters after the plugin
+# configBlock: |- # if the plugin supports extra block style config, supply it here
+# hello world
+# foo bar
+
+# Extra configuration that is applied outside of the default zone block.
+# Example to include additional config files, which may come from extraVolumes:
+# extraConfig:
+# import:
+# parameters: /opt/coredns/*.conf
+extraConfig: {}
+
+# To use the livenessProbe, the health plugin needs to be enabled in CoreDNS' server config
+livenessProbe:
+ enabled: true
+ initialDelaySeconds: 60
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 5
+ successThreshold: 1
+# To use the readinessProbe, the ready plugin needs to be enabled in CoreDNS' server config
+readinessProbe:
+ enabled: true
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 5
+ successThreshold: 1
+
+# expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#affinity-v1-core
+# for example:
+# affinity:
+# nodeAffinity:
+# requiredDuringSchedulingIgnoredDuringExecution:
+# nodeSelectorTerms:
+# - matchExpressions:
+# - key: foo.bar.com/role
+# operator: In
+# values:
+# - master
+affinity: {}
+
+# Node labels for pod assignment
+# Ref: https://kubernetes.io/docs/user-guide/node-selection/
+nodeSelector: {}
+
+# expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#toleration-v1-core
+# for example:
+# tolerations:
+# - key: foo.bar.com/role
+# operator: Equal
+# value: master
+# effect: NoSchedule
+tolerations: []
+
+# https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
+podDisruptionBudget: {}
+
+# configure custom zone files as per https://coredns.io/2017/05/08/custom-dns-entries-for-kubernetes/
+zoneFiles: []
+# - filename: example.db
+# domain: example.com
+# contents: |
+# example.com. IN SOA sns.dns.icann.com. noc.dns.icann.com. 2015082541 7200 3600 1209600 3600
+# example.com. IN NS b.iana-servers.net.
+# example.com. IN NS a.iana-servers.net.
+# example.com. IN A 192.168.99.102
+# *.example.com. IN A 192.168.99.102
+
+# optional array of extra volumes to create
+extraVolumes: []
+# - name: some-volume-name
+# emptyDir: {}
+# optional array of mount points for extraVolumes
+extraVolumeMounts: []
+# - name: some-volume-name
+# mountPath: /etc/wherever
+
+# optional array of secrets to mount inside coredns container
+# possible usecase: need for secure connection with etcd backend
+extraSecrets: []
+# - name: etcd-client-certs
+# mountPath: /etc/coredns/tls/etcd
+# - name: some-fancy-secret
+# mountPath: /etc/wherever
+
+# Custom labels to apply to Deployment, Pod, Configmap, Service, ServiceMonitor. Including autoscaler if enabled.
+customLabels: {}
+
+# Custom annotations to apply to Deployment, Pod, Configmap, Service, ServiceMonitor. Including autoscaler if enabled.
+customAnnotations: {}
+
+## Alternative configuration for HPA deployment if wanted
+#
+hpa:
+ enabled: false
+ minReplicas: 1
+ maxReplicas: 2
+ metrics: {}
+
+## Configue a cluster-proportional-autoscaler for coredns
+# See https://github.com/kubernetes-incubator/cluster-proportional-autoscaler
+autoscaler:
+ # Enabled the cluster-proportional-autoscaler
+ enabled: false
+
+ # Number of cores in the cluster per coredns replica
+ coresPerReplica: 256
+ # Number of nodes in the cluster per coredns replica
+ nodesPerReplica: 16
+ # Min size of replicaCount
+ min: 0
+ # Max size of replicaCount (default of 0 is no max)
+ max: 0
+ # Whether to include unschedulable nodes in the nodes/cores calculations - this requires version 1.8.0+ of the autoscaler
+ includeUnschedulableNodes: false
+ # If true does not allow single points of failure to form
+ preventSinglePointFailure: true
+
+ ## Optionally specify some extra flags to pass to cluster-proprtional-autoscaler.
+ ## Useful for e.g. the nodelabels flag.
+ # customFlags:
+ # - --nodelabels=topology.kubernetes.io/zone=us-east-1a
+
+ image:
+ repository: k8s.gcr.io/cpa/cluster-proportional-autoscaler
+ tag: "1.8.5"
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ##
+ # pullSecrets:
+ # - myRegistryKeySecretName
+
+ # Optional priority class to be used for the autoscaler pods. priorityClassName used if not set.
+ priorityClassName: ""
+
+ # expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#affinity-v1-core
+ affinity: {}
+
+ # Node labels for pod assignment
+ # Ref: https://kubernetes.io/docs/user-guide/node-selection/
+ nodeSelector: {}
+
+ # expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#toleration-v1-core
+ tolerations: []
+
+ # resources for autoscaler pod
+ resources:
+ requests:
+ cpu: "20m"
+ memory: "10Mi"
+ limits:
+ cpu: "20m"
+ memory: "10Mi"
+
+ # Options for autoscaler configmap
+ configmap:
+ ## Annotations for the coredns-autoscaler configmap
+ # i.e. strategy.spinnaker.io/versioned: "false" to ensure configmap isn't renamed
+ annotations: {}
+
+ # Enables the livenessProbe for cluster-proportional-autoscaler - this requires version 1.8.0+ of the autoscaler
+ livenessProbe:
+ enabled: true
+ initialDelaySeconds: 10
+ periodSeconds: 5
+ timeoutSeconds: 5
+ failureThreshold: 3
+ successThreshold: 1
+
+deployment:
+ enabled: true
+ name: ""
+ ## Annotations for the coredns deployment
+ annotations: {}
diff --git a/charts/ingress-nginx/.helmignore b/charts/ingress-nginx/.helmignore
new file mode 100644
index 0000000..50af031
--- /dev/null
+++ b/charts/ingress-nginx/.helmignore
@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/ingress-nginx/CHANGELOG.md b/charts/ingress-nginx/CHANGELOG.md
new file mode 100644
index 0000000..6169482
--- /dev/null
+++ b/charts/ingress-nginx/CHANGELOG.md
@@ -0,0 +1,340 @@
+# Changelog
+
+This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
+
+### 4.0.15
+
+- [8120] https://github.com/kubernetes/ingress-nginx/pull/8120 Update go in runner and release v1.1.1
+- [8119] https://github.com/kubernetes/ingress-nginx/pull/8119 Update to go v1.17.6
+- [8118] https://github.com/kubernetes/ingress-nginx/pull/8118 Remove deprecated libraries, update other libs
+- [8117] https://github.com/kubernetes/ingress-nginx/pull/8117 Fix codegen errors
+- [8115] https://github.com/kubernetes/ingress-nginx/pull/8115 chart/ghaction: set the correct permission to have access to push a release
+- [8098] https://github.com/kubernetes/ingress-nginx/pull/8098 generating SHA for CA only certs in backend_ssl.go + comparision of P…
+- [8088] https://github.com/kubernetes/ingress-nginx/pull/8088 Fix Edit this page link to use main branch
+- [8072] https://github.com/kubernetes/ingress-nginx/pull/8072 Expose GeoIP2 Continent code as variable
+- [8061] https://github.com/kubernetes/ingress-nginx/pull/8061 docs(charts): using helm-docs for chart
+- [8058] https://github.com/kubernetes/ingress-nginx/pull/8058 Bump github.com/spf13/cobra from 1.2.1 to 1.3.0
+- [8054] https://github.com/kubernetes/ingress-nginx/pull/8054 Bump google.golang.org/grpc from 1.41.0 to 1.43.0
+- [8051] https://github.com/kubernetes/ingress-nginx/pull/8051 align bug report with feature request regarding kind documentation
+- [8046] https://github.com/kubernetes/ingress-nginx/pull/8046 Report expired certificates (#8045)
+- [8044] https://github.com/kubernetes/ingress-nginx/pull/8044 remove G109 check till gosec resolves issues
+- [8042] https://github.com/kubernetes/ingress-nginx/pull/8042 docs_multiple_instances_one_cluster_ticket_7543
+- [8041] https://github.com/kubernetes/ingress-nginx/pull/8041 docs: fix typo'd executible name
+- [8035] https://github.com/kubernetes/ingress-nginx/pull/8035 Comment busy owners
+- [8029] https://github.com/kubernetes/ingress-nginx/pull/8029 Add stream-snippet as a ConfigMap and Annotation option
+- [8023] https://github.com/kubernetes/ingress-nginx/pull/8023 fix nginx compilation flags
+- [8021] https://github.com/kubernetes/ingress-nginx/pull/8021 Disable default modsecurity_rules_file if modsecurity-snippet is specified
+- [8019] https://github.com/kubernetes/ingress-nginx/pull/8019 Revise main documentation page
+- [8018] https://github.com/kubernetes/ingress-nginx/pull/8018 Preserve order of plugin invocation
+- [8015] https://github.com/kubernetes/ingress-nginx/pull/8015 Add newline indenting to admission webhook annotations
+- [8014] https://github.com/kubernetes/ingress-nginx/pull/8014 Add link to example error page manifest in docs
+- [8009] https://github.com/kubernetes/ingress-nginx/pull/8009 Fix spelling in documentation and top-level files
+- [8008] https://github.com/kubernetes/ingress-nginx/pull/8008 Add relabelings in controller-servicemonitor.yaml
+- [8003] https://github.com/kubernetes/ingress-nginx/pull/8003 Minor improvements (formatting, consistency) in install guide
+- [8001] https://github.com/kubernetes/ingress-nginx/pull/8001 fix: go-grpc Dockerfile
+- [7999] https://github.com/kubernetes/ingress-nginx/pull/7999 images: use k8s-staging-test-infra/gcb-docker-gcloud
+- [7996] https://github.com/kubernetes/ingress-nginx/pull/7996 doc: improvement
+- [7983] https://github.com/kubernetes/ingress-nginx/pull/7983 Fix a couple of misspellings in the annotations documentation.
+- [7979] https://github.com/kubernetes/ingress-nginx/pull/7979 allow set annotations for admission Jobs
+- [7977] https://github.com/kubernetes/ingress-nginx/pull/7977 Add ssl_reject_handshake to defaul server
+- [7975] https://github.com/kubernetes/ingress-nginx/pull/7975 add legacy version update v0.50.0 to main changelog
+- [7972] https://github.com/kubernetes/ingress-nginx/pull/7972 updated service upstream definition
+
+### 4.0.14
+
+- [8061] https://github.com/kubernetes/ingress-nginx/pull/8061 Using helm-docs to populate values table in README.md
+
+### 4.0.13
+
+- [8008] https://github.com/kubernetes/ingress-nginx/pull/8008 Add relabelings in controller-servicemonitor.yaml
+
+### 4.0.12
+
+- [7978] https://github.com/kubernetes/ingress-nginx/pull/7979 Support custom annotations in admissions Jobs
+
+### 4.0.11
+
+- [7873] https://github.com/kubernetes/ingress-nginx/pull/7873 Makes the [appProtocol](https://kubernetes.io/docs/concepts/services-networking/_print/#application-protocol) field optional.
+
+### 4.0.10
+
+- [7964] https://github.com/kubernetes/ingress-nginx/pull/7964 Update controller version to v1.1.0
+
+### 4.0.9
+
+- [6992] https://github.com/kubernetes/ingress-nginx/pull/6992 Add ability to specify labels for all resources
+
+### 4.0.7
+
+- [7923] https://github.com/kubernetes/ingress-nginx/pull/7923 Release v1.0.5 of ingress-nginx
+- [7806] https://github.com/kubernetes/ingress-nginx/pull/7806 Choice option for internal/external loadbalancer type service
+
+### 4.0.6
+
+- [7804] https://github.com/kubernetes/ingress-nginx/pull/7804 Release v1.0.4 of ingress-nginx
+- [7651] https://github.com/kubernetes/ingress-nginx/pull/7651 Support ipFamilyPolicy and ipFamilies fields in Helm Chart
+- [7798] https://github.com/kubernetes/ingress-nginx/pull/7798 Exoscale: use HTTP Healthcheck mode
+- [7793] https://github.com/kubernetes/ingress-nginx/pull/7793 Update kube-webhook-certgen to v1.1.1
+
+### 4.0.5
+
+- [7740] https://github.com/kubernetes/ingress-nginx/pull/7740 Release v1.0.3 of ingress-nginx
+
+### 4.0.3
+
+- [7707] https://github.com/kubernetes/ingress-nginx/pull/7707 Release v1.0.2 of ingress-nginx
+
+### 4.0.2
+
+- [7681] https://github.com/kubernetes/ingress-nginx/pull/7681 Release v1.0.1 of ingress-nginx
+
+### 4.0.1
+
+- [7535] https://github.com/kubernetes/ingress-nginx/pull/7535 Release v1.0.0 ingress-nginx
+
+### 3.34.0
+
+- [7256] https://github.com/kubernetes/ingress-nginx/pull/7256 Add namespace field in the namespace scoped resource templates
+
+### 3.33.0
+
+- [7164] https://github.com/kubernetes/ingress-nginx/pull/7164 Update nginx to v1.20.1
+
+### 3.32.0
+
+- [7117] https://github.com/kubernetes/ingress-nginx/pull/7117 Add annotations for HPA
+
+### 3.31.0
+
+- [7137] https://github.com/kubernetes/ingress-nginx/pull/7137 Add support for custom probes
+
+### 3.30.0
+
+- [#7092](https://github.com/kubernetes/ingress-nginx/pull/7092) Removes the possibility of using localhost in ExternalNames as endpoints
+
+### 3.29.0
+
+- [X] [#6945](https://github.com/kubernetes/ingress-nginx/pull/7020) Add option to specify job label for ServiceMonitor
+
+### 3.28.0
+
+- [ ] [#6900](https://github.com/kubernetes/ingress-nginx/pull/6900) Support existing PSPs
+
+### 3.27.0
+
+- Update ingress-nginx v0.45.0
+
+### 3.26.0
+
+- [X] [#6979](https://github.com/kubernetes/ingress-nginx/pull/6979) Changed servicePort value for metrics
+
+### 3.25.0
+
+- [X] [#6957](https://github.com/kubernetes/ingress-nginx/pull/6957) Add ability to specify automountServiceAccountToken
+
+### 3.24.0
+
+- [X] [#6908](https://github.com/kubernetes/ingress-nginx/pull/6908) Add volumes to default-backend deployment
+
+### 3.23.0
+
+- Update ingress-nginx v0.44.0
+
+### 3.22.0
+
+- [X] [#6802](https://github.com/kubernetes/ingress-nginx/pull/6802) Add value for configuring a custom Diffie-Hellman parameters file
+- [X] [#6815](https://github.com/kubernetes/ingress-nginx/pull/6815) Allow use of numeric namespaces in helm chart
+
+### 3.21.0
+
+- [X] [#6783](https://github.com/kubernetes/ingress-nginx/pull/6783) Add custom annotations to ScaledObject
+- [X] [#6761](https://github.com/kubernetes/ingress-nginx/pull/6761) Adding quotes in the serviceAccount name in Helm values
+- [X] [#6767](https://github.com/kubernetes/ingress-nginx/pull/6767) Remove ClusterRole when scope option is enabled
+- [X] [#6785](https://github.com/kubernetes/ingress-nginx/pull/6785) Update kube-webhook-certgen image to v1.5.1
+
+### 3.20.1
+
+- Do not create KEDA in case of DaemonSets.
+- Fix KEDA v2 definition
+
+### 3.20.0
+
+- [X] [#6730](https://github.com/kubernetes/ingress-nginx/pull/6730) Do not create HPA for defaultBackend if not enabled.
+
+### 3.19.0
+
+- Update ingress-nginx v0.43.0
+
+### 3.18.0
+
+- [X] [#6688](https://github.com/kubernetes/ingress-nginx/pull/6688) Allow volume-type emptyDir in controller podsecuritypolicy
+- [X] [#6691](https://github.com/kubernetes/ingress-nginx/pull/6691) Improve parsing of helm parameters
+
+### 3.17.0
+
+- Update ingress-nginx v0.42.0
+
+### 3.16.1
+
+- Fix chart-releaser action
+
+### 3.16.0
+
+- [X] [#6646](https://github.com/kubernetes/ingress-nginx/pull/6646) Added LoadBalancerIP value for internal service
+
+### 3.15.1
+
+- Fix chart-releaser action
+
+### 3.15.0
+
+- [X] [#6586](https://github.com/kubernetes/ingress-nginx/pull/6586) Fix 'maxmindLicenseKey' location in values.yaml
+
+### 3.14.0
+
+- [X] [#6469](https://github.com/kubernetes/ingress-nginx/pull/6469) Allow custom service names for controller and backend
+
+### 3.13.0
+
+- [X] [#6544](https://github.com/kubernetes/ingress-nginx/pull/6544) Fix default backend HPA name variable
+
+### 3.12.0
+
+- [X] [#6514](https://github.com/kubernetes/ingress-nginx/pull/6514) Remove helm2 support and update docs
+
+### 3.11.1
+
+- [X] [#6505](https://github.com/kubernetes/ingress-nginx/pull/6505) Reorder HPA resource list to work with GitOps tooling
+
+### 3.11.0
+
+- Support Keda Autoscaling
+
+### 3.10.1
+
+- Fix regression introduced in 0.41.0 with external authentication
+
+### 3.10.0
+
+- Fix routing regression introduced in 0.41.0 with PathType Exact
+
+### 3.9.0
+
+- [X] [#6423](https://github.com/kubernetes/ingress-nginx/pull/6423) Add Default backend HPA autoscaling
+
+### 3.8.0
+
+- [X] [#6395](https://github.com/kubernetes/ingress-nginx/pull/6395) Update jettech/kube-webhook-certgen image
+- [X] [#6377](https://github.com/kubernetes/ingress-nginx/pull/6377) Added loadBalancerSourceRanges for internal lbs
+- [X] [#6356](https://github.com/kubernetes/ingress-nginx/pull/6356) Add securitycontext settings on defaultbackend
+- [X] [#6401](https://github.com/kubernetes/ingress-nginx/pull/6401) Fix controller service annotations
+- [X] [#6403](https://github.com/kubernetes/ingress-nginx/pull/6403) Initial helm chart changelog
+
+### 3.7.1
+
+- [X] [#6326](https://github.com/kubernetes/ingress-nginx/pull/6326) Fix liveness and readiness probe path in daemonset chart
+
+### 3.7.0
+
+- [X] [#6316](https://github.com/kubernetes/ingress-nginx/pull/6316) Numerals in podAnnotations in quotes [#6315](https://github.com/kubernetes/ingress-nginx/issues/6315)
+
+### 3.6.0
+
+- [X] [#6305](https://github.com/kubernetes/ingress-nginx/pull/6305) Add default linux nodeSelector
+
+### 3.5.1
+
+- [X] [#6299](https://github.com/kubernetes/ingress-nginx/pull/6299) Fix helm chart release
+
+### 3.5.0
+
+- [X] [#6260](https://github.com/kubernetes/ingress-nginx/pull/6260) Allow Helm Chart to customize admission webhook's annotations, timeoutSeconds, namespaceSelector, objectSelector and cert files locations
+
+### 3.4.0
+
+- [X] [#6268](https://github.com/kubernetes/ingress-nginx/pull/6268) Update to 0.40.2 in helm chart #6288
+
+### 3.3.1
+
+- [X] [#6259](https://github.com/kubernetes/ingress-nginx/pull/6259) Release helm chart
+- [X] [#6258](https://github.com/kubernetes/ingress-nginx/pull/6258) Fix chart markdown link
+- [X] [#6253](https://github.com/kubernetes/ingress-nginx/pull/6253) Release v0.40.0
+
+### 3.3.1
+
+- [X] [#6233](https://github.com/kubernetes/ingress-nginx/pull/6233) Add admission controller e2e test
+
+### 3.3.0
+
+- [X] [#6203](https://github.com/kubernetes/ingress-nginx/pull/6203) Refactor parsing of key values
+- [X] [#6162](https://github.com/kubernetes/ingress-nginx/pull/6162) Add helm chart options to expose metrics service as NodePort
+- [X] [#6180](https://github.com/kubernetes/ingress-nginx/pull/6180) Fix helm chart admissionReviewVersions regression
+- [X] [#6169](https://github.com/kubernetes/ingress-nginx/pull/6169) Fix Typo in example prometheus rules
+
+### 3.0.0
+
+- [X] [#6167](https://github.com/kubernetes/ingress-nginx/pull/6167) Update chart requirements
+
+### 2.16.0
+
+- [X] [#6154](https://github.com/kubernetes/ingress-nginx/pull/6154) add `topologySpreadConstraint` to controller
+
+### 2.15.0
+
+- [X] [#6087](https://github.com/kubernetes/ingress-nginx/pull/6087) Adding parameter for externalTrafficPolicy in internal controller service spec
+
+### 2.14.0
+
+- [X] [#6104](https://github.com/kubernetes/ingress-nginx/pull/6104) Misc fixes for nginx-ingress chart for better keel and prometheus-operator integration
+
+### 2.13.0
+
+- [X] [#6093](https://github.com/kubernetes/ingress-nginx/pull/6093) Release v0.35.0
+
+### 2.13.0
+
+- [X] [#6093](https://github.com/kubernetes/ingress-nginx/pull/6093) Release v0.35.0
+- [X] [#6080](https://github.com/kubernetes/ingress-nginx/pull/6080) Switch images to k8s.gcr.io after Vanity Domain Flip
+
+### 2.12.1
+
+- [X] [#6075](https://github.com/kubernetes/ingress-nginx/pull/6075) Sync helm chart affinity examples
+
+### 2.12.0
+
+- [X] [#6039](https://github.com/kubernetes/ingress-nginx/pull/6039) Add configurable serviceMonitor metricRelabelling and targetLabels
+- [X] [#6044](https://github.com/kubernetes/ingress-nginx/pull/6044) Fix YAML linting
+
+### 2.11.3
+
+- [X] [#6038](https://github.com/kubernetes/ingress-nginx/pull/6038) Bump chart version PATCH
+
+### 2.11.2
+
+- [X] [#5951](https://github.com/kubernetes/ingress-nginx/pull/5951) Bump chart patch version
+
+### 2.11.1
+
+- [X] [#5900](https://github.com/kubernetes/ingress-nginx/pull/5900) Release helm chart for v0.34.1
+
+### 2.11.0
+
+- [X] [#5879](https://github.com/kubernetes/ingress-nginx/pull/5879) Update helm chart for v0.34.0
+- [X] [#5671](https://github.com/kubernetes/ingress-nginx/pull/5671) Make liveness probe more fault tolerant than readiness probe
+
+### 2.10.0
+
+- [X] [#5843](https://github.com/kubernetes/ingress-nginx/pull/5843) Update jettech/kube-webhook-certgen image
+
+### 2.9.1
+
+- [X] [#5823](https://github.com/kubernetes/ingress-nginx/pull/5823) Add quoting to sysctls because numeric values need to be presented as strings (#5823)
+
+### 2.9.0
+
+- [X] [#5795](https://github.com/kubernetes/ingress-nginx/pull/5795) Use fully qualified images to avoid cri-o issues
+
+
+### TODO
+
+Keep building the changelog using *git log charts* checking the tag
diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml
new file mode 100644
index 0000000..0dbff62
--- /dev/null
+++ b/charts/ingress-nginx/Chart.yaml
@@ -0,0 +1,55 @@
+annotations:
+ artifacthub.io/changes: |
+ - "#8120 Update go in runner and release v1.1.1"
+ - "#8119 Update to go v1.17.6"
+ - "#8118 Remove deprecated libraries, update other libs"
+ - "#8117 Fix codegen errors"
+ - "#8115 chart/ghaction: set the correct permission to have access to push a release"
+ - "#8098 generating SHA for CA only certs in backend_ssl.go + comparision of P…"
+ - "#8088 Fix Edit this page link to use main branch"
+ - "#8072 Expose GeoIP2 Continent code as variable"
+ - "#8061 docs(charts): using helm-docs for chart"
+ - "#8058 Bump github.com/spf13/cobra from 1.2.1 to 1.3.0"
+ - "#8054 Bump google.golang.org/grpc from 1.41.0 to 1.43.0"
+ - "#8051 align bug report with feature request regarding kind documentation"
+ - "#8046 Report expired certificates (#8045)"
+ - "#8044 remove G109 check till gosec resolves issues"
+ - "#8042 docs_multiple_instances_one_cluster_ticket_7543"
+ - "#8041 docs: fix typo'd executible name"
+ - "#8035 Comment busy owners"
+ - "#8029 Add stream-snippet as a ConfigMap and Annotation option"
+ - "#8023 fix nginx compilation flags"
+ - "#8021 Disable default modsecurity_rules_file if modsecurity-snippet is specified"
+ - "#8019 Revise main documentation page"
+ - "#8018 Preserve order of plugin invocation"
+ - "#8015 Add newline indenting to admission webhook annotations"
+ - "#8014 Add link to example error page manifest in docs"
+ - "#8009 Fix spelling in documentation and top-level files"
+ - "#8008 Add relabelings in controller-servicemonitor.yaml"
+ - "#8003 Minor improvements (formatting, consistency) in install guide"
+ - "#8001 fix: go-grpc Dockerfile"
+ - "#7999 images: use k8s-staging-test-infra/gcb-docker-gcloud"
+ - "#7996 doc: improvement"
+ - "#7983 Fix a couple of misspellings in the annotations documentation."
+ - "#7979 allow set annotations for admission Jobs"
+ - "#7977 Add ssl_reject_handshake to defaul server"
+ - "#7975 add legacy version update v0.50.0 to main changelog"
+ - "#7972 updated service upstream definition"
+ artifacthub.io/prerelease: "false"
+apiVersion: v2
+appVersion: 1.1.1
+description: Ingress controller for Kubernetes using NGINX as a reverse proxy and
+ load balancer
+home: https://github.com/kubernetes/ingress-nginx
+icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png
+keywords:
+- ingress
+- nginx
+kubeVersion: '>=1.19.0-0'
+maintainers:
+- name: ChiefAlexander
+name: ingress-nginx
+sources:
+- https://github.com/kubernetes/ingress-nginx
+type: application
+version: 4.0.17
diff --git a/charts/ingress-nginx/OWNERS b/charts/ingress-nginx/OWNERS
new file mode 100644
index 0000000..6b7e049
--- /dev/null
+++ b/charts/ingress-nginx/OWNERS
@@ -0,0 +1,10 @@
+# See the OWNERS docs: https://github.com/kubernetes/community/blob/master/contributors/guide/owners.md
+
+approvers:
+- ingress-nginx-helm-maintainers
+
+reviewers:
+- ingress-nginx-helm-reviewers
+
+labels:
+- area/helm
diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md
new file mode 100644
index 0000000..e5e93a1
--- /dev/null
+++ b/charts/ingress-nginx/README.md
@@ -0,0 +1,485 @@
+# ingress-nginx
+
+[ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
+
+  
+
+To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources.
+
+This chart bootstraps an ingress-nginx deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Prerequisites
+
+- Chart version 3.x.x: Kubernetes v1.16+
+- Chart version 4.x.x and above: Kubernetes v1.19+
+
+## Get Repo Info
+
+```console
+helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
+helm repo update
+```
+
+## Install Chart
+
+**Important:** only helm3 is supported
+
+```console
+helm install [RELEASE_NAME] ingress-nginx/ingress-nginx
+```
+
+The command deploys ingress-nginx on the Kubernetes cluster in the default configuration.
+
+_See [configuration](#configuration) below._
+
+_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
+
+## Uninstall Chart
+
+```console
+helm uninstall [RELEASE_NAME]
+```
+
+This removes all the Kubernetes components associated with the chart and deletes the release.
+
+_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
+
+## Upgrading Chart
+
+```console
+helm upgrade [RELEASE_NAME] [CHART] --install
+```
+
+_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
+
+### Upgrading With Zero Downtime in Production
+
+By default the ingress-nginx controller has service interruptions whenever it's pods are restarted or redeployed. In order to fix that, see the excellent blog post by Lindsay Landry from Codecademy: [Kubernetes: Nginx and Zero Downtime in Production](https://medium.com/codecademy-engineering/kubernetes-nginx-and-zero-downtime-in-production-2c910c6a5ed8).
+
+### Migrating from stable/nginx-ingress
+
+There are two main ways to migrate a release from `stable/nginx-ingress` to `ingress-nginx/ingress-nginx` chart:
+
+1. For Nginx Ingress controllers used for non-critical services, the easiest method is to [uninstall](#uninstall-chart) the old release and [install](#install-chart) the new one
+1. For critical services in production that require zero-downtime, you will want to:
+ 1. [Install](#install-chart) a second Ingress controller
+ 1. Redirect your DNS traffic from the old controller to the new controller
+ 1. Log traffic from both controllers during this changeover
+ 1. [Uninstall](#uninstall-chart) the old controller once traffic has fully drained from it
+ 1. For details on all of these steps see [Upgrading With Zero Downtime in Production](#upgrading-with-zero-downtime-in-production)
+
+Note that there are some different and upgraded configurations between the two charts, described by Rimas Mocevicius from JFrog in the "Upgrading to ingress-nginx Helm chart" section of [Migrating from Helm chart nginx-ingress to ingress-nginx](https://rimusz.net/migrating-to-ingress-nginx). As the `ingress-nginx/ingress-nginx` chart continues to update, you will want to check current differences by running [helm configuration](#configuration) commands on both charts.
+
+## Configuration
+
+See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands:
+
+```console
+helm show values ingress-nginx/ingress-nginx
+```
+
+### PodDisruptionBudget
+
+Note that the PodDisruptionBudget resource will only be defined if the replicaCount is greater than one,
+else it would make it impossible to evacuate a node. See [gh issue #7127](https://github.com/helm/charts/issues/7127) for more info.
+
+### Prometheus Metrics
+
+The Nginx ingress controller can export Prometheus metrics, by setting `controller.metrics.enabled` to `true`.
+
+You can add Prometheus annotations to the metrics service using `controller.metrics.service.annotations`.
+Alternatively, if you use the Prometheus Operator, you can enable ServiceMonitor creation using `controller.metrics.serviceMonitor.enabled`. And set `controller.metrics.serviceMonitor.additionalLabels.release="prometheus"`. "release=prometheus" should match the label configured in the prometheus servicemonitor ( see `kubectl get servicemonitor prometheus-kube-prom-prometheus -oyaml -n prometheus`)
+
+### ingress-nginx nginx\_status page/stats server
+
+Previous versions of this chart had a `controller.stats.*` configuration block, which is now obsolete due to the following changes in nginx ingress controller:
+
+- In [0.16.1](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0161), the vts (virtual host traffic status) dashboard was removed
+- In [0.23.0](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230), the status page at port 18080 is now a unix socket webserver only available at localhost.
+ You can use `curl --unix-socket /tmp/nginx-status-server.sock http://localhost/nginx_status` inside the controller container to access it locally, or use the snippet from [nginx-ingress changelog](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230) to re-enable the http server
+
+### ExternalDNS Service Configuration
+
+Add an [ExternalDNS](https://github.com/kubernetes-incubator/external-dns) annotation to the LoadBalancer service:
+
+```yaml
+controller:
+ service:
+ annotations:
+ external-dns.alpha.kubernetes.io/hostname: kubernetes-example.com.
+```
+
+### AWS L7 ELB with SSL Termination
+
+Annotate the controller as shown in the [nginx-ingress l7 patch](https://github.com/kubernetes/ingress-nginx/blob/main/deploy/aws/l7/service-l7.yaml):
+
+```yaml
+controller:
+ service:
+ targetPorts:
+ http: http
+ https: http
+ annotations:
+ service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:XX-XXXX-X:XXXXXXXXX:certificate/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX
+ service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
+ service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
+ service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600'
+```
+
+### AWS route53-mapper
+
+To configure the LoadBalancer service with the [route53-mapper addon](https://github.com/kubernetes/kops/tree/master/addons/route53-mapper), add the `domainName` annotation and `dns` label:
+
+```yaml
+controller:
+ service:
+ labels:
+ dns: "route53"
+ annotations:
+ domainName: "kubernetes-example.com"
+```
+
+### Additional Internal Load Balancer
+
+This setup is useful when you need both external and internal load balancers but don't want to have multiple ingress controllers and multiple ingress objects per application.
+
+By default, the ingress object will point to the external load balancer address, but if correctly configured, you can make use of the internal one if the URL you are looking up resolves to the internal load balancer's URL.
+
+You'll need to set both the following values:
+
+`controller.service.internal.enabled`
+`controller.service.internal.annotations`
+
+If one of them is missing the internal load balancer will not be deployed. Example you may have `controller.service.internal.enabled=true` but no annotations set, in this case no action will be taken.
+
+`controller.service.internal.annotations` varies with the cloud service you're using.
+
+Example for AWS:
+
+```yaml
+controller:
+ service:
+ internal:
+ enabled: true
+ annotations:
+ # Create internal ELB
+ service.beta.kubernetes.io/aws-load-balancer-internal: "true"
+ # Any other annotation can be declared here.
+```
+
+Example for GCE:
+
+```yaml
+controller:
+ service:
+ internal:
+ enabled: true
+ annotations:
+ # Create internal LB. More informations: https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing
+ # For GKE versions 1.17 and later
+ networking.gke.io/load-balancer-type: "Internal"
+ # For earlier versions
+ # cloud.google.com/load-balancer-type: "Internal"
+
+ # Any other annotation can be declared here.
+```
+
+Example for Azure:
+
+```yaml
+controller:
+ service:
+ annotations:
+ # Create internal LB
+ service.beta.kubernetes.io/azure-load-balancer-internal: "true"
+ # Any other annotation can be declared here.
+```
+
+Example for Oracle Cloud Infrastructure:
+
+```yaml
+controller:
+ service:
+ annotations:
+ # Create internal LB
+ service.beta.kubernetes.io/oci-load-balancer-internal: "true"
+ # Any other annotation can be declared here.
+```
+
+An use case for this scenario is having a split-view DNS setup where the public zone CNAME records point to the external balancer URL while the private zone CNAME records point to the internal balancer URL. This way, you only need one ingress kubernetes object.
+
+Optionally you can set `controller.service.loadBalancerIP` if you need a static IP for the resulting `LoadBalancer`.
+
+### Ingress Admission Webhooks
+
+With nginx-ingress-controller version 0.25+, the nginx ingress controller pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent bad ingress from being added to the cluster.
+**This feature is enabled by default since 0.31.0.**
+
+With nginx-ingress-controller in 0.25.* work only with kubernetes 1.14+, 0.26 fix [this issue](https://github.com/kubernetes/ingress-nginx/pull/4521)
+
+### Helm Error When Upgrading: spec.clusterIP: Invalid value: ""
+
+If you are upgrading this chart from a version between 0.31.0 and 1.2.2 then you may get an error like this:
+
+```console
+Error: UPGRADE FAILED: Service "?????-controller" is invalid: spec.clusterIP: Invalid value: "": field is immutable
+```
+
+Detail of how and why are in [this issue](https://github.com/helm/charts/pull/13646) but to resolve this you can set `xxxx.service.omitClusterIP` to `true` where `xxxx` is the service referenced in the error.
+
+As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered.
+
+## Requirements
+
+Kubernetes: `>=1.19.0-0`
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| commonLabels | object | `{}` | |
+| controller.addHeaders | object | `{}` | Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers |
+| controller.admissionWebhooks.annotations | object | `{}` | |
+| controller.admissionWebhooks.certificate | string | `"/usr/local/certificates/cert"` | |
+| controller.admissionWebhooks.createSecretJob.resources | object | `{}` | |
+| controller.admissionWebhooks.enabled | bool | `true` | |
+| controller.admissionWebhooks.existingPsp | string | `""` | Use an existing PSP instead of creating one |
+| controller.admissionWebhooks.failurePolicy | string | `"Fail"` | |
+| controller.admissionWebhooks.key | string | `"/usr/local/certificates/key"` | |
+| controller.admissionWebhooks.labels | object | `{}` | Labels to be added to admission webhooks |
+| controller.admissionWebhooks.namespaceSelector | object | `{}` | |
+| controller.admissionWebhooks.objectSelector | object | `{}` | |
+| controller.admissionWebhooks.patch.enabled | bool | `true` | |
+| controller.admissionWebhooks.patch.image.digest | string | `"sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660"` | |
+| controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` | |
+| controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` | |
+| controller.admissionWebhooks.patch.image.registry | string | `"k8s.gcr.io"` | |
+| controller.admissionWebhooks.patch.image.tag | string | `"v1.1.1"` | |
+| controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources |
+| controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | |
+| controller.admissionWebhooks.patch.podAnnotations | object | `{}` | |
+| controller.admissionWebhooks.patch.priorityClassName | string | `""` | Provide a priority class name to the webhook patching job |
+| controller.admissionWebhooks.patch.runAsUser | int | `2000` | |
+| controller.admissionWebhooks.patch.tolerations | list | `[]` | |
+| controller.admissionWebhooks.patchWebhookJob.resources | object | `{}` | |
+| controller.admissionWebhooks.port | int | `8443` | |
+| controller.admissionWebhooks.service.annotations | object | `{}` | |
+| controller.admissionWebhooks.service.externalIPs | list | `[]` | |
+| controller.admissionWebhooks.service.loadBalancerSourceRanges | list | `[]` | |
+| controller.admissionWebhooks.service.servicePort | int | `443` | |
+| controller.admissionWebhooks.service.type | string | `"ClusterIP"` | |
+| controller.affinity | object | `{}` | Affinity and anti-affinity rules for server scheduling to nodes |
+| controller.allowSnippetAnnotations | bool | `true` | This configuration defines if Ingress Controller should allow users to set their own *-snippet annotations, otherwise this is forbidden / dropped when users add those annotations. Global snippets in ConfigMap are still respected |
+| controller.annotations | object | `{}` | Annotations to be added to the controller Deployment or DaemonSet |
+| controller.autoscaling.behavior | object | `{}` | |
+| controller.autoscaling.enabled | bool | `false` | |
+| controller.autoscaling.maxReplicas | int | `11` | |
+| controller.autoscaling.minReplicas | int | `1` | |
+| controller.autoscaling.targetCPUUtilizationPercentage | int | `50` | |
+| controller.autoscaling.targetMemoryUtilizationPercentage | int | `50` | |
+| controller.autoscalingTemplate | list | `[]` | |
+| controller.config | object | `{}` | Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ |
+| controller.configAnnotations | object | `{}` | Annotations to be added to the controller config configuration configmap. |
+| controller.configMapNamespace | string | `""` | Allows customization of the configmap / nginx-configmap namespace; defaults to $(POD_NAMESPACE) |
+| controller.containerName | string | `"controller"` | Configures the controller container name |
+| controller.containerPort | object | `{"http":80,"https":443}` | Configures the ports that the nginx-controller listens on |
+| controller.customTemplate.configMapKey | string | `""` | |
+| controller.customTemplate.configMapName | string | `""` | |
+| controller.dnsConfig | object | `{}` | Optionally customize the pod dnsConfig. |
+| controller.dnsPolicy | string | `"ClusterFirst"` | Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. |
+| controller.electionID | string | `"ingress-controller-leader"` | Election ID to use for status update |
+| controller.enableMimalloc | bool | `true` | Enable mimalloc as a drop-in replacement for malloc. |
+| controller.existingPsp | string | `""` | Use an existing PSP instead of creating one |
+| controller.extraArgs | object | `{}` | Additional command line arguments to pass to nginx-ingress-controller E.g. to specify the default SSL certificate you can use |
+| controller.extraContainers | list | `[]` | Additional containers to be added to the controller pod. See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. |
+| controller.extraEnvs | list | `[]` | Additional environment variables to set |
+| controller.extraInitContainers | list | `[]` | Containers, which are run before the app containers are started. |
+| controller.extraModules | list | `[]` | |
+| controller.extraVolumeMounts | list | `[]` | Additional volumeMounts to the controller main container. |
+| controller.extraVolumes | list | `[]` | Additional volumes to the controller pod. |
+| controller.healthCheckHost | string | `""` | Address to bind the health check endpoint. It is better to set this option to the internal node address if the ingress nginx controller is running in the `hostNetwork: true` mode. |
+| controller.healthCheckPath | string | `"/healthz"` | Path of the health check endpoint. All requests received on the port defined by the healthz-port parameter are forwarded internally to this path. |
+| controller.hostNetwork | bool | `false` | Required for use with CNI based kubernetes installations (such as ones set up by kubeadm), since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920 is merged |
+| controller.hostPort.enabled | bool | `false` | Enable 'hostPort' or not |
+| controller.hostPort.ports.http | int | `80` | 'hostPort' http port |
+| controller.hostPort.ports.https | int | `443` | 'hostPort' https port |
+| controller.hostname | object | `{}` | Optionally customize the pod hostname. |
+| controller.image.allowPrivilegeEscalation | bool | `true` | |
+| controller.image.digest | string | `"sha256:0bc88eb15f9e7f84e8e56c14fa5735aaa488b840983f87bd79b1054190e660de"` | |
+| controller.image.image | string | `"ingress-nginx/controller"` | |
+| controller.image.pullPolicy | string | `"IfNotPresent"` | |
+| controller.image.registry | string | `"k8s.gcr.io"` | |
+| controller.image.runAsUser | int | `101` | |
+| controller.image.tag | string | `"v1.1.1"` | |
+| controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation |
+| controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). |
+| controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass |
+| controller.ingressClassResource.default | bool | `false` | Is this the default ingressClass for the cluster |
+| controller.ingressClassResource.enabled | bool | `true` | Is this ingressClass enabled or not |
+| controller.ingressClassResource.name | string | `"nginx"` | Name of the ingressClass |
+| controller.ingressClassResource.parameters | object | `{}` | Parameters is a link to a custom resource containing additional configuration for the controller. This is optional if the controller does not require extra parameters. |
+| controller.keda.apiVersion | string | `"keda.sh/v1alpha1"` | |
+| controller.keda.behavior | object | `{}` | |
+| controller.keda.cooldownPeriod | int | `300` | |
+| controller.keda.enabled | bool | `false` | |
+| controller.keda.maxReplicas | int | `11` | |
+| controller.keda.minReplicas | int | `1` | |
+| controller.keda.pollingInterval | int | `30` | |
+| controller.keda.restoreToOriginalReplicaCount | bool | `false` | |
+| controller.keda.scaledObject.annotations | object | `{}` | |
+| controller.keda.triggers | list | `[]` | |
+| controller.kind | string | `"Deployment"` | Use a `DaemonSet` or `Deployment` |
+| controller.labels | object | `{}` | Labels to be added to the controller Deployment or DaemonSet and other resources that do not have option to specify labels |
+| controller.lifecycle | object | `{"preStop":{"exec":{"command":["/wait-shutdown"]}}}` | Improve connection draining when ingress controller pod is deleted using a lifecycle hook: With this new hook, we increased the default terminationGracePeriodSeconds from 30 seconds to 300, allowing the draining of connections up to five minutes. If the active connections end before that, the pod will terminate gracefully at that time. To effectively take advantage of this feature, the Configmap feature worker-shutdown-timeout new value is 240s instead of 10s. |
+| controller.livenessProbe.failureThreshold | int | `5` | |
+| controller.livenessProbe.httpGet.path | string | `"/healthz"` | |
+| controller.livenessProbe.httpGet.port | int | `10254` | |
+| controller.livenessProbe.httpGet.scheme | string | `"HTTP"` | |
+| controller.livenessProbe.initialDelaySeconds | int | `10` | |
+| controller.livenessProbe.periodSeconds | int | `10` | |
+| controller.livenessProbe.successThreshold | int | `1` | |
+| controller.livenessProbe.timeoutSeconds | int | `1` | |
+| controller.maxmindLicenseKey | string | `""` | Maxmind license key to download GeoLite2 Databases. |
+| controller.metrics.enabled | bool | `false` | |
+| controller.metrics.port | int | `10254` | |
+| controller.metrics.prometheusRule.additionalLabels | object | `{}` | |
+| controller.metrics.prometheusRule.enabled | bool | `false` | |
+| controller.metrics.prometheusRule.rules | list | `[]` | |
+| controller.metrics.service.annotations | object | `{}` | |
+| controller.metrics.service.externalIPs | list | `[]` | List of IP addresses at which the stats-exporter service is available |
+| controller.metrics.service.loadBalancerSourceRanges | list | `[]` | |
+| controller.metrics.service.servicePort | int | `10254` | |
+| controller.metrics.service.type | string | `"ClusterIP"` | |
+| controller.metrics.serviceMonitor.additionalLabels | object | `{}` | |
+| controller.metrics.serviceMonitor.enabled | bool | `false` | |
+| controller.metrics.serviceMonitor.metricRelabelings | list | `[]` | |
+| controller.metrics.serviceMonitor.namespace | string | `""` | |
+| controller.metrics.serviceMonitor.namespaceSelector | object | `{}` | |
+| controller.metrics.serviceMonitor.relabelings | list | `[]` | |
+| controller.metrics.serviceMonitor.scrapeInterval | string | `"30s"` | |
+| controller.metrics.serviceMonitor.targetLabels | list | `[]` | |
+| controller.minAvailable | int | `1` | |
+| controller.minReadySeconds | int | `0` | `minReadySeconds` to avoid killing pods before we are ready |
+| controller.name | string | `"controller"` | |
+| controller.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for controller pod assignment |
+| controller.podAnnotations | object | `{}` | Annotations to be added to controller pods |
+| controller.podLabels | object | `{}` | Labels to add to the pod container metadata |
+| controller.podSecurityContext | object | `{}` | Security Context policies for controller pods |
+| controller.priorityClassName | string | `""` | |
+| controller.proxySetHeaders | object | `{}` | Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/custom-headers |
+| controller.publishService | object | `{"enabled":true,"pathOverride":""}` | Allows customization of the source of the IP address or FQDN to report in the ingress status field. By default, it reads the information provided by the service. If disable, the status field reports the IP address of the node or nodes where an ingress controller pod is running. |
+| controller.publishService.enabled | bool | `true` | Enable 'publishService' or not |
+| controller.publishService.pathOverride | string | `""` | Allows overriding of the publish service to bind to Must be <namespace>/<service_name> |
+| controller.readinessProbe.failureThreshold | int | `3` | |
+| controller.readinessProbe.httpGet.path | string | `"/healthz"` | |
+| controller.readinessProbe.httpGet.port | int | `10254` | |
+| controller.readinessProbe.httpGet.scheme | string | `"HTTP"` | |
+| controller.readinessProbe.initialDelaySeconds | int | `10` | |
+| controller.readinessProbe.periodSeconds | int | `10` | |
+| controller.readinessProbe.successThreshold | int | `1` | |
+| controller.readinessProbe.timeoutSeconds | int | `1` | |
+| controller.replicaCount | int | `1` | |
+| controller.reportNodeInternalIp | bool | `false` | Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply |
+| controller.resources.requests.cpu | string | `"100m"` | |
+| controller.resources.requests.memory | string | `"90Mi"` | |
+| controller.scope.enabled | bool | `false` | Enable 'scope' or not |
+| controller.scope.namespace | string | `""` | Namespace to limit the controller to; defaults to $(POD_NAMESPACE) |
+| controller.scope.namespaceSelector | string | `""` | When scope.enabled == false, instead of watching all namespaces, we watching namespaces whose labels only match with namespaceSelector. Format like foo=bar. Defaults to empty, means watching all namespaces. |
+| controller.service.annotations | object | `{}` | |
+| controller.service.appProtocol | bool | `true` | If enabled is adding an appProtocol option for Kubernetes service. An appProtocol field replacing annotations that were using for setting a backend protocol. Here is an example for AWS: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http It allows choosing the protocol for each backend specified in the Kubernetes service. See the following GitHub issue for more details about the purpose: https://github.com/kubernetes/kubernetes/issues/40244 Will be ignored for Kubernetes versions older than 1.20 |
+| controller.service.enableHttp | bool | `true` | |
+| controller.service.enableHttps | bool | `true` | |
+| controller.service.enabled | bool | `true` | |
+| controller.service.external.enabled | bool | `true` | |
+| controller.service.externalIPs | list | `[]` | List of IP addresses at which the controller services are available |
+| controller.service.internal.annotations | object | `{}` | Annotations are mandatory for the load balancer to come up. Varies with the cloud service. |
+| controller.service.internal.enabled | bool | `false` | Enables an additional internal load balancer (besides the external one). |
+| controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. |
+| controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. |
+| controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack-ness requested or required by this Service. Possible values are SingleStack, PreferDualStack or RequireDualStack. The ipFamilies and clusterIPs fields depend on the value of this field. |
+| controller.service.labels | object | `{}` | |
+| controller.service.loadBalancerSourceRanges | list | `[]` | |
+| controller.service.nodePorts.http | string | `""` | |
+| controller.service.nodePorts.https | string | `""` | |
+| controller.service.nodePorts.tcp | object | `{}` | |
+| controller.service.nodePorts.udp | object | `{}` | |
+| controller.service.ports.http | int | `80` | |
+| controller.service.ports.https | int | `443` | |
+| controller.service.targetPorts.http | string | `"http"` | |
+| controller.service.targetPorts.https | string | `"https"` | |
+| controller.service.type | string | `"LoadBalancer"` | |
+| controller.sysctls | object | `{}` | See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls |
+| controller.tcp.annotations | object | `{}` | Annotations to be added to the tcp config configmap |
+| controller.tcp.configMapNamespace | string | `""` | Allows customization of the tcp-services-configmap; defaults to $(POD_NAMESPACE) |
+| controller.terminationGracePeriodSeconds | int | `300` | `terminationGracePeriodSeconds` to avoid killing pods before we are ready |
+| controller.tolerations | list | `[]` | Node tolerations for server scheduling to nodes with taints |
+| controller.topologySpreadConstraints | list | `[]` | Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. |
+| controller.udp.annotations | object | `{}` | Annotations to be added to the udp config configmap |
+| controller.udp.configMapNamespace | string | `""` | Allows customization of the udp-services-configmap; defaults to $(POD_NAMESPACE) |
+| controller.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet |
+| controller.watchIngressWithoutClass | bool | `false` | Process Ingress objects without ingressClass annotation/ingressClassName field Overrides value for --watch-ingress-without-class flag of the controller binary Defaults to false |
+| defaultBackend.affinity | object | `{}` | |
+| defaultBackend.autoscaling.annotations | object | `{}` | |
+| defaultBackend.autoscaling.enabled | bool | `false` | |
+| defaultBackend.autoscaling.maxReplicas | int | `2` | |
+| defaultBackend.autoscaling.minReplicas | int | `1` | |
+| defaultBackend.autoscaling.targetCPUUtilizationPercentage | int | `50` | |
+| defaultBackend.autoscaling.targetMemoryUtilizationPercentage | int | `50` | |
+| defaultBackend.containerSecurityContext | object | `{}` | Security Context policies for controller main container. See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls |
+| defaultBackend.enabled | bool | `false` | |
+| defaultBackend.existingPsp | string | `""` | Use an existing PSP instead of creating one |
+| defaultBackend.extraArgs | object | `{}` | |
+| defaultBackend.extraEnvs | list | `[]` | Additional environment variables to set for defaultBackend pods |
+| defaultBackend.extraVolumeMounts | list | `[]` | |
+| defaultBackend.extraVolumes | list | `[]` | |
+| defaultBackend.image.allowPrivilegeEscalation | bool | `false` | |
+| defaultBackend.image.image | string | `"defaultbackend-amd64"` | |
+| defaultBackend.image.pullPolicy | string | `"IfNotPresent"` | |
+| defaultBackend.image.readOnlyRootFilesystem | bool | `true` | |
+| defaultBackend.image.registry | string | `"k8s.gcr.io"` | |
+| defaultBackend.image.runAsNonRoot | bool | `true` | |
+| defaultBackend.image.runAsUser | int | `65534` | |
+| defaultBackend.image.tag | string | `"1.5"` | |
+| defaultBackend.labels | object | `{}` | Labels to be added to the default backend resources |
+| defaultBackend.livenessProbe.failureThreshold | int | `3` | |
+| defaultBackend.livenessProbe.initialDelaySeconds | int | `30` | |
+| defaultBackend.livenessProbe.periodSeconds | int | `10` | |
+| defaultBackend.livenessProbe.successThreshold | int | `1` | |
+| defaultBackend.livenessProbe.timeoutSeconds | int | `5` | |
+| defaultBackend.minAvailable | int | `1` | |
+| defaultBackend.name | string | `"defaultbackend"` | |
+| defaultBackend.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for default backend pod assignment |
+| defaultBackend.podAnnotations | object | `{}` | Annotations to be added to default backend pods |
+| defaultBackend.podLabels | object | `{}` | Labels to add to the pod container metadata |
+| defaultBackend.podSecurityContext | object | `{}` | Security Context policies for controller pods See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls |
+| defaultBackend.port | int | `8080` | |
+| defaultBackend.priorityClassName | string | `""` | |
+| defaultBackend.readinessProbe.failureThreshold | int | `6` | |
+| defaultBackend.readinessProbe.initialDelaySeconds | int | `0` | |
+| defaultBackend.readinessProbe.periodSeconds | int | `5` | |
+| defaultBackend.readinessProbe.successThreshold | int | `1` | |
+| defaultBackend.readinessProbe.timeoutSeconds | int | `5` | |
+| defaultBackend.replicaCount | int | `1` | |
+| defaultBackend.resources | object | `{}` | |
+| defaultBackend.service.annotations | object | `{}` | |
+| defaultBackend.service.externalIPs | list | `[]` | List of IP addresses at which the default backend service is available |
+| defaultBackend.service.loadBalancerSourceRanges | list | `[]` | |
+| defaultBackend.service.servicePort | int | `80` | |
+| defaultBackend.service.type | string | `"ClusterIP"` | |
+| defaultBackend.serviceAccount.automountServiceAccountToken | bool | `true` | |
+| defaultBackend.serviceAccount.create | bool | `true` | |
+| defaultBackend.serviceAccount.name | string | `""` | |
+| defaultBackend.tolerations | list | `[]` | Node tolerations for server scheduling to nodes with taints |
+| dhParam | string | `nil` | A base64-encoded Diffie-Hellman parameter. This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` |
+| imagePullSecrets | list | `[]` | Optional array of imagePullSecrets containing private registry credentials |
+| podSecurityPolicy.enabled | bool | `false` | |
+| rbac.create | bool | `true` | |
+| rbac.scope | bool | `false` | |
+| revisionHistoryLimit | int | `10` | Rollback limit |
+| serviceAccount.annotations | object | `{}` | Annotations for the controller service account |
+| serviceAccount.automountServiceAccountToken | bool | `true` | |
+| serviceAccount.create | bool | `true` | |
+| serviceAccount.name | string | `""` | |
+| tcp | object | `{}` | TCP service key:value pairs |
+| udp | object | `{}` | UDP service key:value pairs |
+
diff --git a/charts/ingress-nginx/README.md.gotmpl b/charts/ingress-nginx/README.md.gotmpl
new file mode 100644
index 0000000..5cd9e59
--- /dev/null
+++ b/charts/ingress-nginx/README.md.gotmpl
@@ -0,0 +1,235 @@
+{{ template "chart.header" . }}
+[ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
+
+{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
+
+To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources.
+
+This chart bootstraps an ingress-nginx deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Prerequisites
+
+- Chart version 3.x.x: Kubernetes v1.16+
+- Chart version 4.x.x and above: Kubernetes v1.19+
+
+## Get Repo Info
+
+```console
+helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
+helm repo update
+```
+
+## Install Chart
+
+**Important:** only helm3 is supported
+
+```console
+helm install [RELEASE_NAME] ingress-nginx/ingress-nginx
+```
+
+The command deploys ingress-nginx on the Kubernetes cluster in the default configuration.
+
+_See [configuration](#configuration) below._
+
+_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
+
+## Uninstall Chart
+
+```console
+helm uninstall [RELEASE_NAME]
+```
+
+This removes all the Kubernetes components associated with the chart and deletes the release.
+
+_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
+
+## Upgrading Chart
+
+```console
+helm upgrade [RELEASE_NAME] [CHART] --install
+```
+
+_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
+
+### Upgrading With Zero Downtime in Production
+
+By default the ingress-nginx controller has service interruptions whenever it's pods are restarted or redeployed. In order to fix that, see the excellent blog post by Lindsay Landry from Codecademy: [Kubernetes: Nginx and Zero Downtime in Production](https://medium.com/codecademy-engineering/kubernetes-nginx-and-zero-downtime-in-production-2c910c6a5ed8).
+
+### Migrating from stable/nginx-ingress
+
+There are two main ways to migrate a release from `stable/nginx-ingress` to `ingress-nginx/ingress-nginx` chart:
+
+1. For Nginx Ingress controllers used for non-critical services, the easiest method is to [uninstall](#uninstall-chart) the old release and [install](#install-chart) the new one
+1. For critical services in production that require zero-downtime, you will want to:
+ 1. [Install](#install-chart) a second Ingress controller
+ 1. Redirect your DNS traffic from the old controller to the new controller
+ 1. Log traffic from both controllers during this changeover
+ 1. [Uninstall](#uninstall-chart) the old controller once traffic has fully drained from it
+ 1. For details on all of these steps see [Upgrading With Zero Downtime in Production](#upgrading-with-zero-downtime-in-production)
+
+Note that there are some different and upgraded configurations between the two charts, described by Rimas Mocevicius from JFrog in the "Upgrading to ingress-nginx Helm chart" section of [Migrating from Helm chart nginx-ingress to ingress-nginx](https://rimusz.net/migrating-to-ingress-nginx). As the `ingress-nginx/ingress-nginx` chart continues to update, you will want to check current differences by running [helm configuration](#configuration) commands on both charts.
+
+## Configuration
+
+See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands:
+
+```console
+helm show values ingress-nginx/ingress-nginx
+```
+
+### PodDisruptionBudget
+
+Note that the PodDisruptionBudget resource will only be defined if the replicaCount is greater than one,
+else it would make it impossible to evacuate a node. See [gh issue #7127](https://github.com/helm/charts/issues/7127) for more info.
+
+### Prometheus Metrics
+
+The Nginx ingress controller can export Prometheus metrics, by setting `controller.metrics.enabled` to `true`.
+
+You can add Prometheus annotations to the metrics service using `controller.metrics.service.annotations`.
+Alternatively, if you use the Prometheus Operator, you can enable ServiceMonitor creation using `controller.metrics.serviceMonitor.enabled`. And set `controller.metrics.serviceMonitor.additionalLabels.release="prometheus"`. "release=prometheus" should match the label configured in the prometheus servicemonitor ( see `kubectl get servicemonitor prometheus-kube-prom-prometheus -oyaml -n prometheus`)
+
+### ingress-nginx nginx\_status page/stats server
+
+Previous versions of this chart had a `controller.stats.*` configuration block, which is now obsolete due to the following changes in nginx ingress controller:
+
+- In [0.16.1](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0161), the vts (virtual host traffic status) dashboard was removed
+- In [0.23.0](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230), the status page at port 18080 is now a unix socket webserver only available at localhost.
+ You can use `curl --unix-socket /tmp/nginx-status-server.sock http://localhost/nginx_status` inside the controller container to access it locally, or use the snippet from [nginx-ingress changelog](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230) to re-enable the http server
+
+### ExternalDNS Service Configuration
+
+Add an [ExternalDNS](https://github.com/kubernetes-incubator/external-dns) annotation to the LoadBalancer service:
+
+```yaml
+controller:
+ service:
+ annotations:
+ external-dns.alpha.kubernetes.io/hostname: kubernetes-example.com.
+```
+
+### AWS L7 ELB with SSL Termination
+
+Annotate the controller as shown in the [nginx-ingress l7 patch](https://github.com/kubernetes/ingress-nginx/blob/main/deploy/aws/l7/service-l7.yaml):
+
+```yaml
+controller:
+ service:
+ targetPorts:
+ http: http
+ https: http
+ annotations:
+ service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:XX-XXXX-X:XXXXXXXXX:certificate/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX
+ service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
+ service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
+ service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600'
+```
+
+### AWS route53-mapper
+
+To configure the LoadBalancer service with the [route53-mapper addon](https://github.com/kubernetes/kops/tree/master/addons/route53-mapper), add the `domainName` annotation and `dns` label:
+
+```yaml
+controller:
+ service:
+ labels:
+ dns: "route53"
+ annotations:
+ domainName: "kubernetes-example.com"
+```
+
+### Additional Internal Load Balancer
+
+This setup is useful when you need both external and internal load balancers but don't want to have multiple ingress controllers and multiple ingress objects per application.
+
+By default, the ingress object will point to the external load balancer address, but if correctly configured, you can make use of the internal one if the URL you are looking up resolves to the internal load balancer's URL.
+
+You'll need to set both the following values:
+
+`controller.service.internal.enabled`
+`controller.service.internal.annotations`
+
+If one of them is missing the internal load balancer will not be deployed. Example you may have `controller.service.internal.enabled=true` but no annotations set, in this case no action will be taken.
+
+`controller.service.internal.annotations` varies with the cloud service you're using.
+
+Example for AWS:
+
+```yaml
+controller:
+ service:
+ internal:
+ enabled: true
+ annotations:
+ # Create internal ELB
+ service.beta.kubernetes.io/aws-load-balancer-internal: "true"
+ # Any other annotation can be declared here.
+```
+
+Example for GCE:
+
+```yaml
+controller:
+ service:
+ internal:
+ enabled: true
+ annotations:
+ # Create internal LB. More informations: https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing
+ # For GKE versions 1.17 and later
+ networking.gke.io/load-balancer-type: "Internal"
+ # For earlier versions
+ # cloud.google.com/load-balancer-type: "Internal"
+
+ # Any other annotation can be declared here.
+```
+
+Example for Azure:
+
+```yaml
+controller:
+ service:
+ annotations:
+ # Create internal LB
+ service.beta.kubernetes.io/azure-load-balancer-internal: "true"
+ # Any other annotation can be declared here.
+```
+
+Example for Oracle Cloud Infrastructure:
+
+```yaml
+controller:
+ service:
+ annotations:
+ # Create internal LB
+ service.beta.kubernetes.io/oci-load-balancer-internal: "true"
+ # Any other annotation can be declared here.
+```
+
+An use case for this scenario is having a split-view DNS setup where the public zone CNAME records point to the external balancer URL while the private zone CNAME records point to the internal balancer URL. This way, you only need one ingress kubernetes object.
+
+Optionally you can set `controller.service.loadBalancerIP` if you need a static IP for the resulting `LoadBalancer`.
+
+### Ingress Admission Webhooks
+
+With nginx-ingress-controller version 0.25+, the nginx ingress controller pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent bad ingress from being added to the cluster.
+**This feature is enabled by default since 0.31.0.**
+
+With nginx-ingress-controller in 0.25.* work only with kubernetes 1.14+, 0.26 fix [this issue](https://github.com/kubernetes/ingress-nginx/pull/4521)
+
+### Helm Error When Upgrading: spec.clusterIP: Invalid value: ""
+
+If you are upgrading this chart from a version between 0.31.0 and 1.2.2 then you may get an error like this:
+
+```console
+Error: UPGRADE FAILED: Service "?????-controller" is invalid: spec.clusterIP: Invalid value: "": field is immutable
+```
+
+Detail of how and why are in [this issue](https://github.com/helm/charts/pull/13646) but to resolve this you can set `xxxx.service.omitClusterIP` to `true` where `xxxx` is the service referenced in the error.
+
+As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered.
+
+{{ template "chart.requirementsSection" . }}
+
+{{ template "chart.valuesSection" . }}
+
+{{ template "helm-docs.versionFooter" . }}
diff --git a/charts/ingress-nginx/ci/controller-custom-ingressclass-flags.yaml b/charts/ingress-nginx/ci/controller-custom-ingressclass-flags.yaml
new file mode 100644
index 0000000..b28a232
--- /dev/null
+++ b/charts/ingress-nginx/ci/controller-custom-ingressclass-flags.yaml
@@ -0,0 +1,7 @@
+controller:
+ watchIngressWithoutClass: true
+ ingressClassResource:
+ name: custom-nginx
+ enabled: true
+ default: true
+ controllerValue: "k8s.io/custom-nginx"
diff --git a/charts/ingress-nginx/ci/daemonset-customconfig-values.yaml b/charts/ingress-nginx/ci/daemonset-customconfig-values.yaml
new file mode 100644
index 0000000..4393a5b
--- /dev/null
+++ b/charts/ingress-nginx/ci/daemonset-customconfig-values.yaml
@@ -0,0 +1,14 @@
+controller:
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ kind: DaemonSet
+ allowSnippetAnnotations: false
+ admissionWebhooks:
+ enabled: false
+ service:
+ type: ClusterIP
+
+ config:
+ use-proxy-protocol: "true"
diff --git a/charts/ingress-nginx/ci/daemonset-customnodeport-values.yaml b/charts/ingress-nginx/ci/daemonset-customnodeport-values.yaml
new file mode 100644
index 0000000..1d94be2
--- /dev/null
+++ b/charts/ingress-nginx/ci/daemonset-customnodeport-values.yaml
@@ -0,0 +1,22 @@
+controller:
+ kind: DaemonSet
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+
+ service:
+ type: NodePort
+ nodePorts:
+ tcp:
+ 9000: 30090
+ udp:
+ 9001: 30091
+
+tcp:
+ 9000: "default/test:8080"
+
+udp:
+ 9001: "default/test:8080"
diff --git a/charts/ingress-nginx/ci/daemonset-extra-modules.yaml b/charts/ingress-nginx/ci/daemonset-extra-modules.yaml
new file mode 100644
index 0000000..f299dbf
--- /dev/null
+++ b/charts/ingress-nginx/ci/daemonset-extra-modules.yaml
@@ -0,0 +1,10 @@
+controller:
+ kind: DaemonSet
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ service:
+ type: ClusterIP
+ extraModules:
+ - name: opentelemetry
+ image: busybox
diff --git a/charts/ingress-nginx/ci/daemonset-headers-values.yaml b/charts/ingress-nginx/ci/daemonset-headers-values.yaml
new file mode 100644
index 0000000..ab7d47b
--- /dev/null
+++ b/charts/ingress-nginx/ci/daemonset-headers-values.yaml
@@ -0,0 +1,14 @@
+controller:
+ kind: DaemonSet
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+ addHeaders:
+ X-Frame-Options: deny
+ proxySetHeaders:
+ X-Forwarded-Proto: https
+ service:
+ type: ClusterIP
diff --git a/charts/ingress-nginx/ci/daemonset-internal-lb-values.yaml b/charts/ingress-nginx/ci/daemonset-internal-lb-values.yaml
new file mode 100644
index 0000000..0a200a7
--- /dev/null
+++ b/charts/ingress-nginx/ci/daemonset-internal-lb-values.yaml
@@ -0,0 +1,14 @@
+controller:
+ kind: DaemonSet
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+ service:
+ type: ClusterIP
+ internal:
+ enabled: true
+ annotations:
+ service.beta.kubernetes.io/aws-load-balancer-internal: "true"
diff --git a/charts/ingress-nginx/ci/daemonset-nodeport-values.yaml b/charts/ingress-nginx/ci/daemonset-nodeport-values.yaml
new file mode 100644
index 0000000..3b7aa2f
--- /dev/null
+++ b/charts/ingress-nginx/ci/daemonset-nodeport-values.yaml
@@ -0,0 +1,10 @@
+controller:
+ kind: DaemonSet
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+ service:
+ type: NodePort
diff --git a/charts/ingress-nginx/ci/daemonset-podannotations-values.yaml b/charts/ingress-nginx/ci/daemonset-podannotations-values.yaml
new file mode 100644
index 0000000..0b55306
--- /dev/null
+++ b/charts/ingress-nginx/ci/daemonset-podannotations-values.yaml
@@ -0,0 +1,17 @@
+controller:
+ kind: DaemonSet
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+ metrics:
+ enabled: true
+ service:
+ type: ClusterIP
+ podAnnotations:
+ prometheus.io/path: /metrics
+ prometheus.io/port: "10254"
+ prometheus.io/scheme: http
+ prometheus.io/scrape: "true"
diff --git a/charts/ingress-nginx/ci/daemonset-tcp-udp-configMapNamespace-values.yaml b/charts/ingress-nginx/ci/daemonset-tcp-udp-configMapNamespace-values.yaml
new file mode 100644
index 0000000..acd86a7
--- /dev/null
+++ b/charts/ingress-nginx/ci/daemonset-tcp-udp-configMapNamespace-values.yaml
@@ -0,0 +1,20 @@
+controller:
+ kind: DaemonSet
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+ service:
+ type: ClusterIP
+ tcp:
+ configMapNamespace: default
+ udp:
+ configMapNamespace: default
+
+tcp:
+ 9000: "default/test:8080"
+
+udp:
+ 9001: "default/test:8080"
diff --git a/charts/ingress-nginx/ci/daemonset-tcp-udp-values.yaml b/charts/ingress-nginx/ci/daemonset-tcp-udp-values.yaml
new file mode 100644
index 0000000..25ee64d
--- /dev/null
+++ b/charts/ingress-nginx/ci/daemonset-tcp-udp-values.yaml
@@ -0,0 +1,16 @@
+controller:
+ kind: DaemonSet
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+ service:
+ type: ClusterIP
+
+tcp:
+ 9000: "default/test:8080"
+
+udp:
+ 9001: "default/test:8080"
diff --git a/charts/ingress-nginx/ci/daemonset-tcp-values.yaml b/charts/ingress-nginx/ci/daemonset-tcp-values.yaml
new file mode 100644
index 0000000..380c8b4
--- /dev/null
+++ b/charts/ingress-nginx/ci/daemonset-tcp-values.yaml
@@ -0,0 +1,14 @@
+controller:
+ kind: DaemonSet
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+ service:
+ type: ClusterIP
+
+tcp:
+ 9000: "default/test:8080"
+ 9001: "default/test:8080"
diff --git a/charts/ingress-nginx/ci/deamonset-default-values.yaml b/charts/ingress-nginx/ci/deamonset-default-values.yaml
new file mode 100644
index 0000000..82fa23e
--- /dev/null
+++ b/charts/ingress-nginx/ci/deamonset-default-values.yaml
@@ -0,0 +1,10 @@
+controller:
+ kind: DaemonSet
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+ service:
+ type: ClusterIP
diff --git a/charts/ingress-nginx/ci/deamonset-metrics-values.yaml b/charts/ingress-nginx/ci/deamonset-metrics-values.yaml
new file mode 100644
index 0000000..cb3cb54
--- /dev/null
+++ b/charts/ingress-nginx/ci/deamonset-metrics-values.yaml
@@ -0,0 +1,12 @@
+controller:
+ kind: DaemonSet
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+ metrics:
+ enabled: true
+ service:
+ type: ClusterIP
diff --git a/charts/ingress-nginx/ci/deamonset-psp-values.yaml b/charts/ingress-nginx/ci/deamonset-psp-values.yaml
new file mode 100644
index 0000000..8026a63
--- /dev/null
+++ b/charts/ingress-nginx/ci/deamonset-psp-values.yaml
@@ -0,0 +1,13 @@
+controller:
+ kind: DaemonSet
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+ service:
+ type: ClusterIP
+
+podSecurityPolicy:
+ enabled: true
diff --git a/charts/ingress-nginx/ci/deamonset-webhook-and-psp-values.yaml b/charts/ingress-nginx/ci/deamonset-webhook-and-psp-values.yaml
new file mode 100644
index 0000000..fccdb13
--- /dev/null
+++ b/charts/ingress-nginx/ci/deamonset-webhook-and-psp-values.yaml
@@ -0,0 +1,13 @@
+controller:
+ kind: DaemonSet
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: true
+ service:
+ type: ClusterIP
+
+podSecurityPolicy:
+ enabled: true
diff --git a/charts/ingress-nginx/ci/deamonset-webhook-values.yaml b/charts/ingress-nginx/ci/deamonset-webhook-values.yaml
new file mode 100644
index 0000000..54d364d
--- /dev/null
+++ b/charts/ingress-nginx/ci/deamonset-webhook-values.yaml
@@ -0,0 +1,10 @@
+controller:
+ kind: DaemonSet
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: true
+ service:
+ type: ClusterIP
diff --git a/charts/ingress-nginx/ci/deployment-autoscaling-behavior-values.yaml b/charts/ingress-nginx/ci/deployment-autoscaling-behavior-values.yaml
new file mode 100644
index 0000000..dca3f35
--- /dev/null
+++ b/charts/ingress-nginx/ci/deployment-autoscaling-behavior-values.yaml
@@ -0,0 +1,14 @@
+controller:
+ autoscaling:
+ enabled: true
+ behavior:
+ scaleDown:
+ stabilizationWindowSeconds: 300
+ policies:
+ - type: Pods
+ value: 1
+ periodSeconds: 180
+ admissionWebhooks:
+ enabled: false
+ service:
+ type: ClusterIP
diff --git a/charts/ingress-nginx/ci/deployment-autoscaling-values.yaml b/charts/ingress-nginx/ci/deployment-autoscaling-values.yaml
new file mode 100644
index 0000000..b8b3ac6
--- /dev/null
+++ b/charts/ingress-nginx/ci/deployment-autoscaling-values.yaml
@@ -0,0 +1,11 @@
+controller:
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ autoscaling:
+ enabled: true
+ admissionWebhooks:
+ enabled: false
+ service:
+ type: ClusterIP
diff --git a/charts/ingress-nginx/ci/deployment-customconfig-values.yaml b/charts/ingress-nginx/ci/deployment-customconfig-values.yaml
new file mode 100644
index 0000000..1749418
--- /dev/null
+++ b/charts/ingress-nginx/ci/deployment-customconfig-values.yaml
@@ -0,0 +1,12 @@
+controller:
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ config:
+ use-proxy-protocol: "true"
+ allowSnippetAnnotations: false
+ admissionWebhooks:
+ enabled: false
+ service:
+ type: ClusterIP
diff --git a/charts/ingress-nginx/ci/deployment-customnodeport-values.yaml b/charts/ingress-nginx/ci/deployment-customnodeport-values.yaml
new file mode 100644
index 0000000..a564eaf
--- /dev/null
+++ b/charts/ingress-nginx/ci/deployment-customnodeport-values.yaml
@@ -0,0 +1,20 @@
+controller:
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+ service:
+ type: NodePort
+ nodePorts:
+ tcp:
+ 9000: 30090
+ udp:
+ 9001: 30091
+
+tcp:
+ 9000: "default/test:8080"
+
+udp:
+ 9001: "default/test:8080"
diff --git a/charts/ingress-nginx/ci/deployment-default-values.yaml b/charts/ingress-nginx/ci/deployment-default-values.yaml
new file mode 100644
index 0000000..9f46b4e
--- /dev/null
+++ b/charts/ingress-nginx/ci/deployment-default-values.yaml
@@ -0,0 +1,8 @@
+# Left blank to test default values
+controller:
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ service:
+ type: ClusterIP
diff --git a/charts/ingress-nginx/ci/deployment-extra-modules.yaml b/charts/ingress-nginx/ci/deployment-extra-modules.yaml
new file mode 100644
index 0000000..ec59235
--- /dev/null
+++ b/charts/ingress-nginx/ci/deployment-extra-modules.yaml
@@ -0,0 +1,10 @@
+controller:
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ service:
+ type: ClusterIP
+ extraModules:
+ - name: opentelemetry
+ image: busybox
diff --git a/charts/ingress-nginx/ci/deployment-headers-values.yaml b/charts/ingress-nginx/ci/deployment-headers-values.yaml
new file mode 100644
index 0000000..17a11ac
--- /dev/null
+++ b/charts/ingress-nginx/ci/deployment-headers-values.yaml
@@ -0,0 +1,13 @@
+controller:
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+ addHeaders:
+ X-Frame-Options: deny
+ proxySetHeaders:
+ X-Forwarded-Proto: https
+ service:
+ type: ClusterIP
diff --git a/charts/ingress-nginx/ci/deployment-internal-lb-values.yaml b/charts/ingress-nginx/ci/deployment-internal-lb-values.yaml
new file mode 100644
index 0000000..fd8df8d
--- /dev/null
+++ b/charts/ingress-nginx/ci/deployment-internal-lb-values.yaml
@@ -0,0 +1,13 @@
+controller:
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+ service:
+ type: ClusterIP
+ internal:
+ enabled: true
+ annotations:
+ service.beta.kubernetes.io/aws-load-balancer-internal: "true"
diff --git a/charts/ingress-nginx/ci/deployment-metrics-values.yaml b/charts/ingress-nginx/ci/deployment-metrics-values.yaml
new file mode 100644
index 0000000..9209ad5
--- /dev/null
+++ b/charts/ingress-nginx/ci/deployment-metrics-values.yaml
@@ -0,0 +1,11 @@
+controller:
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+ metrics:
+ enabled: true
+ service:
+ type: ClusterIP
diff --git a/charts/ingress-nginx/ci/deployment-nodeport-values.yaml b/charts/ingress-nginx/ci/deployment-nodeport-values.yaml
new file mode 100644
index 0000000..cd9b323
--- /dev/null
+++ b/charts/ingress-nginx/ci/deployment-nodeport-values.yaml
@@ -0,0 +1,9 @@
+controller:
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+ service:
+ type: NodePort
diff --git a/charts/ingress-nginx/ci/deployment-podannotations-values.yaml b/charts/ingress-nginx/ci/deployment-podannotations-values.yaml
new file mode 100644
index 0000000..b48d93c
--- /dev/null
+++ b/charts/ingress-nginx/ci/deployment-podannotations-values.yaml
@@ -0,0 +1,16 @@
+controller:
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+ metrics:
+ enabled: true
+ service:
+ type: ClusterIP
+ podAnnotations:
+ prometheus.io/path: /metrics
+ prometheus.io/port: "10254"
+ prometheus.io/scheme: http
+ prometheus.io/scrape: "true"
diff --git a/charts/ingress-nginx/ci/deployment-psp-values.yaml b/charts/ingress-nginx/ci/deployment-psp-values.yaml
new file mode 100644
index 0000000..2f332a7
--- /dev/null
+++ b/charts/ingress-nginx/ci/deployment-psp-values.yaml
@@ -0,0 +1,10 @@
+controller:
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ service:
+ type: ClusterIP
+
+podSecurityPolicy:
+ enabled: true
diff --git a/charts/ingress-nginx/ci/deployment-tcp-udp-configMapNamespace-values.yaml b/charts/ingress-nginx/ci/deployment-tcp-udp-configMapNamespace-values.yaml
new file mode 100644
index 0000000..c51a4e9
--- /dev/null
+++ b/charts/ingress-nginx/ci/deployment-tcp-udp-configMapNamespace-values.yaml
@@ -0,0 +1,19 @@
+controller:
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+ service:
+ type: ClusterIP
+ tcp:
+ configMapNamespace: default
+ udp:
+ configMapNamespace: default
+
+tcp:
+ 9000: "default/test:8080"
+
+udp:
+ 9001: "default/test:8080"
diff --git a/charts/ingress-nginx/ci/deployment-tcp-udp-values.yaml b/charts/ingress-nginx/ci/deployment-tcp-udp-values.yaml
new file mode 100644
index 0000000..5b45b69
--- /dev/null
+++ b/charts/ingress-nginx/ci/deployment-tcp-udp-values.yaml
@@ -0,0 +1,15 @@
+controller:
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+ service:
+ type: ClusterIP
+
+tcp:
+ 9000: "default/test:8080"
+
+udp:
+ 9001: "default/test:8080"
diff --git a/charts/ingress-nginx/ci/deployment-tcp-values.yaml b/charts/ingress-nginx/ci/deployment-tcp-values.yaml
new file mode 100644
index 0000000..ac0b6e6
--- /dev/null
+++ b/charts/ingress-nginx/ci/deployment-tcp-values.yaml
@@ -0,0 +1,11 @@
+controller:
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ service:
+ type: ClusterIP
+
+tcp:
+ 9000: "default/test:8080"
+ 9001: "default/test:8080"
diff --git a/charts/ingress-nginx/ci/deployment-webhook-and-psp-values.yaml b/charts/ingress-nginx/ci/deployment-webhook-and-psp-values.yaml
new file mode 100644
index 0000000..6195bb3
--- /dev/null
+++ b/charts/ingress-nginx/ci/deployment-webhook-and-psp-values.yaml
@@ -0,0 +1,12 @@
+controller:
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: true
+ service:
+ type: ClusterIP
+
+podSecurityPolicy:
+ enabled: true
diff --git a/charts/ingress-nginx/ci/deployment-webhook-resources-values.yaml b/charts/ingress-nginx/ci/deployment-webhook-resources-values.yaml
new file mode 100644
index 0000000..49ebbb0
--- /dev/null
+++ b/charts/ingress-nginx/ci/deployment-webhook-resources-values.yaml
@@ -0,0 +1,23 @@
+controller:
+ service:
+ type: ClusterIP
+ admissionWebhooks:
+ enabled: true
+ createSecretJob:
+ resources:
+ limits:
+ cpu: 10m
+ memory: 20Mi
+ requests:
+ cpu: 10m
+ memory: 20Mi
+ patchWebhookJob:
+ resources:
+ limits:
+ cpu: 10m
+ memory: 20Mi
+ requests:
+ cpu: 10m
+ memory: 20Mi
+ patch:
+ enabled: true
diff --git a/charts/ingress-nginx/ci/deployment-webhook-values.yaml b/charts/ingress-nginx/ci/deployment-webhook-values.yaml
new file mode 100644
index 0000000..76669a5
--- /dev/null
+++ b/charts/ingress-nginx/ci/deployment-webhook-values.yaml
@@ -0,0 +1,9 @@
+controller:
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: true
+ service:
+ type: ClusterIP
diff --git a/charts/ingress-nginx/templates/NOTES.txt b/charts/ingress-nginx/templates/NOTES.txt
new file mode 100644
index 0000000..c10ab03
--- /dev/null
+++ b/charts/ingress-nginx/templates/NOTES.txt
@@ -0,0 +1,79 @@
+The ingress-nginx controller has been installed.
+
+{{- if contains "NodePort" .Values.controller.service.type }}
+Get the application URL by running these commands:
+
+{{- if (not (empty .Values.controller.service.nodePorts.http)) }}
+ export HTTP_NODE_PORT={{ .Values.controller.service.nodePorts.http }}
+{{- else }}
+ export HTTP_NODE_PORT=$(kubectl --namespace {{ .Release.Namespace }} get services -o jsonpath="{.spec.ports[0].nodePort}" {{ include "ingress-nginx.controller.fullname" . }})
+{{- end }}
+{{- if (not (empty .Values.controller.service.nodePorts.https)) }}
+ export HTTPS_NODE_PORT={{ .Values.controller.service.nodePorts.https }}
+{{- else }}
+ export HTTPS_NODE_PORT=$(kubectl --namespace {{ .Release.Namespace }} get services -o jsonpath="{.spec.ports[1].nodePort}" {{ include "ingress-nginx.controller.fullname" . }})
+{{- end }}
+ export NODE_IP=$(kubectl --namespace {{ .Release.Namespace }} get nodes -o jsonpath="{.items[0].status.addresses[1].address}")
+
+ echo "Visit http://$NODE_IP:$HTTP_NODE_PORT to access your application via HTTP."
+ echo "Visit https://$NODE_IP:$HTTPS_NODE_PORT to access your application via HTTPS."
+{{- else if contains "LoadBalancer" .Values.controller.service.type }}
+It may take a few minutes for the LoadBalancer IP to be available.
+You can watch the status by running 'kubectl --namespace {{ .Release.Namespace }} get services -o wide -w {{ include "ingress-nginx.controller.fullname" . }}'
+{{- else if contains "ClusterIP" .Values.controller.service.type }}
+Get the application URL by running these commands:
+ export POD_NAME=$(kubectl --namespace {{ .Release.Namespace }} get pods -o jsonpath="{.items[0].metadata.name}" -l "app={{ template "ingress-nginx.name" . }},component={{ .Values.controller.name }},release={{ .Release.Name }}")
+ kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
+ echo "Visit http://127.0.0.1:8080 to access your application."
+{{- end }}
+
+An example Ingress that makes use of the controller:
+
+{{- $isV1 := semverCompare ">=1" .Chart.AppVersion}}
+ apiVersion: networking.k8s.io/v1
+ kind: Ingress
+ metadata:
+ name: example
+ namespace: foo
+ {{- if eq $isV1 false }}
+ annotations:
+ kubernetes.io/ingress.class: {{ .Values.controller.ingressClass }}
+ {{- end }}
+ spec:
+ {{- if $isV1 }}
+ ingressClassName: {{ .Values.controller.ingressClassResource.name }}
+ {{- end }}
+ rules:
+ - host: www.example.com
+ http:
+ paths:
+ - backend:
+ service:
+ name: exampleService
+ port:
+ number: 80
+ path: /
+ # This section is only required if TLS is to be enabled for the Ingress
+ tls:
+ - hosts:
+ - www.example.com
+ secretName: example-tls
+
+If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:
+
+ apiVersion: v1
+ kind: Secret
+ metadata:
+ name: example-tls
+ namespace: foo
+ data:
+ tls.crt: <base64 encoded cert>
+ tls.key: <base64 encoded key>
+ type: kubernetes.io/tls
+
+{{- if .Values.controller.headers }}
+#################################################################################
+###### WARNING: `controller.headers` has been deprecated! #####
+###### It has been renamed to `controller.proxySetHeaders`. #####
+#################################################################################
+{{- end }}
diff --git a/charts/ingress-nginx/templates/_helpers.tpl b/charts/ingress-nginx/templates/_helpers.tpl
new file mode 100644
index 0000000..a72af5d
--- /dev/null
+++ b/charts/ingress-nginx/templates/_helpers.tpl
@@ -0,0 +1,156 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "ingress-nginx.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "ingress-nginx.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "ingress-nginx.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+
+{{/*
+Container SecurityContext.
+*/}}
+{{- define "controller.containerSecurityContext" -}}
+{{- if .Values.controller.containerSecurityContext -}}
+{{- toYaml .Values.controller.containerSecurityContext -}}
+{{- else -}}
+capabilities:
+ drop:
+ - ALL
+ add:
+ - NET_BIND_SERVICE
+runAsUser: {{ .Values.controller.image.runAsUser }}
+allowPrivilegeEscalation: {{ .Values.controller.image.allowPrivilegeEscalation }}
+{{- end }}
+{{- end -}}
+
+{{/*
+Create a default fully qualified controller name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "ingress-nginx.controller.fullname" -}}
+{{- printf "%s-%s" (include "ingress-nginx.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Construct the path for the publish-service.
+
+By convention this will simply use the <namespace>/<controller-name> to match the name of the
+service generated.
+
+Users can provide an override for an explicit service they want bound via `.Values.controller.publishService.pathOverride`
+
+*/}}
+{{- define "ingress-nginx.controller.publishServicePath" -}}
+{{- $defServiceName := printf "%s/%s" "$(POD_NAMESPACE)" (include "ingress-nginx.controller.fullname" .) -}}
+{{- $servicePath := default $defServiceName .Values.controller.publishService.pathOverride }}
+{{- print $servicePath | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified default backend name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "ingress-nginx.defaultBackend.fullname" -}}
+{{- printf "%s-%s" (include "ingress-nginx.fullname" .) .Values.defaultBackend.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "ingress-nginx.labels" -}}
+helm.sh/chart: {{ include "ingress-nginx.chart" . }}
+{{ include "ingress-nginx.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/part-of: {{ template "ingress-nginx.name" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- if .Values.commonLabels}}
+{{ toYaml .Values.commonLabels }}
+{{- end }}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "ingress-nginx.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "ingress-nginx.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+{{/*
+Create the name of the controller service account to use
+*/}}
+{{- define "ingress-nginx.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+ {{ default (include "ingress-nginx.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the backend service account to use - only used when podsecuritypolicy is also enabled
+*/}}
+{{- define "ingress-nginx.defaultBackend.serviceAccountName" -}}
+{{- if .Values.defaultBackend.serviceAccount.create -}}
+ {{ default (printf "%s-backend" (include "ingress-nginx.fullname" .)) .Values.defaultBackend.serviceAccount.name }}
+{{- else -}}
+ {{ default "default-backend" .Values.defaultBackend.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiGroup for PodSecurityPolicy.
+*/}}
+{{- define "podSecurityPolicy.apiGroup" -}}
+{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- print "policy" -}}
+{{- else -}}
+{{- print "extensions" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Check the ingress controller version tag is at most three versions behind the last release
+*/}}
+{{- define "isControllerTagValid" -}}
+{{- if not (semverCompare ">=0.27.0-0" .Values.controller.image.tag) -}}
+{{- fail "Controller container image tag should be 0.27.0 or higher" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+IngressClass parameters.
+*/}}
+{{- define "ingressClass.parameters" -}}
+ {{- if .Values.controller.ingressClassResource.parameters -}}
+ parameters:
+{{ toYaml .Values.controller.ingressClassResource.parameters | indent 4}}
+ {{ end }}
+{{- end -}}
diff --git a/charts/ingress-nginx/templates/_params.tpl b/charts/ingress-nginx/templates/_params.tpl
new file mode 100644
index 0000000..305ce0d
--- /dev/null
+++ b/charts/ingress-nginx/templates/_params.tpl
@@ -0,0 +1,62 @@
+{{- define "ingress-nginx.params" -}}
+- /nginx-ingress-controller
+{{- if .Values.defaultBackend.enabled }}
+- --default-backend-service=$(POD_NAMESPACE)/{{ include "ingress-nginx.defaultBackend.fullname" . }}
+{{- end }}
+{{- if and .Values.controller.publishService.enabled .Values.controller.service.enabled }}
+{{- if .Values.controller.service.external.enabled }}
+- --publish-service={{ template "ingress-nginx.controller.publishServicePath" . }}
+{{- else if .Values.controller.service.internal.enabled }}
+- --publish-service={{ template "ingress-nginx.controller.publishServicePath" . }}-internal
+{{- end }}
+{{- end }}
+- --election-id={{ .Values.controller.electionID }}
+- --controller-class={{ .Values.controller.ingressClassResource.controllerValue }}
+{{- if .Values.controller.ingressClass }}
+- --ingress-class={{ .Values.controller.ingressClass }}
+{{- end }}
+- --configmap={{ default "$(POD_NAMESPACE)" .Values.controller.configMapNamespace }}/{{ include "ingress-nginx.controller.fullname" . }}
+{{- if .Values.tcp }}
+- --tcp-services-configmap={{ default "$(POD_NAMESPACE)" .Values.controller.tcp.configMapNamespace }}/{{ include "ingress-nginx.fullname" . }}-tcp
+{{- end }}
+{{- if .Values.udp }}
+- --udp-services-configmap={{ default "$(POD_NAMESPACE)" .Values.controller.udp.configMapNamespace }}/{{ include "ingress-nginx.fullname" . }}-udp
+{{- end }}
+{{- if .Values.controller.scope.enabled }}
+- --watch-namespace={{ default "$(POD_NAMESPACE)" .Values.controller.scope.namespace }}
+{{- end }}
+{{- if and (not .Values.controller.scope.enabled) .Values.controller.scope.namespaceSelector }}
+- --watch-namespace-selector={{ default "" .Values.controller.scope.namespaceSelector }}
+{{- end }}
+{{- if and .Values.controller.reportNodeInternalIp .Values.controller.hostNetwork }}
+- --report-node-internal-ip-address={{ .Values.controller.reportNodeInternalIp }}
+{{- end }}
+{{- if .Values.controller.admissionWebhooks.enabled }}
+- --validating-webhook=:{{ .Values.controller.admissionWebhooks.port }}
+- --validating-webhook-certificate={{ .Values.controller.admissionWebhooks.certificate }}
+- --validating-webhook-key={{ .Values.controller.admissionWebhooks.key }}
+{{- end }}
+{{- if .Values.controller.maxmindLicenseKey }}
+- --maxmind-license-key={{ .Values.controller.maxmindLicenseKey }}
+{{- end }}
+{{- if .Values.controller.healthCheckHost }}
+- --healthz-host={{ .Values.controller.healthCheckHost }}
+{{- end }}
+{{- if not (eq .Values.controller.healthCheckPath "/healthz") }}
+- --health-check-path={{ .Values.controller.healthCheckPath }}
+{{- end }}
+{{- if .Values.controller.ingressClassByName }}
+- --ingress-class-by-name=true
+{{- end }}
+{{- if .Values.controller.watchIngressWithoutClass }}
+- --watch-ingress-without-class=true
+{{- end }}
+{{- range $key, $value := .Values.controller.extraArgs }}
+{{- /* Accept keys without values or with false as value */}}
+{{- if eq ($value | quote | len) 2 }}
+- --{{ $key }}
+{{- else }}
+- --{{ $key }}={{ $value }}
+{{- end }}
+{{- end }}
+{{- end -}}
diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml
new file mode 100644
index 0000000..5659a1f
--- /dev/null
+++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml
@@ -0,0 +1,34 @@
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ include "ingress-nginx.fullname" . }}-admission
+ annotations:
+ "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: admission-webhook
+ {{- with .Values.controller.admissionWebhooks.patch.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+rules:
+ - apiGroups:
+ - admissionregistration.k8s.io
+ resources:
+ - validatingwebhookconfigurations
+ verbs:
+ - get
+ - update
+{{- if .Values.podSecurityPolicy.enabled }}
+ - apiGroups: ['extensions']
+ resources: ['podsecuritypolicies']
+ verbs: ['use']
+ resourceNames:
+ {{- with .Values.controller.admissionWebhooks.existingPsp }}
+ - {{ . }}
+ {{- else }}
+ - {{ include "ingress-nginx.fullname" . }}-admission
+ {{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
new file mode 100644
index 0000000..abf17fb
--- /dev/null
+++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
@@ -0,0 +1,23 @@
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ include "ingress-nginx.fullname" . }}-admission
+ annotations:
+ "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: admission-webhook
+ {{- with .Values.controller.admissionWebhooks.patch.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ include "ingress-nginx.fullname" . }}-admission
+subjects:
+ - kind: ServiceAccount
+ name: {{ include "ingress-nginx.fullname" . }}-admission
+ namespace: {{ .Release.Namespace | quote }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
new file mode 100644
index 0000000..e57bfde
--- /dev/null
+++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
@@ -0,0 +1,75 @@
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "ingress-nginx.fullname" . }}-admission-create
+ namespace: {{ .Release.Namespace }}
+ annotations:
+ "helm.sh/hook": pre-install,pre-upgrade
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+ {{- with .Values.controller.admissionWebhooks.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: admission-webhook
+ {{- with .Values.controller.admissionWebhooks.patch.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+{{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
+ # Alpha feature since k8s 1.12
+ ttlSecondsAfterFinished: 0
+{{- end }}
+ template:
+ metadata:
+ name: {{ include "ingress-nginx.fullname" . }}-admission-create
+ {{- if .Values.controller.admissionWebhooks.patch.podAnnotations }}
+ annotations: {{ toYaml .Values.controller.admissionWebhooks.patch.podAnnotations | nindent 8 }}
+ {{- end }}
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 8 }}
+ app.kubernetes.io/component: admission-webhook
+ {{- with .Values.controller.admissionWebhooks.patch.labels }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ spec:
+ {{- if .Values.controller.admissionWebhooks.patch.priorityClassName }}
+ priorityClassName: {{ .Values.controller.admissionWebhooks.patch.priorityClassName }}
+ {{- end }}
+ {{- if .Values.imagePullSecrets }}
+ imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
+ {{- end }}
+ containers:
+ - name: create
+ {{- with .Values.controller.admissionWebhooks.patch.image }}
+ image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}"
+ {{- end }}
+ imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }}
+ args:
+ - create
+ - --host={{ include "ingress-nginx.controller.fullname" . }}-admission,{{ include "ingress-nginx.controller.fullname" . }}-admission.$(POD_NAMESPACE).svc
+ - --namespace=$(POD_NAMESPACE)
+ - --secret-name={{ include "ingress-nginx.fullname" . }}-admission
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ securityContext:
+ allowPrivilegeEscalation: false
+ {{- if .Values.controller.admissionWebhooks.createSecretJob.resources }}
+ resources: {{ toYaml .Values.controller.admissionWebhooks.createSecretJob.resources | nindent 12 }}
+ {{- end }}
+ restartPolicy: OnFailure
+ serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission
+ {{- if .Values.controller.admissionWebhooks.patch.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.admissionWebhooks.patch.tolerations }}
+ tolerations: {{ toYaml .Values.controller.admissionWebhooks.patch.tolerations | nindent 8 }}
+ {{- end }}
+ securityContext:
+ runAsNonRoot: true
+ runAsUser: {{ .Values.controller.admissionWebhooks.patch.runAsUser }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
new file mode 100644
index 0000000..4f8ba14
--- /dev/null
+++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
@@ -0,0 +1,77 @@
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "ingress-nginx.fullname" . }}-admission-patch
+ namespace: {{ .Release.Namespace }}
+ annotations:
+ "helm.sh/hook": post-install,post-upgrade
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+ {{- with .Values.controller.admissionWebhooks.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: admission-webhook
+ {{- with .Values.controller.admissionWebhooks.patch.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+{{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
+ # Alpha feature since k8s 1.12
+ ttlSecondsAfterFinished: 0
+{{- end }}
+ template:
+ metadata:
+ name: {{ include "ingress-nginx.fullname" . }}-admission-patch
+ {{- if .Values.controller.admissionWebhooks.patch.podAnnotations }}
+ annotations: {{ toYaml .Values.controller.admissionWebhooks.patch.podAnnotations | nindent 8 }}
+ {{- end }}
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 8 }}
+ app.kubernetes.io/component: admission-webhook
+ {{- with .Values.controller.admissionWebhooks.patch.labels }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ spec:
+ {{- if .Values.controller.admissionWebhooks.patch.priorityClassName }}
+ priorityClassName: {{ .Values.controller.admissionWebhooks.patch.priorityClassName }}
+ {{- end }}
+ {{- if .Values.imagePullSecrets }}
+ imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
+ {{- end }}
+ containers:
+ - name: patch
+ {{- with .Values.controller.admissionWebhooks.patch.image }}
+ image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}"
+ {{- end }}
+ imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }}
+ args:
+ - patch
+ - --webhook-name={{ include "ingress-nginx.fullname" . }}-admission
+ - --namespace=$(POD_NAMESPACE)
+ - --patch-mutating=false
+ - --secret-name={{ include "ingress-nginx.fullname" . }}-admission
+ - --patch-failure-policy={{ .Values.controller.admissionWebhooks.failurePolicy }}
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ securityContext:
+ allowPrivilegeEscalation: false
+ {{- if .Values.controller.admissionWebhooks.patchWebhookJob.resources }}
+ resources: {{ toYaml .Values.controller.admissionWebhooks.patchWebhookJob.resources | nindent 12 }}
+ {{- end }}
+ restartPolicy: OnFailure
+ serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission
+ {{- if .Values.controller.admissionWebhooks.patch.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.admissionWebhooks.patch.tolerations }}
+ tolerations: {{ toYaml .Values.controller.admissionWebhooks.patch.tolerations | nindent 8 }}
+ {{- end }}
+ securityContext:
+ runAsNonRoot: true
+ runAsUser: {{ .Values.controller.admissionWebhooks.patch.runAsUser }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml
new file mode 100644
index 0000000..70edde3
--- /dev/null
+++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml
@@ -0,0 +1,39 @@
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.podSecurityPolicy.enabled (empty .Values.controller.admissionWebhooks.existingPsp) -}}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ include "ingress-nginx.fullname" . }}-admission
+ annotations:
+ "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: admission-webhook
+ {{- with .Values.controller.admissionWebhooks.patch.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ allowPrivilegeEscalation: false
+ fsGroup:
+ ranges:
+ - max: 65535
+ min: 1
+ rule: MustRunAs
+ requiredDropCapabilities:
+ - ALL
+ runAsUser:
+ rule: MustRunAsNonRoot
+ seLinux:
+ rule: RunAsAny
+ supplementalGroups:
+ ranges:
+ - max: 65535
+ min: 1
+ rule: MustRunAs
+ volumes:
+ - configMap
+ - emptyDir
+ - projected
+ - secret
+ - downwardAPI
+{{- end }}
diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml
new file mode 100644
index 0000000..795bac6
--- /dev/null
+++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml
@@ -0,0 +1,24 @@
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ include "ingress-nginx.fullname" . }}-admission
+ namespace: {{ .Release.Namespace }}
+ annotations:
+ "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: admission-webhook
+ {{- with .Values.controller.admissionWebhooks.patch.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - create
+{{- end }}
diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml
new file mode 100644
index 0000000..698c5c8
--- /dev/null
+++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml
@@ -0,0 +1,24 @@
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ include "ingress-nginx.fullname" . }}-admission
+ namespace: {{ .Release.Namespace }}
+ annotations:
+ "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: admission-webhook
+ {{- with .Values.controller.admissionWebhooks.patch.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ include "ingress-nginx.fullname" . }}-admission
+subjects:
+ - kind: ServiceAccount
+ name: {{ include "ingress-nginx.fullname" . }}-admission
+ namespace: {{ .Release.Namespace | quote }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml
new file mode 100644
index 0000000..eae4751
--- /dev/null
+++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "ingress-nginx.fullname" . }}-admission
+ namespace: {{ .Release.Namespace }}
+ annotations:
+ "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: admission-webhook
+ {{- with .Values.controller.admissionWebhooks.patch.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml b/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
new file mode 100644
index 0000000..8caffcb
--- /dev/null
+++ b/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
@@ -0,0 +1,48 @@
+{{- if .Values.controller.admissionWebhooks.enabled -}}
+# before changing this value, check the required kubernetes version
+# https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+ {{- if .Values.controller.admissionWebhooks.annotations }}
+ annotations: {{ toYaml .Values.controller.admissionWebhooks.annotations | nindent 4 }}
+ {{- end }}
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: admission-webhook
+ {{- with .Values.controller.admissionWebhooks.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ name: {{ include "ingress-nginx.fullname" . }}-admission
+webhooks:
+ - name: validate.nginx.ingress.kubernetes.io
+ matchPolicy: Equivalent
+ rules:
+ - apiGroups:
+ - networking.k8s.io
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - ingresses
+ failurePolicy: {{ .Values.controller.admissionWebhooks.failurePolicy | default "Fail" }}
+ sideEffects: None
+ admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ namespace: {{ .Release.Namespace | quote }}
+ name: {{ include "ingress-nginx.controller.fullname" . }}-admission
+ path: /networking/v1/ingresses
+ {{- if .Values.controller.admissionWebhooks.timeoutSeconds }}
+ timeoutSeconds: {{ .Values.controller.admissionWebhooks.timeoutSeconds }}
+ {{- end }}
+ {{- if .Values.controller.admissionWebhooks.namespaceSelector }}
+ namespaceSelector: {{ toYaml .Values.controller.admissionWebhooks.namespaceSelector | nindent 6 }}
+ {{- end }}
+ {{- if .Values.controller.admissionWebhooks.objectSelector }}
+ objectSelector: {{ toYaml .Values.controller.admissionWebhooks.objectSelector | nindent 6 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/clusterrole.yaml b/charts/ingress-nginx/templates/clusterrole.yaml
new file mode 100644
index 0000000..c093f04
--- /dev/null
+++ b/charts/ingress-nginx/templates/clusterrole.yaml
@@ -0,0 +1,87 @@
+{{- if .Values.rbac.create }}
+
+{{- if and .Values.rbac.scope (not .Values.controller.scope.enabled) -}}
+ {{ required "Invalid configuration: 'rbac.scope' should be equal to 'controller.scope.enabled' (true/false)." (index (dict) ".") }}
+{{- end }}
+
+{{- if not .Values.rbac.scope -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ {{- with .Values.controller.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ name: {{ include "ingress-nginx.fullname" . }}
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ - endpoints
+ - nodes
+ - pods
+ - secrets
+{{- if not .Values.controller.scope.enabled }}
+ - namespaces
+{{- end}}
+ verbs:
+ - list
+ - watch
+{{- if and .Values.controller.scope.enabled .Values.controller.scope.namespace }}
+ - apiGroups:
+ - ""
+ resources:
+ - namespaces
+ resourceNames:
+ - "{{ .Values.controller.scope.namespace }}"
+ verbs:
+ - get
+{{- end }}
+ - apiGroups:
+ - ""
+ resources:
+ - nodes
+ verbs:
+ - get
+ - apiGroups:
+ - ""
+ resources:
+ - services
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - networking.k8s.io
+ resources:
+ - ingresses
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+ - apiGroups:
+ - networking.k8s.io
+ resources:
+ - ingresses/status
+ verbs:
+ - update
+ - apiGroups:
+ - networking.k8s.io
+ resources:
+ - ingressclasses
+ verbs:
+ - get
+ - list
+ - watch
+{{- end }}
+
+{{- end }}
diff --git a/charts/ingress-nginx/templates/clusterrolebinding.yaml b/charts/ingress-nginx/templates/clusterrolebinding.yaml
new file mode 100644
index 0000000..acbbd8b
--- /dev/null
+++ b/charts/ingress-nginx/templates/clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- if and .Values.rbac.create (not .Values.rbac.scope) -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ {{- with .Values.controller.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ name: {{ include "ingress-nginx.fullname" . }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ include "ingress-nginx.fullname" . }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ template "ingress-nginx.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace | quote }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-configmap-addheaders.yaml b/charts/ingress-nginx/templates/controller-configmap-addheaders.yaml
new file mode 100644
index 0000000..dfd49a1
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-configmap-addheaders.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.controller.addHeaders -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ {{- with .Values.controller.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ name: {{ include "ingress-nginx.fullname" . }}-custom-add-headers
+ namespace: {{ .Release.Namespace }}
+data: {{ toYaml .Values.controller.addHeaders | nindent 2 }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-configmap-proxyheaders.yaml b/charts/ingress-nginx/templates/controller-configmap-proxyheaders.yaml
new file mode 100644
index 0000000..f8d15fa
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-configmap-proxyheaders.yaml
@@ -0,0 +1,19 @@
+{{- if or .Values.controller.proxySetHeaders .Values.controller.headers -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ {{- with .Values.controller.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ name: {{ include "ingress-nginx.fullname" . }}-custom-proxy-headers
+ namespace: {{ .Release.Namespace }}
+data:
+{{- if .Values.controller.proxySetHeaders }}
+{{ toYaml .Values.controller.proxySetHeaders | indent 2 }}
+{{ else if and .Values.controller.headers (not .Values.controller.proxySetHeaders) }}
+{{ toYaml .Values.controller.headers | indent 2 }}
+{{- end }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-configmap-tcp.yaml b/charts/ingress-nginx/templates/controller-configmap-tcp.yaml
new file mode 100644
index 0000000..0f6088e
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-configmap-tcp.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.tcp -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ {{- with .Values.controller.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- if .Values.controller.tcp.annotations }}
+ annotations: {{ toYaml .Values.controller.tcp.annotations | nindent 4 }}
+{{- end }}
+ name: {{ include "ingress-nginx.fullname" . }}-tcp
+ namespace: {{ .Release.Namespace }}
+data: {{ tpl (toYaml .Values.tcp) . | nindent 2 }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-configmap-udp.yaml b/charts/ingress-nginx/templates/controller-configmap-udp.yaml
new file mode 100644
index 0000000..3772ec5
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-configmap-udp.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.udp -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ {{- with .Values.controller.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- if .Values.controller.udp.annotations }}
+ annotations: {{ toYaml .Values.controller.udp.annotations | nindent 4 }}
+{{- end }}
+ name: {{ include "ingress-nginx.fullname" . }}-udp
+ namespace: {{ .Release.Namespace }}
+data: {{ tpl (toYaml .Values.udp) . | nindent 2 }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-configmap.yaml b/charts/ingress-nginx/templates/controller-configmap.yaml
new file mode 100644
index 0000000..f28b26e
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-configmap.yaml
@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ {{- with .Values.controller.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- if .Values.controller.configAnnotations }}
+ annotations: {{ toYaml .Values.controller.configAnnotations | nindent 4 }}
+{{- end }}
+ name: {{ include "ingress-nginx.controller.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+data:
+ allow-snippet-annotations: "{{ .Values.controller.allowSnippetAnnotations }}"
+{{- if .Values.controller.addHeaders }}
+ add-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-add-headers
+{{- end }}
+{{- if or .Values.controller.proxySetHeaders .Values.controller.headers }}
+ proxy-set-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-proxy-headers
+{{- end }}
+{{- if .Values.dhParam }}
+ ssl-dh-param: {{ printf "%s/%s" .Release.Namespace (include "ingress-nginx.controller.fullname" .) }}
+{{- end }}
+{{- range $key, $value := .Values.controller.config }}
+ {{- $key | nindent 2 }}: {{ $value | quote }}
+{{- end }}
+
diff --git a/charts/ingress-nginx/templates/controller-daemonset.yaml b/charts/ingress-nginx/templates/controller-daemonset.yaml
new file mode 100644
index 0000000..72811fb
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-daemonset.yaml
@@ -0,0 +1,227 @@
+{{- if or (eq .Values.controller.kind "DaemonSet") (eq .Values.controller.kind "Both") -}}
+{{- include "isControllerTagValid" . -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ {{- with .Values.controller.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ name: {{ include "ingress-nginx.controller.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ {{- if .Values.controller.annotations }}
+ annotations: {{ toYaml .Values.controller.annotations | nindent 4 }}
+ {{- end }}
+spec:
+ selector:
+ matchLabels:
+ {{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
+ app.kubernetes.io/component: controller
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+ {{- if .Values.controller.updateStrategy }}
+ updateStrategy: {{ toYaml .Values.controller.updateStrategy | nindent 4 }}
+ {{- end }}
+ minReadySeconds: {{ .Values.controller.minReadySeconds }}
+ template:
+ metadata:
+ {{- if .Values.controller.podAnnotations }}
+ annotations:
+ {{- range $key, $value := .Values.controller.podAnnotations }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ {{- end }}
+ labels:
+ {{- include "ingress-nginx.selectorLabels" . | nindent 8 }}
+ app.kubernetes.io/component: controller
+ {{- with .Values.controller.labels }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.podLabels }}
+ {{- toYaml .Values.controller.podLabels | nindent 8 }}
+ {{- end }}
+ spec:
+ {{- if .Values.controller.dnsConfig }}
+ dnsConfig: {{ toYaml .Values.controller.dnsConfig | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.hostname }}
+ hostname: {{ toYaml .Values.controller.hostname | nindent 8 }}
+ {{- end }}
+ dnsPolicy: {{ .Values.controller.dnsPolicy }}
+ {{- if .Values.imagePullSecrets }}
+ imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.priorityClassName }}
+ priorityClassName: {{ .Values.controller.priorityClassName }}
+ {{- end }}
+ {{- if or .Values.controller.podSecurityContext .Values.controller.sysctls }}
+ securityContext:
+ {{- end }}
+ {{- if .Values.controller.podSecurityContext }}
+ {{- toYaml .Values.controller.podSecurityContext | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.sysctls }}
+ sysctls:
+ {{- range $sysctl, $value := .Values.controller.sysctls }}
+ - name: {{ $sysctl | quote }}
+ value: {{ $value | quote }}
+ {{- end }}
+ {{- end }}
+ containers:
+ - name: {{ .Values.controller.containerName }}
+ {{- with .Values.controller.image }}
+ image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}"
+ {{- end }}
+ imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
+ {{- if .Values.controller.lifecycle }}
+ lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }}
+ {{- end }}
+ args:
+ {{- include "ingress-nginx.params" . | nindent 12 }}
+ securityContext:
+ capabilities:
+ drop:
+ - ALL
+ add:
+ - NET_BIND_SERVICE
+ runAsUser: {{ .Values.controller.image.runAsUser }}
+ allowPrivilegeEscalation: {{ .Values.controller.image.allowPrivilegeEscalation }}
+ env:
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ {{- if .Values.controller.enableMimalloc }}
+ - name: LD_PRELOAD
+ value: /usr/local/lib/libmimalloc.so
+ {{- end }}
+ {{- if .Values.controller.extraEnvs }}
+ {{- toYaml .Values.controller.extraEnvs | nindent 12 }}
+ {{- end }}
+ {{- if .Values.controller.startupProbe }}
+ startupProbe: {{ toYaml .Values.controller.startupProbe | nindent 12 }}
+ {{- end }}
+ livenessProbe: {{ toYaml .Values.controller.livenessProbe | nindent 12 }}
+ readinessProbe: {{ toYaml .Values.controller.readinessProbe | nindent 12 }}
+ ports:
+ {{- range $key, $value := .Values.controller.containerPort }}
+ - name: {{ $key }}
+ containerPort: {{ $value }}
+ protocol: TCP
+ {{- if $.Values.controller.hostPort.enabled }}
+ hostPort: {{ index $.Values.controller.hostPort.ports $key | default $value }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.controller.metrics.enabled }}
+ - name: metrics
+ containerPort: {{ .Values.controller.metrics.port }}
+ protocol: TCP
+ {{- end }}
+ {{- if .Values.controller.admissionWebhooks.enabled }}
+ - name: webhook
+ containerPort: {{ .Values.controller.admissionWebhooks.port }}
+ protocol: TCP
+ {{- end }}
+ {{- range $key, $value := .Values.tcp }}
+ - name: {{ $key }}-tcp
+ containerPort: {{ $key }}
+ protocol: TCP
+ {{- if $.Values.controller.hostPort.enabled }}
+ hostPort: {{ $key }}
+ {{- end }}
+ {{- end }}
+ {{- range $key, $value := .Values.udp }}
+ - name: {{ $key }}-udp
+ containerPort: {{ $key }}
+ protocol: UDP
+ {{- if $.Values.controller.hostPort.enabled }}
+ hostPort: {{ $key }}
+ {{- end }}
+ {{- end }}
+ {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraModules) }}
+ volumeMounts:
+ {{- if .Values.controller.extraModules }}
+ - name: modules
+ mountPath: /modules_mount
+ {{- end }}
+ {{- if .Values.controller.customTemplate.configMapName }}
+ - mountPath: /etc/nginx/template
+ name: nginx-template-volume
+ readOnly: true
+ {{- end }}
+ {{- if .Values.controller.admissionWebhooks.enabled }}
+ - name: webhook-cert
+ mountPath: /usr/local/certificates/
+ readOnly: true
+ {{- end }}
+ {{- if .Values.controller.extraVolumeMounts }}
+ {{- toYaml .Values.controller.extraVolumeMounts | nindent 12 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.controller.resources }}
+ resources: {{ toYaml .Values.controller.resources | nindent 12 }}
+ {{- end }}
+ {{- if .Values.controller.extraContainers }}
+ {{ toYaml .Values.controller.extraContainers | nindent 8 }}
+ {{- end }}
+
+
+ {{- if (or .Values.controller.extraInitContainers .Values.controller.extraModules) }}
+ initContainers:
+ {{- if .Values.controller.extraInitContainers }}
+ {{ toYaml .Values.controller.extraInitContainers | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.extraModules }}
+ {{- range .Values.controller.extraModules }}
+ - name: {{ .Name }}
+ image: {{ .Image }}
+ command: ['sh', '-c', '/usr/local/bin/init_module.sh']
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.controller.hostNetwork }}
+ hostNetwork: {{ .Values.controller.hostNetwork }}
+ {{- end }}
+ {{- if .Values.controller.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.controller.nodeSelector | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.tolerations }}
+ tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.affinity }}
+ affinity: {{ toYaml .Values.controller.affinity | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.topologySpreadConstraints }}
+ topologySpreadConstraints: {{ toYaml .Values.controller.topologySpreadConstraints | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }}
+ terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
+ {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes .Values.controller.extraModules) }}
+ volumes:
+ {{- if .Values.controller.extraModules }}
+ - name: modules
+ emptyDir: {}
+ {{- end }}
+ {{- if .Values.controller.customTemplate.configMapName }}
+ - name: nginx-template-volume
+ configMap:
+ name: {{ .Values.controller.customTemplate.configMapName }}
+ items:
+ - key: {{ .Values.controller.customTemplate.configMapKey }}
+ path: nginx.tmpl
+ {{- end }}
+ {{- if .Values.controller.admissionWebhooks.enabled }}
+ - name: webhook-cert
+ secret:
+ secretName: {{ include "ingress-nginx.fullname" . }}-admission
+ {{- end }}
+ {{- if .Values.controller.extraVolumes }}
+ {{ toYaml .Values.controller.extraVolumes | nindent 8 }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-deployment.yaml b/charts/ingress-nginx/templates/controller-deployment.yaml
new file mode 100644
index 0000000..a1943cd
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-deployment.yaml
@@ -0,0 +1,225 @@
+{{- if or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both") -}}
+{{- include "isControllerTagValid" . -}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ {{- with .Values.controller.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ name: {{ include "ingress-nginx.controller.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ {{- if .Values.controller.annotations }}
+ annotations: {{ toYaml .Values.controller.annotations | nindent 4 }}
+ {{- end }}
+spec:
+ selector:
+ matchLabels:
+ {{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
+ app.kubernetes.io/component: controller
+ {{- if not .Values.controller.autoscaling.enabled }}
+ replicas: {{ .Values.controller.replicaCount }}
+ {{- end }}
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+ {{- if .Values.controller.updateStrategy }}
+ strategy:
+ {{ toYaml .Values.controller.updateStrategy | nindent 4 }}
+ {{- end }}
+ minReadySeconds: {{ .Values.controller.minReadySeconds }}
+ template:
+ metadata:
+ {{- if .Values.controller.podAnnotations }}
+ annotations:
+ {{- range $key, $value := .Values.controller.podAnnotations }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ {{- end }}
+ labels:
+ {{- include "ingress-nginx.selectorLabels" . | nindent 8 }}
+ app.kubernetes.io/component: controller
+ {{- with .Values.controller.labels }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.podLabels }}
+ {{- toYaml .Values.controller.podLabels | nindent 8 }}
+ {{- end }}
+ spec:
+ {{- if .Values.controller.dnsConfig }}
+ dnsConfig: {{ toYaml .Values.controller.dnsConfig | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.hostname }}
+ hostname: {{ toYaml .Values.controller.hostname | nindent 8 }}
+ {{- end }}
+ dnsPolicy: {{ .Values.controller.dnsPolicy }}
+ {{- if .Values.imagePullSecrets }}
+ imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.priorityClassName }}
+ priorityClassName: {{ .Values.controller.priorityClassName | quote }}
+ {{- end }}
+ {{- if or .Values.controller.podSecurityContext .Values.controller.sysctls }}
+ securityContext:
+ {{- end }}
+ {{- if .Values.controller.podSecurityContext }}
+ {{- toYaml .Values.controller.podSecurityContext | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.sysctls }}
+ sysctls:
+ {{- range $sysctl, $value := .Values.controller.sysctls }}
+ - name: {{ $sysctl | quote }}
+ value: {{ $value | quote }}
+ {{- end }}
+ {{- end }}
+ containers:
+ - name: {{ .Values.controller.containerName }}
+ {{- with .Values.controller.image }}
+ image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}"
+ {{- end }}
+ imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
+ {{- if .Values.controller.lifecycle }}
+ lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }}
+ {{- end }}
+ args:
+ {{- include "ingress-nginx.params" . | nindent 12 }}
+ securityContext: {{ include "controller.containerSecurityContext" . | nindent 12 }}
+ env:
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ {{- if .Values.controller.enableMimalloc }}
+ - name: LD_PRELOAD
+ value: /usr/local/lib/libmimalloc.so
+ {{- end }}
+ {{- if .Values.controller.extraEnvs }}
+ {{- toYaml .Values.controller.extraEnvs | nindent 12 }}
+ {{- end }}
+ {{- if .Values.controller.startupProbe }}
+ startupProbe: {{ toYaml .Values.controller.startupProbe | nindent 12 }}
+ {{- end }}
+ livenessProbe: {{ toYaml .Values.controller.livenessProbe | nindent 12 }}
+ readinessProbe: {{ toYaml .Values.controller.readinessProbe | nindent 12 }}
+ ports:
+ {{- range $key, $value := .Values.controller.containerPort }}
+ - name: {{ $key }}
+ containerPort: {{ $value }}
+ protocol: TCP
+ {{- if $.Values.controller.hostPort.enabled }}
+ hostPort: {{ index $.Values.controller.hostPort.ports $key | default $value }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.controller.metrics.enabled }}
+ - name: metrics
+ containerPort: {{ .Values.controller.metrics.port }}
+ protocol: TCP
+ {{- end }}
+ {{- if .Values.controller.admissionWebhooks.enabled }}
+ - name: webhook
+ containerPort: {{ .Values.controller.admissionWebhooks.port }}
+ protocol: TCP
+ {{- end }}
+ {{- range $key, $value := .Values.tcp }}
+ - name: {{ $key }}-tcp
+ containerPort: {{ $key }}
+ protocol: TCP
+ {{- if $.Values.controller.hostPort.enabled }}
+ hostPort: {{ $key }}
+ {{- end }}
+ {{- end }}
+ {{- range $key, $value := .Values.udp }}
+ - name: {{ $key }}-udp
+ containerPort: {{ $key }}
+ protocol: UDP
+ {{- if $.Values.controller.hostPort.enabled }}
+ hostPort: {{ $key }}
+ {{- end }}
+ {{- end }}
+ {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraModules) }}
+ volumeMounts:
+ {{- if .Values.controller.extraModules }}
+ - name: modules
+ mountPath: /modules_mount
+ {{- end }}
+ {{- if .Values.controller.customTemplate.configMapName }}
+ - mountPath: /etc/nginx/template
+ name: nginx-template-volume
+ readOnly: true
+ {{- end }}
+ {{- if .Values.controller.admissionWebhooks.enabled }}
+ - name: webhook-cert
+ mountPath: /usr/local/certificates/
+ readOnly: true
+ {{- end }}
+ {{- if .Values.controller.extraVolumeMounts }}
+ {{- toYaml .Values.controller.extraVolumeMounts | nindent 12 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.controller.resources }}
+ resources: {{ toYaml .Values.controller.resources | nindent 12 }}
+ {{- end }}
+ {{- if .Values.controller.extraContainers }}
+ {{ toYaml .Values.controller.extraContainers | nindent 8 }}
+ {{- end }}
+ {{- if (or .Values.controller.extraInitContainers .Values.controller.extraModules) }}
+ initContainers:
+ {{- if .Values.controller.extraInitContainers }}
+ {{ toYaml .Values.controller.extraInitContainers | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.extraModules }}
+ {{- range .Values.controller.extraModules }}
+ - name: {{ .name }}
+ image: {{ .image }}
+ command: ['sh', '-c', '/usr/local/bin/init_module.sh']
+ volumeMounts:
+ - name: modules
+ mountPath: /modules_mount
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.controller.hostNetwork }}
+ hostNetwork: {{ .Values.controller.hostNetwork }}
+ {{- end }}
+ {{- if .Values.controller.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.controller.nodeSelector | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.tolerations }}
+ tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.affinity }}
+ affinity: {{ toYaml .Values.controller.affinity | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.topologySpreadConstraints }}
+ topologySpreadConstraints: {{ toYaml .Values.controller.topologySpreadConstraints | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }}
+ terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
+ {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes .Values.controller.extraModules) }}
+ volumes:
+ {{- if .Values.controller.extraModules }}
+ - name: modules
+ emptyDir: {}
+ {{- end }}
+ {{- if .Values.controller.customTemplate.configMapName }}
+ - name: nginx-template-volume
+ configMap:
+ name: {{ .Values.controller.customTemplate.configMapName }}
+ items:
+ - key: {{ .Values.controller.customTemplate.configMapKey }}
+ path: nginx.tmpl
+ {{- end }}
+ {{- if .Values.controller.admissionWebhooks.enabled }}
+ - name: webhook-cert
+ secret:
+ secretName: {{ include "ingress-nginx.fullname" . }}-admission
+ {{- end }}
+ {{- if .Values.controller.extraVolumes }}
+ {{ toYaml .Values.controller.extraVolumes | nindent 8 }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-hpa.yaml b/charts/ingress-nginx/templates/controller-hpa.yaml
new file mode 100644
index 0000000..e0979f1
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-hpa.yaml
@@ -0,0 +1,52 @@
+{{- if and .Values.controller.autoscaling.enabled (or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both")) -}}
+{{- if not .Values.controller.keda.enabled }}
+
+apiVersion: autoscaling/v2beta2
+kind: HorizontalPodAutoscaler
+metadata:
+ annotations:
+ {{- with .Values.controller.autoscaling.annotations }}
+ {{- toYaml . | trimSuffix "\n" | nindent 4 }}
+ {{- end }}
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ {{- with .Values.controller.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ name: {{ include "ingress-nginx.controller.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+spec:
+ scaleTargetRef:
+ apiVersion: apps/v1
+ kind: Deployment
+ name: {{ include "ingress-nginx.controller.fullname" . }}
+ minReplicas: {{ .Values.controller.autoscaling.minReplicas }}
+ maxReplicas: {{ .Values.controller.autoscaling.maxReplicas }}
+ metrics:
+ {{- with .Values.controller.autoscaling.targetMemoryUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: memory
+ target:
+ type: Utilization
+ averageUtilization: {{ . }}
+ {{- end }}
+ {{- with .Values.controller.autoscaling.targetCPUUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: cpu
+ target:
+ type: Utilization
+ averageUtilization: {{ . }}
+ {{- end }}
+ {{- with .Values.controller.autoscalingTemplate }}
+ {{- toYaml . | nindent 2 }}
+ {{- end }}
+ {{- with .Values.controller.autoscaling.behavior }}
+ behavior:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end }}
+{{- end }}
+
diff --git a/charts/ingress-nginx/templates/controller-ingressclass.yaml b/charts/ingress-nginx/templates/controller-ingressclass.yaml
new file mode 100644
index 0000000..9492784
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-ingressclass.yaml
@@ -0,0 +1,21 @@
+{{- if .Values.controller.ingressClassResource.enabled -}}
+# We don't support namespaced ingressClass yet
+# So a ClusterRole and a ClusterRoleBinding is required
+apiVersion: networking.k8s.io/v1
+kind: IngressClass
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ {{- with .Values.controller.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ name: {{ .Values.controller.ingressClassResource.name }}
+{{- if .Values.controller.ingressClassResource.default }}
+ annotations:
+ ingressclass.kubernetes.io/is-default-class: "true"
+{{- end }}
+spec:
+ controller: {{ .Values.controller.ingressClassResource.controllerValue }}
+ {{ template "ingressClass.parameters" . }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-keda.yaml b/charts/ingress-nginx/templates/controller-keda.yaml
new file mode 100644
index 0000000..875157e
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-keda.yaml
@@ -0,0 +1,42 @@
+{{- if and .Values.controller.keda.enabled (or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both")) -}}
+# https://keda.sh/docs/
+
+apiVersion: {{ .Values.controller.keda.apiVersion }}
+kind: ScaledObject
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ {{- with .Values.controller.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ name: {{ include "ingress-nginx.controller.fullname" . }}
+ {{- if .Values.controller.keda.scaledObject.annotations }}
+ annotations: {{ toYaml .Values.controller.keda.scaledObject.annotations | nindent 4 }}
+ {{- end }}
+spec:
+ scaleTargetRef:
+{{- if eq .Values.controller.keda.apiVersion "keda.k8s.io/v1alpha1" }}
+ deploymentName: {{ include "ingress-nginx.controller.fullname" . }}
+{{- else if eq .Values.controller.keda.apiVersion "keda.sh/v1alpha1" }}
+ name: {{ include "ingress-nginx.controller.fullname" . }}
+{{- end }}
+ pollingInterval: {{ .Values.controller.keda.pollingInterval }}
+ cooldownPeriod: {{ .Values.controller.keda.cooldownPeriod }}
+ minReplicaCount: {{ .Values.controller.keda.minReplicas }}
+ maxReplicaCount: {{ .Values.controller.keda.maxReplicas }}
+ triggers:
+{{- with .Values.controller.keda.triggers }}
+{{ toYaml . | indent 2 }}
+{{ end }}
+ advanced:
+ restoreToOriginalReplicaCount: {{ .Values.controller.keda.restoreToOriginalReplicaCount }}
+{{- if .Values.controller.keda.behavior }}
+ horizontalPodAutoscalerConfig:
+ behavior:
+{{ with .Values.controller.keda.behavior -}}
+{{ toYaml . | indent 8 }}
+{{ end }}
+
+{{- end }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml b/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml
new file mode 100644
index 0000000..8dfbe98
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml
@@ -0,0 +1,19 @@
+{{- if or (and .Values.controller.autoscaling.enabled (gt (.Values.controller.autoscaling.minReplicas | int) 1)) (and (not .Values.controller.autoscaling.enabled) (gt (.Values.controller.replicaCount | int) 1)) }}
+apiVersion: {{ ternary "policy/v1" "policy/v1beta1" (semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version) }}
+kind: PodDisruptionBudget
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ {{- with .Values.controller.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ name: {{ include "ingress-nginx.controller.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+spec:
+ selector:
+ matchLabels:
+ {{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
+ app.kubernetes.io/component: controller
+ minAvailable: {{ .Values.controller.minAvailable }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-prometheusrules.yaml b/charts/ingress-nginx/templates/controller-prometheusrules.yaml
new file mode 100644
index 0000000..ca54275
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-prometheusrules.yaml
@@ -0,0 +1,21 @@
+{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.prometheusRule.enabled -}}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ include "ingress-nginx.controller.fullname" . }}
+{{- if .Values.controller.metrics.prometheusRule.namespace }}
+ namespace: {{ .Values.controller.metrics.prometheusRule.namespace | quote }}
+{{- end }}
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ {{- if .Values.controller.metrics.prometheusRule.additionalLabels }}
+ {{- toYaml .Values.controller.metrics.prometheusRule.additionalLabels | nindent 4 }}
+ {{- end }}
+spec:
+{{- if .Values.controller.metrics.prometheusRule.rules }}
+ groups:
+ - name: {{ template "ingress-nginx.name" . }}
+ rules: {{- toYaml .Values.controller.metrics.prometheusRule.rules | nindent 4 }}
+{{- end }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-psp.yaml b/charts/ingress-nginx/templates/controller-psp.yaml
new file mode 100644
index 0000000..a859594
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-psp.yaml
@@ -0,0 +1,89 @@
+{{- if and .Values.podSecurityPolicy.enabled (empty .Values.controller.existingPsp) -}}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ include "ingress-nginx.fullname" . }}
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ {{- with .Values.controller.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ allowedCapabilities:
+ - NET_BIND_SERVICE
+{{- if .Values.controller.sysctls }}
+ allowedUnsafeSysctls:
+ {{- range $sysctl, $value := .Values.controller.sysctls }}
+ - {{ $sysctl }}
+ {{- end }}
+{{- end }}
+ privileged: false
+ allowPrivilegeEscalation: true
+ # Allow core volume types.
+ volumes:
+ - 'configMap'
+ - 'emptyDir'
+ #- 'projected'
+ - 'secret'
+ #- 'downwardAPI'
+{{- if .Values.controller.hostNetwork }}
+ hostNetwork: {{ .Values.controller.hostNetwork }}
+{{- end }}
+{{- if or .Values.controller.hostNetwork .Values.controller.hostPort.enabled }}
+ hostPorts:
+{{- if .Values.controller.hostNetwork }}
+{{- range $key, $value := .Values.controller.containerPort }}
+ # {{ $key }}
+ - min: {{ $value }}
+ max: {{ $value }}
+{{- end }}
+{{- else if .Values.controller.hostPort.enabled }}
+{{- range $key, $value := .Values.controller.hostPort.ports }}
+ # {{ $key }}
+ - min: {{ $value }}
+ max: {{ $value }}
+{{- end }}
+{{- end }}
+{{- if .Values.controller.metrics.enabled }}
+ # metrics
+ - min: {{ .Values.controller.metrics.port }}
+ max: {{ .Values.controller.metrics.port }}
+{{- end }}
+{{- if .Values.controller.admissionWebhooks.enabled }}
+ # admission webhooks
+ - min: {{ .Values.controller.admissionWebhooks.port }}
+ max: {{ .Values.controller.admissionWebhooks.port }}
+{{- end }}
+{{- range $key, $value := .Values.tcp }}
+ # {{ $key }}-tcp
+ - min: {{ $key }}
+ max: {{ $key }}
+{{- end }}
+{{- range $key, $value := .Values.udp }}
+ # {{ $key }}-udp
+ - min: {{ $key }}
+ max: {{ $key }}
+{{- end }}
+{{- end }}
+ hostIPC: false
+ hostPID: false
+ runAsUser:
+ # Require the container to run without root privileges.
+ rule: 'MustRunAsNonRoot'
+ supplementalGroups:
+ rule: 'MustRunAs'
+ ranges:
+ # Forbid adding the root group.
+ - min: 1
+ max: 65535
+ fsGroup:
+ rule: 'MustRunAs'
+ ranges:
+ # Forbid adding the root group.
+ - min: 1
+ max: 65535
+ readOnlyRootFilesystem: false
+ seLinux:
+ rule: 'RunAsAny'
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-role.yaml b/charts/ingress-nginx/templates/controller-role.yaml
new file mode 100644
index 0000000..47bbc32
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-role.yaml
@@ -0,0 +1,93 @@
+{{- if .Values.rbac.create -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ {{- with .Values.controller.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ name: {{ include "ingress-nginx.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - namespaces
+ verbs:
+ - get
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ - pods
+ - secrets
+ - endpoints
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - services
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - networking.k8s.io
+ resources:
+ - ingresses
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - networking.k8s.io
+ resources:
+ - ingresses/status
+ verbs:
+ - update
+ - apiGroups:
+ - networking.k8s.io
+ resources:
+ - ingressclasses
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ resourceNames:
+ - {{ .Values.controller.electionID }}
+ verbs:
+ - get
+ - update
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - create
+ - apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+{{- if .Values.podSecurityPolicy.enabled }}
+ - apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}]
+ resources: ['podsecuritypolicies']
+ verbs: ['use']
+ {{- with .Values.controller.existingPsp }}
+ resourceNames: [{{ . }}]
+ {{- else }}
+ resourceNames: [{{ include "ingress-nginx.fullname" . }}]
+ {{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-rolebinding.yaml b/charts/ingress-nginx/templates/controller-rolebinding.yaml
new file mode 100644
index 0000000..e846a11
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- if .Values.rbac.create -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ {{- with .Values.controller.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ name: {{ include "ingress-nginx.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ include "ingress-nginx.fullname" . }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ template "ingress-nginx.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace | quote }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-service-internal.yaml b/charts/ingress-nginx/templates/controller-service-internal.yaml
new file mode 100644
index 0000000..5994498
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-service-internal.yaml
@@ -0,0 +1,79 @@
+{{- if and .Values.controller.service.enabled .Values.controller.service.internal.enabled .Values.controller.service.internal.annotations}}
+apiVersion: v1
+kind: Service
+metadata:
+ annotations:
+ {{- range $key, $value := .Values.controller.service.internal.annotations }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ {{- if .Values.controller.service.labels }}
+ {{- toYaml .Values.controller.service.labels | nindent 4 }}
+ {{- end }}
+ name: {{ include "ingress-nginx.controller.fullname" . }}-internal
+ namespace: {{ .Release.Namespace }}
+spec:
+ type: "{{ .Values.controller.service.type }}"
+{{- if .Values.controller.service.internal.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.controller.service.internal.loadBalancerIP }}
+{{- end }}
+{{- if .Values.controller.service.internal.loadBalancerSourceRanges }}
+ loadBalancerSourceRanges: {{ toYaml .Values.controller.service.internal.loadBalancerSourceRanges | nindent 4 }}
+{{- end }}
+{{- if .Values.controller.service.internal.externalTrafficPolicy }}
+ externalTrafficPolicy: {{ .Values.controller.service.internal.externalTrafficPolicy }}
+{{- end }}
+ ports:
+ {{- $setNodePorts := (or (eq .Values.controller.service.type "NodePort") (eq .Values.controller.service.type "LoadBalancer")) }}
+ {{- if .Values.controller.service.enableHttp }}
+ - name: http
+ port: {{ .Values.controller.service.ports.http }}
+ protocol: TCP
+ targetPort: {{ .Values.controller.service.targetPorts.http }}
+ {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }}
+ appProtocol: http
+ {{- end }}
+ {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.http))) }}
+ nodePort: {{ .Values.controller.service.nodePorts.http }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.controller.service.enableHttps }}
+ - name: https
+ port: {{ .Values.controller.service.ports.https }}
+ protocol: TCP
+ targetPort: {{ .Values.controller.service.targetPorts.https }}
+ {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }}
+ appProtocol: https
+ {{- end }}
+ {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.https))) }}
+ nodePort: {{ .Values.controller.service.nodePorts.https }}
+ {{- end }}
+ {{- end }}
+ {{- range $key, $value := .Values.tcp }}
+ - name: {{ $key }}-tcp
+ port: {{ $key }}
+ protocol: TCP
+ targetPort: {{ $key }}-tcp
+ {{- if $.Values.controller.service.nodePorts.tcp }}
+ {{- if index $.Values.controller.service.nodePorts.tcp $key }}
+ nodePort: {{ index $.Values.controller.service.nodePorts.tcp $key }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- range $key, $value := .Values.udp }}
+ - name: {{ $key }}-udp
+ port: {{ $key }}
+ protocol: UDP
+ targetPort: {{ $key }}-udp
+ {{- if $.Values.controller.service.nodePorts.udp }}
+ {{- if index $.Values.controller.service.nodePorts.udp $key }}
+ nodePort: {{ index $.Values.controller.service.nodePorts.udp $key }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ selector:
+ {{- include "ingress-nginx.selectorLabels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-service-metrics.yaml b/charts/ingress-nginx/templates/controller-service-metrics.yaml
new file mode 100644
index 0000000..0aaf414
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-service-metrics.yaml
@@ -0,0 +1,45 @@
+{{- if .Values.controller.metrics.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+{{- if .Values.controller.metrics.service.annotations }}
+ annotations: {{ toYaml .Values.controller.metrics.service.annotations | nindent 4 }}
+{{- end }}
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ {{- if .Values.controller.metrics.service.labels }}
+ {{- toYaml .Values.controller.metrics.service.labels | nindent 4 }}
+ {{- end }}
+ name: {{ include "ingress-nginx.controller.fullname" . }}-metrics
+ namespace: {{ .Release.Namespace }}
+spec:
+ type: {{ .Values.controller.metrics.service.type }}
+{{- if .Values.controller.metrics.service.clusterIP }}
+ clusterIP: {{ .Values.controller.metrics.service.clusterIP }}
+{{- end }}
+{{- if .Values.controller.metrics.service.externalIPs }}
+ externalIPs: {{ toYaml .Values.controller.metrics.service.externalIPs | nindent 4 }}
+{{- end }}
+{{- if .Values.controller.metrics.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.controller.metrics.service.loadBalancerIP }}
+{{- end }}
+{{- if .Values.controller.metrics.service.loadBalancerSourceRanges }}
+ loadBalancerSourceRanges: {{ toYaml .Values.controller.metrics.service.loadBalancerSourceRanges | nindent 4 }}
+{{- end }}
+{{- if .Values.controller.metrics.service.externalTrafficPolicy }}
+ externalTrafficPolicy: {{ .Values.controller.metrics.service.externalTrafficPolicy }}
+{{- end }}
+ ports:
+ - name: metrics
+ port: {{ .Values.controller.metrics.service.servicePort }}
+ protocol: TCP
+ targetPort: metrics
+ {{- $setNodePorts := (or (eq .Values.controller.metrics.service.type "NodePort") (eq .Values.controller.metrics.service.type "LoadBalancer")) }}
+ {{- if (and $setNodePorts (not (empty .Values.controller.metrics.service.nodePort))) }}
+ nodePort: {{ .Values.controller.metrics.service.nodePort }}
+ {{- end }}
+ selector:
+ {{- include "ingress-nginx.selectorLabels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-service-webhook.yaml b/charts/ingress-nginx/templates/controller-service-webhook.yaml
new file mode 100644
index 0000000..2aae24f
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-service-webhook.yaml
@@ -0,0 +1,40 @@
+{{- if .Values.controller.admissionWebhooks.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+{{- if .Values.controller.admissionWebhooks.service.annotations }}
+ annotations: {{ toYaml .Values.controller.admissionWebhooks.service.annotations | nindent 4 }}
+{{- end }}
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ {{- with .Values.controller.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ name: {{ include "ingress-nginx.controller.fullname" . }}-admission
+ namespace: {{ .Release.Namespace }}
+spec:
+ type: {{ .Values.controller.admissionWebhooks.service.type }}
+{{- if .Values.controller.admissionWebhooks.service.clusterIP }}
+ clusterIP: {{ .Values.controller.admissionWebhooks.service.clusterIP }}
+{{- end }}
+{{- if .Values.controller.admissionWebhooks.service.externalIPs }}
+ externalIPs: {{ toYaml .Values.controller.admissionWebhooks.service.externalIPs | nindent 4 }}
+{{- end }}
+{{- if .Values.controller.admissionWebhooks.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.controller.admissionWebhooks.service.loadBalancerIP }}
+{{- end }}
+{{- if .Values.controller.admissionWebhooks.service.loadBalancerSourceRanges }}
+ loadBalancerSourceRanges: {{ toYaml .Values.controller.admissionWebhooks.service.loadBalancerSourceRanges | nindent 4 }}
+{{- end }}
+ ports:
+ - name: https-webhook
+ port: 443
+ targetPort: webhook
+ {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }}
+ appProtocol: https
+ {{- end }}
+ selector:
+ {{- include "ingress-nginx.selectorLabels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-service.yaml b/charts/ingress-nginx/templates/controller-service.yaml
new file mode 100644
index 0000000..05fb204
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-service.yaml
@@ -0,0 +1,101 @@
+{{- if and .Values.controller.service.enabled .Values.controller.service.external.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+ annotations:
+ {{- range $key, $value := .Values.controller.service.annotations }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ {{- if .Values.controller.service.labels }}
+ {{- toYaml .Values.controller.service.labels | nindent 4 }}
+ {{- end }}
+ name: {{ include "ingress-nginx.controller.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+spec:
+ type: {{ .Values.controller.service.type }}
+{{- if .Values.controller.service.clusterIP }}
+ clusterIP: {{ .Values.controller.service.clusterIP }}
+{{- end }}
+{{- if .Values.controller.service.externalIPs }}
+ externalIPs: {{ toYaml .Values.controller.service.externalIPs | nindent 4 }}
+{{- end }}
+{{- if .Values.controller.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.controller.service.loadBalancerIP }}
+{{- end }}
+{{- if .Values.controller.service.loadBalancerSourceRanges }}
+ loadBalancerSourceRanges: {{ toYaml .Values.controller.service.loadBalancerSourceRanges | nindent 4 }}
+{{- end }}
+{{- if .Values.controller.service.externalTrafficPolicy }}
+ externalTrafficPolicy: {{ .Values.controller.service.externalTrafficPolicy }}
+{{- end }}
+{{- if .Values.controller.service.sessionAffinity }}
+ sessionAffinity: {{ .Values.controller.service.sessionAffinity }}
+{{- end }}
+{{- if .Values.controller.service.healthCheckNodePort }}
+ healthCheckNodePort: {{ .Values.controller.service.healthCheckNodePort }}
+{{- end }}
+{{- if semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version -}}
+{{- if .Values.controller.service.ipFamilyPolicy }}
+ ipFamilyPolicy: {{ .Values.controller.service.ipFamilyPolicy }}
+{{- end }}
+{{- end }}
+{{- if semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version -}}
+{{- if .Values.controller.service.ipFamilies }}
+ ipFamilies: {{ toYaml .Values.controller.service.ipFamilies | nindent 4 }}
+{{- end }}
+{{- end }}
+ ports:
+ {{- $setNodePorts := (or (eq .Values.controller.service.type "NodePort") (eq .Values.controller.service.type "LoadBalancer")) }}
+ {{- if .Values.controller.service.enableHttp }}
+ - name: http
+ port: {{ .Values.controller.service.ports.http }}
+ protocol: TCP
+ targetPort: {{ .Values.controller.service.targetPorts.http }}
+ {{- if and (semverCompare ">=1.20" .Capabilities.KubeVersion.Version) (.Values.controller.service.appProtocol) }}
+ appProtocol: http
+ {{- end }}
+ {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.http))) }}
+ nodePort: {{ .Values.controller.service.nodePorts.http }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.controller.service.enableHttps }}
+ - name: https
+ port: {{ .Values.controller.service.ports.https }}
+ protocol: TCP
+ targetPort: {{ .Values.controller.service.targetPorts.https }}
+ {{- if and (semverCompare ">=1.20" .Capabilities.KubeVersion.Version) (.Values.controller.service.appProtocol) }}
+ appProtocol: https
+ {{- end }}
+ {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.https))) }}
+ nodePort: {{ .Values.controller.service.nodePorts.https }}
+ {{- end }}
+ {{- end }}
+ {{- range $key, $value := .Values.tcp }}
+ - name: {{ $key }}-tcp
+ port: {{ $key }}
+ protocol: TCP
+ targetPort: {{ $key }}-tcp
+ {{- if $.Values.controller.service.nodePorts.tcp }}
+ {{- if index $.Values.controller.service.nodePorts.tcp $key }}
+ nodePort: {{ index $.Values.controller.service.nodePorts.tcp $key }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- range $key, $value := .Values.udp }}
+ - name: {{ $key }}-udp
+ port: {{ $key }}
+ protocol: UDP
+ targetPort: {{ $key }}-udp
+ {{- if $.Values.controller.service.nodePorts.udp }}
+ {{- if index $.Values.controller.service.nodePorts.udp $key }}
+ nodePort: {{ index $.Values.controller.service.nodePorts.udp $key }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ selector:
+ {{- include "ingress-nginx.selectorLabels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-serviceaccount.yaml b/charts/ingress-nginx/templates/controller-serviceaccount.yaml
new file mode 100644
index 0000000..824b2a1
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-serviceaccount.yaml
@@ -0,0 +1,18 @@
+{{- if or .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ {{- with .Values.controller.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ name: {{ template "ingress-nginx.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+ {{- if .Values.serviceAccount.annotations }}
+ annotations:
+ {{ toYaml .Values.serviceAccount.annotations | indent 4 }}
+ {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-servicemonitor.yaml b/charts/ingress-nginx/templates/controller-servicemonitor.yaml
new file mode 100644
index 0000000..4dbc6da
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-servicemonitor.yaml
@@ -0,0 +1,48 @@
+{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled -}}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ include "ingress-nginx.controller.fullname" . }}
+{{- if .Values.controller.metrics.serviceMonitor.namespace }}
+ namespace: {{ .Values.controller.metrics.serviceMonitor.namespace | quote }}
+{{- end }}
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ {{- if .Values.controller.metrics.serviceMonitor.additionalLabels }}
+ {{- toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | nindent 4 }}
+ {{- end }}
+spec:
+ endpoints:
+ - port: metrics
+ interval: {{ .Values.controller.metrics.serviceMonitor.scrapeInterval }}
+ {{- if .Values.controller.metrics.serviceMonitor.honorLabels }}
+ honorLabels: true
+ {{- end }}
+ {{- if .Values.controller.metrics.serviceMonitor.relabelings }}
+ relabelings: {{ toYaml .Values.controller.metrics.serviceMonitor.relabelings | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.metrics.serviceMonitor.metricRelabelings }}
+ metricRelabelings: {{ toYaml .Values.controller.metrics.serviceMonitor.metricRelabelings | nindent 8 }}
+ {{- end }}
+{{- if .Values.controller.metrics.serviceMonitor.jobLabel }}
+ jobLabel: {{ .Values.controller.metrics.serviceMonitor.jobLabel | quote }}
+{{- end }}
+{{- if .Values.controller.metrics.serviceMonitor.namespaceSelector }}
+ namespaceSelector: {{ toYaml .Values.controller.metrics.serviceMonitor.namespaceSelector | nindent 4 }}
+{{- else }}
+ namespaceSelector:
+ matchNames:
+ - {{ .Release.Namespace }}
+{{- end }}
+{{- if .Values.controller.metrics.serviceMonitor.targetLabels }}
+ targetLabels:
+ {{- range .Values.controller.metrics.serviceMonitor.targetLabels }}
+ - {{ . }}
+ {{- end }}
+{{- end }}
+ selector:
+ matchLabels:
+ {{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
+ app.kubernetes.io/component: controller
+{{- end }}
diff --git a/charts/ingress-nginx/templates/default-backend-deployment.yaml b/charts/ingress-nginx/templates/default-backend-deployment.yaml
new file mode 100644
index 0000000..fd3e96e
--- /dev/null
+++ b/charts/ingress-nginx/templates/default-backend-deployment.yaml
@@ -0,0 +1,118 @@
+{{- if .Values.defaultBackend.enabled -}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: default-backend
+ {{- with .Values.defaultBackend.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ name: {{ include "ingress-nginx.defaultBackend.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+spec:
+ selector:
+ matchLabels:
+ {{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
+ app.kubernetes.io/component: default-backend
+{{- if not .Values.defaultBackend.autoscaling.enabled }}
+ replicas: {{ .Values.defaultBackend.replicaCount }}
+{{- end }}
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+ template:
+ metadata:
+ {{- if .Values.defaultBackend.podAnnotations }}
+ annotations: {{ toYaml .Values.defaultBackend.podAnnotations | nindent 8 }}
+ {{- end }}
+ labels:
+ {{- include "ingress-nginx.selectorLabels" . | nindent 8 }}
+ app.kubernetes.io/component: default-backend
+ {{- with .Values.defaultBackend.labels }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- if .Values.defaultBackend.podLabels }}
+ {{- toYaml .Values.defaultBackend.podLabels | nindent 8 }}
+ {{- end }}
+ spec:
+ {{- if .Values.imagePullSecrets }}
+ imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
+ {{- end }}
+ {{- if .Values.defaultBackend.priorityClassName }}
+ priorityClassName: {{ .Values.defaultBackend.priorityClassName }}
+ {{- end }}
+ {{- if .Values.defaultBackend.podSecurityContext }}
+ securityContext: {{ toYaml .Values.defaultBackend.podSecurityContext | nindent 8 }}
+ {{- end }}
+ containers:
+ - name: {{ template "ingress-nginx.name" . }}-default-backend
+ {{- with .Values.defaultBackend.image }}
+ image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}"
+ {{- end }}
+ imagePullPolicy: {{ .Values.defaultBackend.image.pullPolicy }}
+ {{- if .Values.defaultBackend.extraArgs }}
+ args:
+ {{- range $key, $value := .Values.defaultBackend.extraArgs }}
+ {{- /* Accept keys without values or with false as value */}}
+ {{- if eq ($value | quote | len) 2 }}
+ - --{{ $key }}
+ {{- else }}
+ - --{{ $key }}={{ $value }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ securityContext:
+ capabilities:
+ drop:
+ - ALL
+ runAsUser: {{ .Values.defaultBackend.image.runAsUser }}
+ runAsNonRoot: {{ .Values.defaultBackend.image.runAsNonRoot }}
+ allowPrivilegeEscalation: {{ .Values.defaultBackend.image.allowPrivilegeEscalation }}
+ readOnlyRootFilesystem: {{ .Values.defaultBackend.image.readOnlyRootFilesystem}}
+ {{- if .Values.defaultBackend.extraEnvs }}
+ env: {{ toYaml .Values.defaultBackend.extraEnvs | nindent 12 }}
+ {{- end }}
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: {{ .Values.defaultBackend.port }}
+ scheme: HTTP
+ initialDelaySeconds: {{ .Values.defaultBackend.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.defaultBackend.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.defaultBackend.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.defaultBackend.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.defaultBackend.livenessProbe.failureThreshold }}
+ readinessProbe:
+ httpGet:
+ path: /healthz
+ port: {{ .Values.defaultBackend.port }}
+ scheme: HTTP
+ initialDelaySeconds: {{ .Values.defaultBackend.readinessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.defaultBackend.readinessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.defaultBackend.readinessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.defaultBackend.readinessProbe.successThreshold }}
+ failureThreshold: {{ .Values.defaultBackend.readinessProbe.failureThreshold }}
+ ports:
+ - name: http
+ containerPort: {{ .Values.defaultBackend.port }}
+ protocol: TCP
+ {{- if .Values.defaultBackend.extraVolumeMounts }}
+ volumeMounts: {{- toYaml .Values.defaultBackend.extraVolumeMounts | nindent 12 }}
+ {{- end }}
+ {{- if .Values.defaultBackend.resources }}
+ resources: {{ toYaml .Values.defaultBackend.resources | nindent 12 }}
+ {{- end }}
+ {{- if .Values.defaultBackend.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.defaultBackend.nodeSelector | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }}
+ {{- if .Values.defaultBackend.tolerations }}
+ tolerations: {{ toYaml .Values.defaultBackend.tolerations | nindent 8 }}
+ {{- end }}
+ {{- if .Values.defaultBackend.affinity }}
+ affinity: {{ toYaml .Values.defaultBackend.affinity | nindent 8 }}
+ {{- end }}
+ terminationGracePeriodSeconds: 60
+ {{- if .Values.defaultBackend.extraVolumes }}
+ volumes: {{ toYaml .Values.defaultBackend.extraVolumes | nindent 8 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/default-backend-hpa.yaml b/charts/ingress-nginx/templates/default-backend-hpa.yaml
new file mode 100644
index 0000000..594d265
--- /dev/null
+++ b/charts/ingress-nginx/templates/default-backend-hpa.yaml
@@ -0,0 +1,33 @@
+{{- if and .Values.defaultBackend.enabled .Values.defaultBackend.autoscaling.enabled }}
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: default-backend
+ {{- with .Values.defaultBackend.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ name: {{ template "ingress-nginx.defaultBackend.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+spec:
+ scaleTargetRef:
+ apiVersion: apps/v1
+ kind: Deployment
+ name: {{ template "ingress-nginx.defaultBackend.fullname" . }}
+ minReplicas: {{ .Values.defaultBackend.autoscaling.minReplicas }}
+ maxReplicas: {{ .Values.defaultBackend.autoscaling.maxReplicas }}
+ metrics:
+{{- with .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: cpu
+ targetAverageUtilization: {{ . }}
+{{- end }}
+{{- with .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: memory
+ targetAverageUtilization: {{ . }}
+{{- end }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml b/charts/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml
new file mode 100644
index 0000000..00891ce
--- /dev/null
+++ b/charts/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml
@@ -0,0 +1,21 @@
+{{- if .Values.defaultBackend.enabled -}}
+{{- if or (gt (.Values.defaultBackend.replicaCount | int) 1) (gt (.Values.defaultBackend.autoscaling.minReplicas | int) 1) }}
+apiVersion: {{ ternary "policy/v1" "policy/v1beta1" (semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version) }}
+kind: PodDisruptionBudget
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: default-backend
+ {{- with .Values.defaultBackend.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ name: {{ include "ingress-nginx.defaultBackend.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+spec:
+ selector:
+ matchLabels:
+ {{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
+ app.kubernetes.io/component: default-backend
+ minAvailable: {{ .Values.defaultBackend.minAvailable }}
+{{- end }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/default-backend-psp.yaml b/charts/ingress-nginx/templates/default-backend-psp.yaml
new file mode 100644
index 0000000..42061c5
--- /dev/null
+++ b/charts/ingress-nginx/templates/default-backend-psp.yaml
@@ -0,0 +1,36 @@
+{{- if and .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled (empty .Values.defaultBackend.existingPsp) -}}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ include "ingress-nginx.fullname" . }}-backend
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: default-backend
+ {{- with .Values.defaultBackend.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ allowPrivilegeEscalation: false
+ fsGroup:
+ ranges:
+ - max: 65535
+ min: 1
+ rule: MustRunAs
+ requiredDropCapabilities:
+ - ALL
+ runAsUser:
+ rule: MustRunAsNonRoot
+ seLinux:
+ rule: RunAsAny
+ supplementalGroups:
+ ranges:
+ - max: 65535
+ min: 1
+ rule: MustRunAs
+ volumes:
+ - configMap
+ - emptyDir
+ - projected
+ - secret
+ - downwardAPI
+{{- end }}
diff --git a/charts/ingress-nginx/templates/default-backend-role.yaml b/charts/ingress-nginx/templates/default-backend-role.yaml
new file mode 100644
index 0000000..a2b457c
--- /dev/null
+++ b/charts/ingress-nginx/templates/default-backend-role.yaml
@@ -0,0 +1,22 @@
+{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: default-backend
+ {{- with .Values.defaultBackend.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ name: {{ include "ingress-nginx.fullname" . }}-backend
+ namespace: {{ .Release.Namespace }}
+rules:
+ - apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}]
+ resources: ['podsecuritypolicies']
+ verbs: ['use']
+ {{- with .Values.defaultBackend.existingPsp }}
+ resourceNames: [{{ . }}]
+ {{- else }}
+ resourceNames: [{{ include "ingress-nginx.fullname" . }}-backend]
+ {{- end }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/default-backend-rolebinding.yaml b/charts/ingress-nginx/templates/default-backend-rolebinding.yaml
new file mode 100644
index 0000000..dbaa516
--- /dev/null
+++ b/charts/ingress-nginx/templates/default-backend-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: default-backend
+ {{- with .Values.defaultBackend.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ name: {{ include "ingress-nginx.fullname" . }}-backend
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ include "ingress-nginx.fullname" . }}-backend
+subjects:
+ - kind: ServiceAccount
+ name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace | quote }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/default-backend-service.yaml b/charts/ingress-nginx/templates/default-backend-service.yaml
new file mode 100644
index 0000000..5f1d09a
--- /dev/null
+++ b/charts/ingress-nginx/templates/default-backend-service.yaml
@@ -0,0 +1,41 @@
+{{- if .Values.defaultBackend.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+{{- if .Values.defaultBackend.service.annotations }}
+ annotations: {{ toYaml .Values.defaultBackend.service.annotations | nindent 4 }}
+{{- end }}
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: default-backend
+ {{- with .Values.defaultBackend.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ name: {{ include "ingress-nginx.defaultBackend.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+spec:
+ type: {{ .Values.defaultBackend.service.type }}
+{{- if .Values.defaultBackend.service.clusterIP }}
+ clusterIP: {{ .Values.defaultBackend.service.clusterIP }}
+{{- end }}
+{{- if .Values.defaultBackend.service.externalIPs }}
+ externalIPs: {{ toYaml .Values.defaultBackend.service.externalIPs | nindent 4 }}
+{{- end }}
+{{- if .Values.defaultBackend.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.defaultBackend.service.loadBalancerIP }}
+{{- end }}
+{{- if .Values.defaultBackend.service.loadBalancerSourceRanges }}
+ loadBalancerSourceRanges: {{ toYaml .Values.defaultBackend.service.loadBalancerSourceRanges | nindent 4 }}
+{{- end }}
+ ports:
+ - name: http
+ port: {{ .Values.defaultBackend.service.servicePort }}
+ protocol: TCP
+ targetPort: http
+ {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }}
+ appProtocol: http
+ {{- end }}
+ selector:
+ {{- include "ingress-nginx.selectorLabels" . | nindent 4 }}
+ app.kubernetes.io/component: default-backend
+{{- end }}
diff --git a/charts/ingress-nginx/templates/default-backend-serviceaccount.yaml b/charts/ingress-nginx/templates/default-backend-serviceaccount.yaml
new file mode 100644
index 0000000..b45a95a
--- /dev/null
+++ b/charts/ingress-nginx/templates/default-backend-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{- if and .Values.defaultBackend.enabled .Values.defaultBackend.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: default-backend
+ {{- with .Values.defaultBackend.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+automountServiceAccountToken: {{ .Values.defaultBackend.serviceAccount.automountServiceAccountToken }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/dh-param-secret.yaml b/charts/ingress-nginx/templates/dh-param-secret.yaml
new file mode 100644
index 0000000..12e7a4f
--- /dev/null
+++ b/charts/ingress-nginx/templates/dh-param-secret.yaml
@@ -0,0 +1,10 @@
+{{- with .Values.dhParam -}}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "ingress-nginx.controller.fullname" $ }}
+ labels:
+ {{- include "ingress-nginx.labels" $ | nindent 4 }}
+data:
+ dhparam.pem: {{ . }}
+{{- end }}
diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml
new file mode 100644
index 0000000..eb6db4a
--- /dev/null
+++ b/charts/ingress-nginx/values.yaml
@@ -0,0 +1,918 @@
+## nginx configuration
+## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/index.md
+##
+
+## Overrides for generated resource names
+# See templates/_helpers.tpl
+# nameOverride:
+# fullnameOverride:
+
+## Labels to apply to all resources
+##
+commonLabels: {}
+# scmhash: abc123
+# myLabel: aakkmd
+
+controller:
+ name: controller
+ image:
+ registry: k8s.gcr.io
+ image: ingress-nginx/controller
+ ## for backwards compatibility consider setting the full image url via the repository value below
+ ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
+ ## repository:
+ tag: "v1.1.1"
+ digest: sha256:0bc88eb15f9e7f84e8e56c14fa5735aaa488b840983f87bd79b1054190e660de
+ pullPolicy: IfNotPresent
+ # www-data -> uid 101
+ runAsUser: 101
+ allowPrivilegeEscalation: true
+
+ # -- Use an existing PSP instead of creating one
+ existingPsp: ""
+
+ # -- Configures the controller container name
+ containerName: controller
+
+ # -- Configures the ports that the nginx-controller listens on
+ containerPort:
+ http: 80
+ https: 443
+
+ # -- Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/
+ config: {}
+
+ # -- Annotations to be added to the controller config configuration configmap.
+ configAnnotations: {}
+
+ # -- Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/custom-headers
+ proxySetHeaders: {}
+
+ # -- Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers
+ addHeaders: {}
+
+ # -- Optionally customize the pod dnsConfig.
+ dnsConfig: {}
+
+ # -- Optionally customize the pod hostname.
+ hostname: {}
+
+ # -- Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'.
+ # By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller
+ # to keep resolving names inside the k8s network, use ClusterFirstWithHostNet.
+ dnsPolicy: ClusterFirst
+
+ # -- Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network
+ # Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply
+ reportNodeInternalIp: false
+
+ # -- Process Ingress objects without ingressClass annotation/ingressClassName field
+ # Overrides value for --watch-ingress-without-class flag of the controller binary
+ # Defaults to false
+ watchIngressWithoutClass: false
+
+ # -- Process IngressClass per name (additionally as per spec.controller).
+ ingressClassByName: false
+
+ # -- This configuration defines if Ingress Controller should allow users to set
+ # their own *-snippet annotations, otherwise this is forbidden / dropped
+ # when users add those annotations.
+ # Global snippets in ConfigMap are still respected
+ allowSnippetAnnotations: true
+
+ # -- Required for use with CNI based kubernetes installations (such as ones set up by kubeadm),
+ # since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920
+ # is merged
+ hostNetwork: false
+
+ ## Use host ports 80 and 443
+ ## Disabled by default
+ hostPort:
+ # -- Enable 'hostPort' or not
+ enabled: false
+ ports:
+ # -- 'hostPort' http port
+ http: 80
+ # -- 'hostPort' https port
+ https: 443
+
+ # -- Election ID to use for status update
+ electionID: ingress-controller-leader
+
+ ## This section refers to the creation of the IngressClass resource
+ ## IngressClass resources are supported since k8s >= 1.18 and required since k8s >= 1.19
+ ingressClassResource:
+ # -- Name of the ingressClass
+ name: nginx
+ # -- Is this ingressClass enabled or not
+ enabled: true
+ # -- Is this the default ingressClass for the cluster
+ default: false
+ # -- Controller-value of the controller that is processing this ingressClass
+ controllerValue: "k8s.io/ingress-nginx"
+
+ # -- Parameters is a link to a custom resource containing additional
+ # configuration for the controller. This is optional if the controller
+ # does not require extra parameters.
+ parameters: {}
+
+ # -- For backwards compatibility with ingress.class annotation, use ingressClass.
+ # Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation
+ ingressClass: nginx
+
+ # -- Labels to add to the pod container metadata
+ podLabels: {}
+ # key: value
+
+ # -- Security Context policies for controller pods
+ podSecurityContext: {}
+
+ # -- See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls
+ sysctls: {}
+ # sysctls:
+ # "net.core.somaxconn": "8192"
+
+ # -- Allows customization of the source of the IP address or FQDN to report
+ # in the ingress status field. By default, it reads the information provided
+ # by the service. If disable, the status field reports the IP address of the
+ # node or nodes where an ingress controller pod is running.
+ publishService:
+ # -- Enable 'publishService' or not
+ enabled: true
+ # -- Allows overriding of the publish service to bind to
+ # Must be <namespace>/<service_name>
+ pathOverride: ""
+
+ # Limit the scope of the controller to a specific namespace
+ scope:
+ # -- Enable 'scope' or not
+ enabled: false
+ # -- Namespace to limit the controller to; defaults to $(POD_NAMESPACE)
+ namespace: ""
+ # -- When scope.enabled == false, instead of watching all namespaces, we watching namespaces whose labels
+ # only match with namespaceSelector. Format like foo=bar. Defaults to empty, means watching all namespaces.
+ namespaceSelector: ""
+
+ # -- Allows customization of the configmap / nginx-configmap namespace; defaults to $(POD_NAMESPACE)
+ configMapNamespace: ""
+
+ tcp:
+ # -- Allows customization of the tcp-services-configmap; defaults to $(POD_NAMESPACE)
+ configMapNamespace: ""
+ # -- Annotations to be added to the tcp config configmap
+ annotations: {}
+
+ udp:
+ # -- Allows customization of the udp-services-configmap; defaults to $(POD_NAMESPACE)
+ configMapNamespace: ""
+ # -- Annotations to be added to the udp config configmap
+ annotations: {}
+
+ # -- Maxmind license key to download GeoLite2 Databases.
+ ## https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases
+ maxmindLicenseKey: ""
+
+ # -- Additional command line arguments to pass to nginx-ingress-controller
+ # E.g. to specify the default SSL certificate you can use
+ extraArgs: {}
+ ## extraArgs:
+ ## default-ssl-certificate: "<namespace>/<secret_name>"
+
+ # -- Additional environment variables to set
+ extraEnvs: []
+ # extraEnvs:
+ # - name: FOO
+ # valueFrom:
+ # secretKeyRef:
+ # key: FOO
+ # name: secret-resource
+
+ # -- Use a `DaemonSet` or `Deployment`
+ kind: Deployment
+
+ # -- Annotations to be added to the controller Deployment or DaemonSet
+ ##
+ annotations: {}
+ # keel.sh/pollSchedule: "@every 60m"
+
+ # -- Labels to be added to the controller Deployment or DaemonSet and other resources that do not have option to specify labels
+ ##
+ labels: {}
+ # keel.sh/policy: patch
+ # keel.sh/trigger: poll
+
+
+ # -- The update strategy to apply to the Deployment or DaemonSet
+ ##
+ updateStrategy: {}
+ # rollingUpdate:
+ # maxUnavailable: 1
+ # type: RollingUpdate
+
+ # -- `minReadySeconds` to avoid killing pods before we are ready
+ ##
+ minReadySeconds: 0
+
+
+ # -- Node tolerations for server scheduling to nodes with taints
+ ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ ##
+ tolerations: []
+ # - key: "key"
+ # operator: "Equal|Exists"
+ # value: "value"
+ # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
+
+ # -- Affinity and anti-affinity rules for server scheduling to nodes
+ ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+ ##
+ affinity: {}
+ # # An example of preferred pod anti-affinity, weight is in the range 1-100
+ # podAntiAffinity:
+ # preferredDuringSchedulingIgnoredDuringExecution:
+ # - weight: 100
+ # podAffinityTerm:
+ # labelSelector:
+ # matchExpressions:
+ # - key: app.kubernetes.io/name
+ # operator: In
+ # values:
+ # - ingress-nginx
+ # - key: app.kubernetes.io/instance
+ # operator: In
+ # values:
+ # - ingress-nginx
+ # - key: app.kubernetes.io/component
+ # operator: In
+ # values:
+ # - controller
+ # topologyKey: kubernetes.io/hostname
+
+ # # An example of required pod anti-affinity
+ # podAntiAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # - labelSelector:
+ # matchExpressions:
+ # - key: app.kubernetes.io/name
+ # operator: In
+ # values:
+ # - ingress-nginx
+ # - key: app.kubernetes.io/instance
+ # operator: In
+ # values:
+ # - ingress-nginx
+ # - key: app.kubernetes.io/component
+ # operator: In
+ # values:
+ # - controller
+ # topologyKey: "kubernetes.io/hostname"
+
+ # -- Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in.
+ ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+ ##
+ topologySpreadConstraints: []
+ # - maxSkew: 1
+ # topologyKey: failure-domain.beta.kubernetes.io/zone
+ # whenUnsatisfiable: DoNotSchedule
+ # labelSelector:
+ # matchLabels:
+ # app.kubernetes.io/instance: ingress-nginx-internal
+
+ # -- `terminationGracePeriodSeconds` to avoid killing pods before we are ready
+ ## wait up to five minutes for the drain of connections
+ ##
+ terminationGracePeriodSeconds: 300
+
+ # -- Node labels for controller pod assignment
+ ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+ ##
+ nodeSelector:
+ kubernetes.io/os: linux
+
+ ## Liveness and readiness probe values
+ ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
+ ##
+ ## startupProbe:
+ ## httpGet:
+ ## # should match container.healthCheckPath
+ ## path: "/healthz"
+ ## port: 10254
+ ## scheme: HTTP
+ ## initialDelaySeconds: 5
+ ## periodSeconds: 5
+ ## timeoutSeconds: 2
+ ## successThreshold: 1
+ ## failureThreshold: 5
+ livenessProbe:
+ httpGet:
+ # should match container.healthCheckPath
+ path: "/healthz"
+ port: 10254
+ scheme: HTTP
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 1
+ successThreshold: 1
+ failureThreshold: 5
+ readinessProbe:
+ httpGet:
+ # should match container.healthCheckPath
+ path: "/healthz"
+ port: 10254
+ scheme: HTTP
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 1
+ successThreshold: 1
+ failureThreshold: 3
+
+
+ # -- Path of the health check endpoint. All requests received on the port defined by
+ # the healthz-port parameter are forwarded internally to this path.
+ healthCheckPath: "/healthz"
+
+ # -- Address to bind the health check endpoint.
+ # It is better to set this option to the internal node address
+ # if the ingress nginx controller is running in the `hostNetwork: true` mode.
+ healthCheckHost: ""
+
+ # -- Annotations to be added to controller pods
+ ##
+ podAnnotations: {}
+
+ replicaCount: 1
+
+ minAvailable: 1
+
+ ## Define requests resources to avoid probe issues due to CPU utilization in busy nodes
+ ## ref: https://github.com/kubernetes/ingress-nginx/issues/4735#issuecomment-551204903
+ ## Ideally, there should be no limits.
+ ## https://engineering.indeedblog.com/blog/2019/12/cpu-throttling-regression-fix/
+ resources:
+ ## limits:
+ ## cpu: 100m
+ ## memory: 90Mi
+ requests:
+ cpu: 100m
+ memory: 90Mi
+
+ # Mutually exclusive with keda autoscaling
+ autoscaling:
+ enabled: false
+ minReplicas: 1
+ maxReplicas: 11
+ targetCPUUtilizationPercentage: 50
+ targetMemoryUtilizationPercentage: 50
+ behavior: {}
+ # scaleDown:
+ # stabilizationWindowSeconds: 300
+ # policies:
+ # - type: Pods
+ # value: 1
+ # periodSeconds: 180
+ # scaleUp:
+ # stabilizationWindowSeconds: 300
+ # policies:
+ # - type: Pods
+ # value: 2
+ # periodSeconds: 60
+
+ autoscalingTemplate: []
+ # Custom or additional autoscaling metrics
+ # ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics
+ # - type: Pods
+ # pods:
+ # metric:
+ # name: nginx_ingress_controller_nginx_process_requests_total
+ # target:
+ # type: AverageValue
+ # averageValue: 10000m
+
+ # Mutually exclusive with hpa autoscaling
+ keda:
+ apiVersion: "keda.sh/v1alpha1"
+ ## apiVersion changes with keda 1.x vs 2.x
+ ## 2.x = keda.sh/v1alpha1
+ ## 1.x = keda.k8s.io/v1alpha1
+ enabled: false
+ minReplicas: 1
+ maxReplicas: 11
+ pollingInterval: 30
+ cooldownPeriod: 300
+ restoreToOriginalReplicaCount: false
+ scaledObject:
+ annotations: {}
+ # Custom annotations for ScaledObject resource
+ # annotations:
+ # key: value
+ triggers: []
+ # - type: prometheus
+ # metadata:
+ # serverAddress: http://<prometheus-host>:9090
+ # metricName: http_requests_total
+ # threshold: '100'
+ # query: sum(rate(http_requests_total{deployment="my-deployment"}[2m]))
+
+ behavior: {}
+ # scaleDown:
+ # stabilizationWindowSeconds: 300
+ # policies:
+ # - type: Pods
+ # value: 1
+ # periodSeconds: 180
+ # scaleUp:
+ # stabilizationWindowSeconds: 300
+ # policies:
+ # - type: Pods
+ # value: 2
+ # periodSeconds: 60
+
+ # -- Enable mimalloc as a drop-in replacement for malloc.
+ ## ref: https://github.com/microsoft/mimalloc
+ ##
+ enableMimalloc: true
+
+ ## Override NGINX template
+ customTemplate:
+ configMapName: ""
+ configMapKey: ""
+
+ service:
+ enabled: true
+
+ # -- If enabled is adding an appProtocol option for Kubernetes service. An appProtocol field replacing annotations that were
+ # using for setting a backend protocol. Here is an example for AWS: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
+ # It allows choosing the protocol for each backend specified in the Kubernetes service.
+ # See the following GitHub issue for more details about the purpose: https://github.com/kubernetes/kubernetes/issues/40244
+ # Will be ignored for Kubernetes versions older than 1.20
+ ##
+ appProtocol: true
+
+ annotations: {}
+ labels: {}
+ # clusterIP: ""
+
+ # -- List of IP addresses at which the controller services are available
+ ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
+ ##
+ externalIPs: []
+
+ # loadBalancerIP: ""
+ loadBalancerSourceRanges: []
+
+ enableHttp: true
+ enableHttps: true
+
+ ## Set external traffic policy to: "Local" to preserve source IP on providers supporting it.
+ ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
+ # externalTrafficPolicy: ""
+
+ ## Must be either "None" or "ClientIP" if set. Kubernetes will default to "None".
+ ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ # sessionAffinity: ""
+
+ ## Specifies the health check node port (numeric port number) for the service. If healthCheckNodePort isn’t specified,
+ ## the service controller allocates a port from your cluster’s NodePort range.
+ ## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+ # healthCheckNodePort: 0
+
+ # -- Represents the dual-stack-ness requested or required by this Service. Possible values are
+ # SingleStack, PreferDualStack or RequireDualStack.
+ # The ipFamilies and clusterIPs fields depend on the value of this field.
+ ## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/
+ ipFamilyPolicy: "SingleStack"
+
+ # -- List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically
+ # based on cluster configuration and the ipFamilyPolicy field.
+ ## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/
+ ipFamilies:
+ - IPv4
+
+ ports:
+ http: 80
+ https: 443
+
+ targetPorts:
+ http: http
+ https: https
+
+ type: LoadBalancer
+
+ ## type: NodePort
+ ## nodePorts:
+ ## http: 32080
+ ## https: 32443
+ ## tcp:
+ ## 8080: 32808
+ nodePorts:
+ http: ""
+ https: ""
+ tcp: {}
+ udp: {}
+
+ external:
+ enabled: true
+
+ internal:
+ # -- Enables an additional internal load balancer (besides the external one).
+ enabled: false
+ # -- Annotations are mandatory for the load balancer to come up. Varies with the cloud service.
+ annotations: {}
+
+ # loadBalancerIP: ""
+
+ # -- Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0.
+ loadBalancerSourceRanges: []
+
+ ## Set external traffic policy to: "Local" to preserve source IP on
+ ## providers supporting it
+ ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
+ # externalTrafficPolicy: ""
+
+ # -- Additional containers to be added to the controller pod.
+ # See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example.
+ extraContainers: []
+ # - name: my-sidecar
+ # image: nginx:latest
+ # - name: lemonldap-ng-controller
+ # image: lemonldapng/lemonldap-ng-controller:0.2.0
+ # args:
+ # - /lemonldap-ng-controller
+ # - --alsologtostderr
+ # - --configmap=$(POD_NAMESPACE)/lemonldap-ng-configuration
+ # env:
+ # - name: POD_NAME
+ # valueFrom:
+ # fieldRef:
+ # fieldPath: metadata.name
+ # - name: POD_NAMESPACE
+ # valueFrom:
+ # fieldRef:
+ # fieldPath: metadata.namespace
+ # volumeMounts:
+ # - name: copy-portal-skins
+ # mountPath: /srv/var/lib/lemonldap-ng/portal/skins
+
+ # -- Additional volumeMounts to the controller main container.
+ extraVolumeMounts: []
+ # - name: copy-portal-skins
+ # mountPath: /var/lib/lemonldap-ng/portal/skins
+
+ # -- Additional volumes to the controller pod.
+ extraVolumes: []
+ # - name: copy-portal-skins
+ # emptyDir: {}
+
+ # -- Containers, which are run before the app containers are started.
+ extraInitContainers: []
+ # - name: init-myservice
+ # image: busybox
+ # command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;']
+
+ extraModules: []
+ ## Modules, which are mounted into the core nginx image
+ # - name: opentelemetry
+ # image: busybox
+ #
+ # The image must contain a `/usr/local/bin/init_module.sh` executable, which
+ # will be executed as initContainers, to move its config files within the
+ # mounted volume.
+
+ admissionWebhooks:
+ annotations: {}
+ # ignore-check.kube-linter.io/no-read-only-rootfs: "This deployment needs write access to root filesystem".
+
+ ## Additional annotations to the admission webhooks.
+ ## These annotations will be added to the ValidatingWebhookConfiguration and
+ ## the Jobs Spec of the admission webhooks.
+ enabled: true
+ failurePolicy: Fail
+ # timeoutSeconds: 10
+ port: 8443
+ certificate: "/usr/local/certificates/cert"
+ key: "/usr/local/certificates/key"
+ namespaceSelector: {}
+ objectSelector: {}
+ # -- Labels to be added to admission webhooks
+ labels: {}
+
+ # -- Use an existing PSP instead of creating one
+ existingPsp: ""
+
+ service:
+ annotations: {}
+ # clusterIP: ""
+ externalIPs: []
+ # loadBalancerIP: ""
+ loadBalancerSourceRanges: []
+ servicePort: 443
+ type: ClusterIP
+
+ createSecretJob:
+ resources: {}
+ # limits:
+ # cpu: 10m
+ # memory: 20Mi
+ # requests:
+ # cpu: 10m
+ # memory: 20Mi
+
+ patchWebhookJob:
+ resources: {}
+
+ patch:
+ enabled: true
+ image:
+ registry: k8s.gcr.io
+ image: ingress-nginx/kube-webhook-certgen
+ ## for backwards compatibility consider setting the full image url via the repository value below
+ ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
+ ## repository:
+ tag: v1.1.1
+ digest: sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660
+ pullPolicy: IfNotPresent
+ # -- Provide a priority class name to the webhook patching job
+ ##
+ priorityClassName: ""
+ podAnnotations: {}
+ nodeSelector:
+ kubernetes.io/os: linux
+ tolerations: []
+ # -- Labels to be added to patch job resources
+ labels: {}
+ runAsUser: 2000
+
+ metrics:
+ port: 10254
+ # if this port is changed, change healthz-port: in extraArgs: accordingly
+ enabled: false
+
+ service:
+ annotations: {}
+ # prometheus.io/scrape: "true"
+ # prometheus.io/port: "10254"
+
+ # clusterIP: ""
+
+ # -- List of IP addresses at which the stats-exporter service is available
+ ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
+ ##
+ externalIPs: []
+
+ # loadBalancerIP: ""
+ loadBalancerSourceRanges: []
+ servicePort: 10254
+ type: ClusterIP
+ # externalTrafficPolicy: ""
+ # nodePort: ""
+
+ serviceMonitor:
+ enabled: false
+ additionalLabels: {}
+ ## The label to use to retrieve the job name from.
+ ## jobLabel: "app.kubernetes.io/name"
+ namespace: ""
+ namespaceSelector: {}
+ ## Default: scrape .Release.Namespace only
+ ## To scrape all, use the following:
+ ## namespaceSelector:
+ ## any: true
+ scrapeInterval: 30s
+ # honorLabels: true
+ targetLabels: []
+ relabelings: []
+ metricRelabelings: []
+
+ prometheusRule:
+ enabled: false
+ additionalLabels: {}
+ # namespace: ""
+ rules: []
+ # # These are just examples rules, please adapt them to your needs
+ # - alert: NGINXConfigFailed
+ # expr: count(nginx_ingress_controller_config_last_reload_successful == 0) > 0
+ # for: 1s
+ # labels:
+ # severity: critical
+ # annotations:
+ # description: bad ingress config - nginx config test failed
+ # summary: uninstall the latest ingress changes to allow config reloads to resume
+ # - alert: NGINXCertificateExpiry
+ # expr: (avg(nginx_ingress_controller_ssl_expire_time_seconds) by (host) - time()) < 604800
+ # for: 1s
+ # labels:
+ # severity: critical
+ # annotations:
+ # description: ssl certificate(s) will expire in less then a week
+ # summary: renew expiring certificates to avoid downtime
+ # - alert: NGINXTooMany500s
+ # expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"5.+"} ) / sum(nginx_ingress_controller_requests) ) > 5
+ # for: 1m
+ # labels:
+ # severity: warning
+ # annotations:
+ # description: Too many 5XXs
+ # summary: More than 5% of all requests returned 5XX, this requires your attention
+ # - alert: NGINXTooMany400s
+ # expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"4.+"} ) / sum(nginx_ingress_controller_requests) ) > 5
+ # for: 1m
+ # labels:
+ # severity: warning
+ # annotations:
+ # description: Too many 4XXs
+ # summary: More than 5% of all requests returned 4XX, this requires your attention
+
+ # -- Improve connection draining when ingress controller pod is deleted using a lifecycle hook:
+ # With this new hook, we increased the default terminationGracePeriodSeconds from 30 seconds
+ # to 300, allowing the draining of connections up to five minutes.
+ # If the active connections end before that, the pod will terminate gracefully at that time.
+ # To effectively take advantage of this feature, the Configmap feature
+ # worker-shutdown-timeout new value is 240s instead of 10s.
+ ##
+ lifecycle:
+ preStop:
+ exec:
+ command:
+ - /wait-shutdown
+
+ priorityClassName: ""
+
+# -- Rollback limit
+##
+revisionHistoryLimit: 10
+
+## Default 404 backend
+##
+defaultBackend:
+ ##
+ enabled: false
+
+ name: defaultbackend
+ image:
+ registry: k8s.gcr.io
+ image: defaultbackend-amd64
+ ## for backwards compatibility consider setting the full image url via the repository value below
+ ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
+ ## repository:
+ tag: "1.5"
+ pullPolicy: IfNotPresent
+ # nobody user -> uid 65534
+ runAsUser: 65534
+ runAsNonRoot: true
+ readOnlyRootFilesystem: true
+ allowPrivilegeEscalation: false
+
+ # -- Use an existing PSP instead of creating one
+ existingPsp: ""
+
+ extraArgs: {}
+
+ serviceAccount:
+ create: true
+ name: ""
+ automountServiceAccountToken: true
+ # -- Additional environment variables to set for defaultBackend pods
+ extraEnvs: []
+
+ port: 8080
+
+ ## Readiness and liveness probes for default backend
+ ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
+ ##
+ livenessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ readinessProbe:
+ failureThreshold: 6
+ initialDelaySeconds: 0
+ periodSeconds: 5
+ successThreshold: 1
+ timeoutSeconds: 5
+
+ # -- Node tolerations for server scheduling to nodes with taints
+ ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ ##
+ tolerations: []
+ # - key: "key"
+ # operator: "Equal|Exists"
+ # value: "value"
+ # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
+
+ affinity: {}
+
+ # -- Security Context policies for controller pods
+ # See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for
+ # notes on enabling and using sysctls
+ ##
+ podSecurityContext: {}
+
+ # -- Security Context policies for controller main container.
+ # See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for
+ # notes on enabling and using sysctls
+ ##
+ containerSecurityContext: {}
+
+ # -- Labels to add to the pod container metadata
+ podLabels: {}
+ # key: value
+
+ # -- Node labels for default backend pod assignment
+ ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+ ##
+ nodeSelector:
+ kubernetes.io/os: linux
+
+ # -- Annotations to be added to default backend pods
+ ##
+ podAnnotations: {}
+
+ replicaCount: 1
+
+ minAvailable: 1
+
+ resources: {}
+ # limits:
+ # cpu: 10m
+ # memory: 20Mi
+ # requests:
+ # cpu: 10m
+ # memory: 20Mi
+
+ extraVolumeMounts: []
+ ## Additional volumeMounts to the default backend container.
+ # - name: copy-portal-skins
+ # mountPath: /var/lib/lemonldap-ng/portal/skins
+
+ extraVolumes: []
+ ## Additional volumes to the default backend pod.
+ # - name: copy-portal-skins
+ # emptyDir: {}
+
+ autoscaling:
+ annotations: {}
+ enabled: false
+ minReplicas: 1
+ maxReplicas: 2
+ targetCPUUtilizationPercentage: 50
+ targetMemoryUtilizationPercentage: 50
+
+ service:
+ annotations: {}
+
+ # clusterIP: ""
+
+ # -- List of IP addresses at which the default backend service is available
+ ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
+ ##
+ externalIPs: []
+
+ # loadBalancerIP: ""
+ loadBalancerSourceRanges: []
+ servicePort: 80
+ type: ClusterIP
+
+ priorityClassName: ""
+ # -- Labels to be added to the default backend resources
+ labels: {}
+
+## Enable RBAC as per https://github.com/kubernetes/ingress-nginx/blob/main/docs/deploy/rbac.md and https://github.com/kubernetes/ingress-nginx/issues/266
+rbac:
+ create: true
+ scope: false
+
+## If true, create & use Pod Security Policy resources
+## https://kubernetes.io/docs/concepts/policy/pod-security-policy/
+podSecurityPolicy:
+ enabled: false
+
+serviceAccount:
+ create: true
+ name: ""
+ automountServiceAccountToken: true
+ # -- Annotations for the controller service account
+ annotations: {}
+
+# -- Optional array of imagePullSecrets containing private registry credentials
+## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+imagePullSecrets: []
+# - name: secretName
+
+# -- TCP service key:value pairs
+## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md
+##
+tcp: {}
+# 8080: "default/example-tcp-svc:9000"
+
+# -- UDP service key:value pairs
+## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md
+##
+udp: {}
+# 53: "kube-system/kube-dns:53"
+
+# -- (string) A base64-encoded Diffie-Hellman parameter.
+# This can be generated with: `openssl dhparam 4096 2> /dev/null | base64`
+## Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param
+dhParam:
diff --git a/charts/kube-prometheus-stack/.helmignore b/charts/kube-prometheus-stack/.helmignore
new file mode 100644
index 0000000..1937f42
--- /dev/null
+++ b/charts/kube-prometheus-stack/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+# helm/charts
+OWNERS
+hack/
+ci/
+kube-prometheus-*.tgz
+
+unittests/
diff --git a/charts/kube-prometheus-stack/CONTRIBUTING.md b/charts/kube-prometheus-stack/CONTRIBUTING.md
new file mode 100644
index 0000000..f6ce2a3
--- /dev/null
+++ b/charts/kube-prometheus-stack/CONTRIBUTING.md
@@ -0,0 +1,12 @@
+# Contributing Guidelines
+
+## How to contribute to this chart
+
+1. Fork this repository, develop and test your Chart.
+1. Bump the chart version for every change.
+1. Ensure PR title has the prefix `[kube-prometheus-stack]`
+1. When making changes to rules or dashboards, see the README.md section on how to sync data from upstream repositories
+1. Check the `hack/minikube` folder has scripts to set up minikube and components of this chart that will allow all components to be scraped. You can use this configuration when validating your changes.
+1. Check for changes of RBAC rules.
+1. Check for changes in CRD specs.
+1. PR must pass the linter (`helm lint`)
diff --git a/charts/kube-prometheus-stack/Chart.lock b/charts/kube-prometheus-stack/Chart.lock
new file mode 100644
index 0000000..c29d339
--- /dev/null
+++ b/charts/kube-prometheus-stack/Chart.lock
@@ -0,0 +1,12 @@
+dependencies:
+- name: kube-state-metrics
+ repository: https://prometheus-community.github.io/helm-charts
+ version: 4.22.1
+- name: prometheus-node-exporter
+ repository: https://prometheus-community.github.io/helm-charts
+ version: 4.4.2
+- name: grafana
+ repository: https://grafana.github.io/helm-charts
+ version: 6.43.3
+digest: sha256:41e6d8cedd07b10b6c94c0e47aa4fcbe426255b8dbee2c78ed6fdfd33a8a2427
+generated: "2022-11-02T10:02:10.062639Z"
diff --git a/charts/kube-prometheus-stack/Chart.yaml b/charts/kube-prometheus-stack/Chart.yaml
new file mode 100644
index 0000000..82f3bde
--- /dev/null
+++ b/charts/kube-prometheus-stack/Chart.yaml
@@ -0,0 +1,52 @@
+annotations:
+ artifacthub.io/links: |
+ - name: Chart Source
+ url: https://github.com/prometheus-community/helm-charts
+ - name: Upstream Project
+ url: https://github.com/prometheus-operator/kube-prometheus
+ artifacthub.io/operator: "true"
+apiVersion: v2
+appVersion: 0.60.1
+dependencies:
+- condition: kubeStateMetrics.enabled
+ name: kube-state-metrics
+ repository: https://prometheus-community.github.io/helm-charts
+ version: 4.22.*
+- condition: nodeExporter.enabled
+ name: prometheus-node-exporter
+ repository: https://prometheus-community.github.io/helm-charts
+ version: 4.4.*
+- condition: grafana.enabled
+ name: grafana
+ repository: https://grafana.github.io/helm-charts
+ version: 6.43.*
+description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards,
+ and Prometheus rules combined with documentation and scripts to provide easy to
+ operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus
+ Operator.
+home: https://github.com/prometheus-operator/kube-prometheus
+icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png
+keywords:
+- operator
+- prometheus
+- kube-prometheus
+kubeVersion: '>=1.16.0-0'
+maintainers:
+- email: andrew@quadcorps.co.uk
+ name: andrewgkew
+- email: gianrubio@gmail.com
+ name: gianrubio
+- email: github.gkarthiks@gmail.com
+ name: gkarthiks
+- email: kube-prometheus-stack@sisti.pt
+ name: GMartinez-Sisti
+- email: scott@r6by.com
+ name: scottrigby
+- email: miroslav.hadzhiev@gmail.com
+ name: Xtigyro
+name: kube-prometheus-stack
+sources:
+- https://github.com/prometheus-community/helm-charts
+- https://github.com/prometheus-operator/kube-prometheus
+type: application
+version: 41.7.3
diff --git a/charts/kube-prometheus-stack/README.md b/charts/kube-prometheus-stack/README.md
new file mode 100644
index 0000000..e9081e4
--- /dev/null
+++ b/charts/kube-prometheus-stack/README.md
@@ -0,0 +1,728 @@
+# kube-prometheus-stack
+
+Installs the [kube-prometheus stack](https://github.com/prometheus-operator/kube-prometheus), a collection of Kubernetes manifests, [Grafana](http://grafana.com/) dashboards, and [Prometheus rules](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with [Prometheus](https://prometheus.io/) using the [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator).
+
+See the [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) README for details about components, dashboards, and alerts.
+
+_Note: This chart was formerly named `prometheus-operator` chart, now renamed to more clearly reflect that it installs the `kube-prometheus` project stack, within which Prometheus Operator is only one component._
+
+## Prerequisites
+
+- Kubernetes 1.16+
+- Helm 3+
+
+## Get Helm Repository Info
+
+```console
+helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
+helm repo update
+```
+
+_See [`helm repo`](https://helm.sh/docs/helm/helm_repo/) for command documentation._
+
+## Install Helm Chart
+
+```console
+helm install [RELEASE_NAME] prometheus-community/kube-prometheus-stack
+```
+
+_See [configuration](#configuration) below._
+
+_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
+
+## Dependencies
+
+By default this chart installs additional, dependent charts:
+
+- [prometheus-community/kube-state-metrics](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics)
+- [prometheus-community/prometheus-node-exporter](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-node-exporter)
+- [grafana/grafana](https://github.com/grafana/helm-charts/tree/main/charts/grafana)
+
+To disable dependencies during installation, see [multiple releases](#multiple-releases) below.
+
+_See [helm dependency](https://helm.sh/docs/helm/helm_dependency/) for command documentation._
+
+## Uninstall Helm Chart
+
+```console
+helm uninstall [RELEASE_NAME]
+```
+
+This removes all the Kubernetes components associated with the chart and deletes the release.
+
+_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
+
+CRDs created by this chart are not removed by default and should be manually cleaned up:
+
+```console
+kubectl delete crd alertmanagerconfigs.monitoring.coreos.com
+kubectl delete crd alertmanagers.monitoring.coreos.com
+kubectl delete crd podmonitors.monitoring.coreos.com
+kubectl delete crd probes.monitoring.coreos.com
+kubectl delete crd prometheuses.monitoring.coreos.com
+kubectl delete crd prometheusrules.monitoring.coreos.com
+kubectl delete crd servicemonitors.monitoring.coreos.com
+kubectl delete crd thanosrulers.monitoring.coreos.com
+```
+
+## Upgrading Chart
+
+```console
+helm upgrade [RELEASE_NAME] prometheus-community/kube-prometheus-stack
+```
+
+With Helm v3, CRDs created by this chart are not updated by default and should be manually updated.
+Consult also the [Helm Documentation on CRDs](https://helm.sh/docs/chart_best_practices/custom_resource_definitions).
+
+_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
+
+### Upgrading an existing Release to a new major version
+
+A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions.
+
+### From 40.x to 41.x
+
+This version upgrades Prometheus-Operator to v0.60.1, Prometheus to v2.39.1 and Thanos to v0.28.1.
+This version also upgrades the Helm charts of kube-state-metrics to 4.20.2, prometheus-node-exporter to 4.3.0 and Grafana to 6.40.4.
+
+Run these commands to update the CRDs before applying the upgrade.
+
+```console
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
+```
+
+This version splits kubeScheduler recording and altering rules in separate config values.
+Instead of `defaultRules.rules.kubeScheduler` the 2 new variables `defaultRules.rules.kubeSchedulerAlerting` and `defaultRules.rules.kubeSchedulerRecording` are used.
+
+### From 39.x to 40.x
+
+This version upgrades Prometheus-Operator to v0.59.1, Prometheus to v2.38.0, kube-state-metrics to v2.6.0 and Thanos to v0.28.0.
+This version also upgrades the Helm charts of kube-state-metrics to 4.18.0 and prometheus-node-exporter to 4.2.0.
+
+Run these commands to update the CRDs before applying the upgrade.
+
+```console
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
+```
+
+Starting from prometheus-node-exporter version 4.0.0, the `node exporter` chart is using the [Kubernetes recommended labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/). Therefore you have to delete the daemonset before you upgrade.
+
+```console
+kubectl delete daemonset -l app=prometheus-node-exporter
+helm upgrade -i kube-prometheus-stack prometheus-community/kube-prometheus-stack
+```
+
+If you use your own custom [ServiceMonitor](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitor) or [PodMonitor](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#podmonitor), please ensure to upgrade their `selector` fields accordingly to the new labels.
+
+### From 38.x to 39.x
+
+This upgraded prometheus-operator to v0.58.0 and prometheus to v2.37.0
+
+Run these commands to update the CRDs before applying the upgrade.
+
+```console
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
+```
+
+### From 37.x to 38.x
+
+Reverted one of the default metrics relabelings for cAdvisor added in 36.x, due to it breaking container_network_* and various other statistics. If you do not want this change, you will need to override the `kubelet.cAdvisorMetricRelabelings`.
+
+### From 36.x to 37.x
+
+This includes some default metric relabelings for cAdvisor and apiserver metrics to reduce cardinality. If you do not want these defaults, you will need to override the `kubeApiServer.metricRelabelings` and or `kubelet.cAdvisorMetricRelabelings`.
+
+### From 35.x to 36.x
+
+This upgraded prometheus-operator to v0.57.0 and prometheus to v2.36.1
+
+Run these commands to update the CRDs before applying the upgrade.
+
+```console
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
+```
+
+### From 34.x to 35.x
+
+This upgraded prometheus-operator to v0.56.0 and prometheus to v2.35.0
+
+Run these commands to update the CRDs before applying the upgrade.
+
+```console
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
+```
+
+### From 33.x to 34.x
+
+This upgrades to prometheus-operator to v0.55.0 and prometheus to v2.33.5.
+
+Run these commands to update the CRDs before applying the upgrade.
+
+```console
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
+```
+
+### From 32.x to 33.x
+
+This upgrades the prometheus-node-exporter Chart to v3.0.0. Please review the changes to this subchart if you make customizations to hostMountPropagation.
+
+### From 31.x to 32.x
+
+This upgrades to prometheus-operator to v0.54.0 and prometheus to v2.33.1. It also changes the default for `grafana.serviceMonitor.enabled` to `true.
+
+Run these commands to update the CRDs before applying the upgrade.
+
+```console
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
+```
+
+### From 30.x to 31.x
+
+This version removes the built-in grafana ServiceMonitor and instead relies on the ServiceMonitor of the sub-chart.
+`grafana.serviceMonitor.enabled` must be set instead of `grafana.serviceMonitor.selfMonitor` and the old ServiceMonitor may
+need to be manually cleaned up after deploying the new release.
+
+### From 29.x to 30.x
+
+This version updates kube-state-metrics to 4.3.0 and uses the new option `kube-state-metrics.releaseLabel=true` which adds the "release" label to kube-state-metrics labels, making scraping of the metrics by kube-prometheus-stack work out of the box again, independent of the used kube-prometheus-stack release name. If you already set the "release" label via `kube-state-metrics.customLabels` you might have to remove that and use it via the new option.
+
+### From 28.x to 29.x
+
+This version makes scraping port for kube-controller-manager and kube-scheduler dynamic to reflect changes to default serving ports
+for those components in Kubernetes versions v1.22 and v1.23 respectively.
+
+If you deploy on clusters using version v1.22+, kube-controller-manager will be scraped over HTTPS on port 10257.
+
+If you deploy on clusters running version v1.23+, kube-scheduler will be scraped over HTTPS on port 10259.
+
+### From 27.x to 28.x
+
+This version disables PodSecurityPolicies by default because they are deprecated in Kubernetes 1.21 and will be removed in Kubernetes 1.25.
+
+If you are using PodSecurityPolicies you can enable the previous behaviour by setting `kube-state-metrics.podSecurityPolicy.enabled`, `prometheus-node-exporter.rbac.pspEnabled`, `grafana.rbac.pspEnabled` and `global.rbac.pspEnabled` to `true`.
+
+### From 26.x to 27.x
+
+This version splits prometheus-node-exporter chart recording and altering rules in separate config values.
+Instead of `defaultRules.rules.node` the 2 new variables `defaultRules.rules.nodeExporterAlerting` and `defaultRules.rules.nodeExporterRecording` are used.
+
+Also the following defaultRules.rules has been removed as they had no effect: `kubeApiserverError`, `kubePrometheusNodeAlerting`, `kubernetesAbsent`, `time`.
+
+The ability to set a rubookUrl via `defaultRules.rules.rubookUrl` was reintroduced.
+
+### From 25.x to 26.x
+
+This version enables the prometheus-node-exporter subchart servicemonitor by default again, by setting `prometheus-node-exporter.prometheus.monitor.enabled` to `true`.
+
+### From 24.x to 25.x
+
+This version upgrade to prometheus-operator v0.53.1. It removes support for setting a runbookUrl, since the upstream format for runbooks changed.
+
+```console
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.53.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.53.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.53.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.53.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.53.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.53.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.53.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.53.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
+```
+
+### From 23.x to 24.x
+
+The custom `ServiceMonitor` for the _kube-state-metrics_ & _prometheus-node-exporter_ charts have been removed in favour of the built-in sub-chart `ServiceMonitor`; for both sub-charts this means that `ServiceMonitor` customisations happen via the values passed to the chart. If you haven't directly customised this behaviour then there are no changes required to upgrade, but if you have please read the following.
+
+For _kube-state-metrics_ the `ServiceMonitor` customisation is now set via `kube-state-metrics.prometheus.monitor` and the `kubeStateMetrics.serviceMonitor.selfMonitor.enabled` value has moved to `kube-state-metrics.selfMonitor.enabled`.
+
+For _prometheus-node-exporter_ the `ServiceMonitor` customisation is now set via `prometheus-node-exporter.prometheus.monitor` and the `nodeExporter.jobLabel` values has moved to `prometheus-node-exporter.prometheus.monitor.jobLabel`.
+
+### From 22.x to 23.x
+
+Port names have been renamed for Istio's
+[explicit protocol selection](https://istio.io/latest/docs/ops/configuration/traffic-management/protocol-selection/#explicit-protocol-selection).
+
+| | old value | new value |
+|-|-----------|-----------|
+| `alertmanager.alertmanagerSpec.portName` | `web` | `http-web` |
+| `grafana.service.portName` | `service` | `http-web` |
+| `prometheus-node-exporter.service.portName` | `metrics` (hardcoded) | `http-metrics` |
+| `prometheus.prometheusSpec.portName` | `web` | `http-web` |
+
+### From 21.x to 22.x
+
+Due to the upgrade of the `kube-state-metrics` chart, removal of its deployment/stateful needs to done manually prior to upgrading:
+
+```console
+kubectl delete deployments.apps -l app.kubernetes.io/instance=prometheus-operator,app.kubernetes.io/name=kube-state-metrics --cascade=orphan
+```
+
+or if you use autosharding:
+
+```console
+kubectl delete statefulsets.apps -l app.kubernetes.io/instance=prometheus-operator,app.kubernetes.io/name=kube-state-metrics --cascade=orphan
+```
+
+### From 20.x to 21.x
+
+The config reloader values have been refactored. All the values have been moved to the key `prometheusConfigReloader` and the limits and requests can now be set separately.
+
+### From 19.x to 20.x
+
+Version 20 upgrades prometheus-operator from 0.50.x to 0.52.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRDs manually before updating:
+
+```console
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
+```
+
+### From 18.x to 19.x
+
+`kubeStateMetrics.serviceMonitor.namespaceOverride` was removed.
+Please use `kube-state-metrics.namespaceOverride` instead.
+
+### From 17.x to 18.x
+
+Version 18 upgrades prometheus-operator from 0.49.x to 0.50.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRDs manually before updating:
+
+```console
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.50.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.50.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.50.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.50.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.50.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.50.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.50.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.50.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
+```
+
+### From 16.x to 17.x
+
+Version 17 upgrades prometheus-operator from 0.48.x to 0.49.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRDs manually before updating:
+
+```console
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
+```
+
+### From 15.x to 16.x
+
+Version 16 upgrades kube-state-metrics to v2.0.0. This includes changed command-line arguments and removed metrics, see this [blog post](https://kubernetes.io/blog/2021/04/13/kube-state-metrics-v-2-0/). This version also removes Grafana dashboards that supported Kubernetes 1.14 or earlier.
+
+### From 14.x to 15.x
+
+Version 15 upgrades prometheus-operator from 0.46.x to 0.47.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRDs manually before updating:
+
+```console
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
+```
+
+### From 13.x to 14.x
+
+Version 14 upgrades prometheus-operator from 0.45.x to 0.46.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRDs manually before updating:
+
+```console
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
+```
+
+### From 12.x to 13.x
+
+Version 13 upgrades prometheus-operator from 0.44.x to 0.45.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRD manually before updating:
+
+```console
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.45.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.45.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.45.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
+```
+
+### From 11.x to 12.x
+
+Version 12 upgrades prometheus-operator from 0.43.x to 0.44.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRD manually before updating:
+
+```console
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.44/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
+```
+
+The chart was migrated to support only helm v3 and later.
+
+### From 10.x to 11.x
+
+Version 11 upgrades prometheus-operator from 0.42.x to 0.43.x. Starting with 0.43.x an additional `AlertmanagerConfigs` CRD is introduced. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRD manually before updating:
+
+```console
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.43/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
+```
+
+Version 11 removes the deprecated tlsProxy via ghostunnel in favor of native TLS support the prometheus-operator gained with v0.39.0.
+
+### From 9.x to 10.x
+
+Version 10 upgrades prometheus-operator from 0.38.x to 0.42.x. Starting with 0.40.x an additional `Probes` CRD is introduced. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRD manually before updating:
+
+```console
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.42/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
+```
+
+### From 8.x to 9.x
+
+Version 9 of the helm chart removes the existing `additionalScrapeConfigsExternal` in favour of `additionalScrapeConfigsSecret`. This change lets users specify the secret name and secret key to use for the additional scrape configuration of prometheus. This is useful for users that have prometheus-operator as a subchart and also have a template that creates the additional scrape configuration.
+
+### From 7.x to 8.x
+
+Due to new template functions being used in the rules in version 8.x.x of the chart, an upgrade to Prometheus Operator and Prometheus is necessary in order to support them. First, upgrade to the latest version of 7.x.x
+
+```console
+helm upgrade [RELEASE_NAME] prometheus-community/kube-prometheus-stack --version 7.5.0
+```
+
+Then upgrade to 8.x.x
+
+```console
+helm upgrade [RELEASE_NAME] prometheus-community/kube-prometheus-stack --version [8.x.x]
+```
+
+Minimal recommended Prometheus version for this chart release is `2.12.x`
+
+### From 6.x to 7.x
+
+Due to a change in grafana subchart, version 7.x.x now requires Helm >= 2.12.0.
+
+### From 5.x to 6.x
+
+Due to a change in deployment labels of kube-state-metrics, the upgrade requires `helm upgrade --force` in order to re-create the deployment. If this is not done an error will occur indicating that the deployment cannot be modified:
+
+```console
+invalid: spec.selector: Invalid value: v1.LabelSelector{MatchLabels:map[string]string{"app.kubernetes.io/name":"kube-state-metrics"}, MatchExpressions:[]v1.LabelSelectorRequirement(nil)}: field is immutable
+```
+
+If this error has already been encountered, a `helm history` command can be used to determine which release has worked, then `helm rollback` to the release, then `helm upgrade --force` to this new one
+
+## Configuration
+
+See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments:
+
+```console
+helm show values prometheus-community/kube-prometheus-stack
+```
+
+You may also `helm show values` on this chart's [dependencies](#dependencies) for additional options.
+
+### Multiple releases
+
+The same chart can be used to run multiple Prometheus instances in the same cluster if required. To achieve this, it is necessary to run only one instance of prometheus-operator and a pair of alertmanager pods for an HA configuration, while all other components need to be disabled. To disable a dependency during installation, set `kubeStateMetrics.enabled`, `nodeExporter.enabled` and `grafana.enabled` to `false`.
+
+## Work-Arounds for Known Issues
+
+### Running on private GKE clusters
+
+When Google configure the control plane for private clusters, they automatically configure VPC peering between your Kubernetes cluster’s network and a separate Google managed project. In order to restrict what Google are able to access within your cluster, the firewall rules configured restrict access to your Kubernetes pods. This means that in order to use the webhook component with a GKE private cluster, you must configure an additional firewall rule to allow the GKE control plane access to your webhook pod.
+
+You can read more information on how to add firewall rules for the GKE control plane nodes in the [GKE docs](https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#add_firewall_rules)
+
+Alternatively, you can disable the hooks by setting `prometheusOperator.admissionWebhooks.enabled=false`.
+
+## PrometheusRules Admission Webhooks
+
+With Prometheus Operator version 0.30+, the core Prometheus Operator pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent malformed rules from being added to the cluster.
+
+### How the Chart Configures the Hooks
+
+A validating and mutating webhook configuration requires the endpoint to which the request is sent to use TLS. It is possible to set up custom certificates to do this, but in most cases, a self-signed certificate is enough. The setup of this component requires some more complex orchestration when using helm. The steps are created to be idempotent and to allow turning the feature on and off without running into helm quirks.
+
+1. A pre-install hook provisions a certificate into the same namespace using a format compatible with provisioning using end user certificates. If the certificate already exists, the hook exits.
+2. The prometheus operator pod is configured to use a TLS proxy container, which will load that certificate.
+3. Validating and Mutating webhook configurations are created in the cluster, with their failure mode set to Ignore. This allows rules to be created by the same chart at the same time, even though the webhook has not yet been fully set up - it does not have the correct CA field set.
+4. A post-install hook reads the CA from the secret created by step 1 and patches the Validating and Mutating webhook configurations. This process will allow a custom CA provisioned by some other process to also be patched into the webhook configurations. The chosen failure policy is also patched into the webhook configurations
+
+### Alternatives
+
+It should be possible to use [jetstack/cert-manager](https://github.com/jetstack/cert-manager) if a more complete solution is required, but it has not been tested.
+
+You can enable automatic self-signed TLS certificate provisioning via cert-manager by setting the `prometheusOperator.admissionWebhooks.certManager.enabled` value to true.
+
+### Limitations
+
+Because the operator can only run as a single pod, there is potential for this component failure to cause rule deployment failure. Because this risk is outweighed by the benefit of having validation, the feature is enabled by default.
+
+## Developing Prometheus Rules and Grafana Dashboards
+
+This chart Grafana Dashboards and Prometheus Rules are just a copy from [prometheus-operator/prometheus-operator](https://github.com/prometheus-operator/prometheus-operator) and other sources, synced (with alterations) by scripts in [hack](hack) folder. In order to introduce any changes you need to first [add them to the original repository](https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/customizations/developing-prometheus-rules-and-grafana-dashboards.md) and then sync there by scripts.
+
+## Further Information
+
+For more in-depth documentation of configuration options meanings, please see
+
+- [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator)
+- [Prometheus](https://prometheus.io/docs/introduction/overview/)
+- [Grafana](https://github.com/grafana/helm-charts/tree/main/charts/grafana#grafana-helm-chart)
+
+## prometheus.io/scrape
+
+The prometheus operator does not support annotation-based discovery of services, using the `PodMonitor` or `ServiceMonitor` CRD in its place as they provide far more configuration options.
+For information on how to use PodMonitors/ServiceMonitors, please see the documentation on the `prometheus-operator/prometheus-operator` documentation here:
+
+- [ServiceMonitors](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/getting-started.md#include-servicemonitors)
+- [PodMonitors](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/getting-started.md#include-podmonitors)
+- [Running Exporters](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/running-exporters.md)
+
+By default, Prometheus discovers PodMonitors and ServiceMonitors within its namespace, that are labeled with the same release tag as the prometheus-operator release.
+Sometimes, you may need to discover custom PodMonitors/ServiceMonitors, for example used to scrape data from third-party applications.
+An easy way of doing this, without compromising the default PodMonitors/ServiceMonitors discovery, is allowing Prometheus to discover all PodMonitors/ServiceMonitors within its namespace, without applying label filtering.
+To do so, you can set `prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues` and `prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues` to `false`.
+
+## Migrating from stable/prometheus-operator chart
+
+## Zero downtime
+
+Since `kube-prometheus-stack` is fully compatible with the `stable/prometheus-operator` chart, a migration without downtime can be achieved.
+However, the old name prefix needs to be kept. If you want the new name please follow the step by step guide below (with downtime).
+
+You can override the name to achieve this:
+
+```console
+helm upgrade prometheus-operator prometheus-community/kube-prometheus-stack -n monitoring --reuse-values --set nameOverride=prometheus-operator
+```
+
+**Note**: It is recommended to run this first with `--dry-run --debug`.
+
+## Redeploy with new name (downtime)
+
+If the **prometheus-operator** values are compatible with the new **kube-prometheus-stack** chart, please follow the below steps for migration:
+
+> The guide presumes that chart is deployed in `monitoring` namespace and the deployments are running there. If in other namespace, please replace the `monitoring` to the deployed namespace.
+
+1. Patch the PersistenceVolume created/used by the prometheus-operator chart to `Retain` claim policy:
+
+ ```console
+ kubectl patch pv/<PersistentVolume name> -p '{"spec":{"persistentVolumeReclaimPolicy":"Retain"}}'
+ ```
+
+ **Note:** To execute the above command, the user must have a cluster wide permission. Please refer [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/)
+
+2. Uninstall the **prometheus-operator** release and delete the existing PersistentVolumeClaim, and verify PV become Released.
+
+ ```console
+ helm uninstall prometheus-operator -n monitoring
+ kubectl delete pvc/<PersistenceVolumeClaim name> -n monitoring
+ ```
+
+ Additionally, you have to manually remove the remaining `prometheus-operator-kubelet` service.
+
+ ```console
+ kubectl delete service/prometheus-operator-kubelet -n kube-system
+ ```
+
+ You can choose to remove all your existing CRDs (ServiceMonitors, Podmonitors, etc.) if you want to.
+
+3. Remove current `spec.claimRef` values to change the PV's status from Released to Available.
+
+ ```console
+ kubectl patch pv/<PersistentVolume name> --type json -p='[{"op": "remove", "path": "/spec/claimRef"}]' -n monitoring
+ ```
+
+**Note:** To execute the above command, the user must have a cluster wide permission. Please refer to [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/)
+
+After these steps, proceed to a fresh **kube-prometheus-stack** installation and make sure the current release of **kube-prometheus-stack** matching the `volumeClaimTemplate` values in the `values.yaml`.
+
+The binding is done via matching a specific amount of storage requested and with certain access modes.
+
+For example, if you had storage specified as this with **prometheus-operator**:
+
+```yaml
+volumeClaimTemplate:
+ spec:
+ storageClassName: gp2
+ accessModes: ["ReadWriteOnce"]
+ resources:
+ requests:
+ storage: 50Gi
+```
+
+You have to specify matching `volumeClaimTemplate` with 50Gi storage and `ReadWriteOnce` access mode.
+
+Additionally, you should check the current AZ of your legacy installation's PV, and configure the fresh release to use the same AZ as the old one. If the pods are in a different AZ than the PV, the release will fail to bind the existing one, hence creating a new PV.
+
+This can be achieved either by specifying the labels through `values.yaml`, e.g. setting `prometheus.prometheusSpec.nodeSelector` to:
+
+```yaml
+nodeSelector:
+ failure-domain.beta.kubernetes.io/zone: east-west-1a
+```
+
+or passing these values as `--set` overrides during installation.
+
+The new release should now re-attach your previously released PV with its content.
+
+## Migrating from coreos/prometheus-operator chart
+
+The multiple charts have been combined into a single chart that installs prometheus operator, prometheus, alertmanager, grafana as well as the multitude of exporters necessary to monitor a cluster.
+
+There is no simple and direct migration path between the charts as the changes are extensive and intended to make the chart easier to support.
+
+The capabilities of the old chart are all available in the new chart, including the ability to run multiple prometheus instances on a single cluster - you will need to disable the parts of the chart you do not wish to deploy.
+
+You can check out the tickets for this change [here](https://github.com/prometheus-operator/prometheus-operator/issues/592) and [here](https://github.com/helm/charts/pull/6765).
+
+### High-level overview of Changes
+
+#### Added dependencies
+
+The chart has added 3 [dependencies](#dependencies).
+
+- Node-Exporter, Kube-State-Metrics: These components are loaded as dependencies into the chart, and are relatively simple components
+- Grafana: The Grafana chart is more feature-rich than this chart - it contains a sidecar that is able to load data sources and dashboards from configmaps deployed into the same cluster. For more information check out the [documentation for the chart](https://github.com/grafana/helm-charts/blob/main/charts/grafana/README.md)
+
+#### Kubelet Service
+
+Because the kubelet service has a new name in the chart, make sure to clean up the old kubelet service in the `kube-system` namespace to prevent counting container metrics twice.
+
+#### Persistent Volumes
+
+If you would like to keep the data of the current persistent volumes, it should be possible to attach existing volumes to new PVCs and PVs that are created using the conventions in the new chart. For example, in order to use an existing Azure disk for a helm release called `prometheus-migration` the following resources can be created:
+
+```yaml
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: pvc-prometheus-migration-prometheus-0
+spec:
+ accessModes:
+ - ReadWriteOnce
+ azureDisk:
+ cachingMode: None
+ diskName: pvc-prometheus-migration-prometheus-0
+ diskURI: /subscriptions/f5125d82-2622-4c50-8d25-3f7ba3e9ac4b/resourceGroups/sample-migration-resource-group/providers/Microsoft.Compute/disks/pvc-prometheus-migration-prometheus-0
+ fsType: ""
+ kind: Managed
+ readOnly: false
+ capacity:
+ storage: 1Gi
+ persistentVolumeReclaimPolicy: Delete
+ storageClassName: prometheus
+ volumeMode: Filesystem
+```
+
+```yaml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ labels:
+ app.kubernetes.io/name: prometheus
+ prometheus: prometheus-migration-prometheus
+ name: prometheus-prometheus-migration-prometheus-db-prometheus-prometheus-migration-prometheus-0
+ namespace: monitoring
+spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 1Gi
+ storageClassName: prometheus
+ volumeMode: Filesystem
+ volumeName: pvc-prometheus-migration-prometheus-0
+```
+
+The PVC will take ownership of the PV and when you create a release using a persistent volume claim template it will use the existing PVCs as they match the naming convention used by the chart. For other cloud providers similar approaches can be used.
+
+#### KubeProxy
+
+The metrics bind address of kube-proxy is default to `127.0.0.1:10249` that prometheus instances **cannot** access to. You should expose metrics by changing `metricsBindAddress` field value to `0.0.0.0:10249` if you want to collect them.
+
+Depending on the cluster, the relevant part `config.conf` will be in ConfigMap `kube-system/kube-proxy` or `kube-system/kube-proxy-config`. For example:
+
+```console
+kubectl -n kube-system edit cm kube-proxy
+```
+
+```yaml
+apiVersion: v1
+data:
+ config.conf: |-
+ apiVersion: kubeproxy.config.k8s.io/v1alpha1
+ kind: KubeProxyConfiguration
+ # ...
+ # metricsBindAddress: 127.0.0.1:10249
+ metricsBindAddress: 0.0.0.0:10249
+ # ...
+ kubeconfig.conf: |-
+ # ...
+kind: ConfigMap
+metadata:
+ labels:
+ app: kube-proxy
+ name: kube-proxy
+ namespace: kube-system
+```
diff --git a/charts/kube-prometheus-stack/charts/grafana/.helmignore b/charts/kube-prometheus-stack/charts/grafana/.helmignore
new file mode 100644
index 0000000..8cade13
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.vscode
+.project
+.idea/
+*.tmproj
+OWNERS
diff --git a/charts/kube-prometheus-stack/charts/grafana/Chart.yaml b/charts/kube-prometheus-stack/charts/grafana/Chart.yaml
new file mode 100644
index 0000000..1744193
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/Chart.yaml
@@ -0,0 +1,22 @@
+apiVersion: v2
+appVersion: 9.2.3
+description: The leading tool for querying and visualizing time series and metrics.
+home: https://grafana.net
+icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png
+kubeVersion: ^1.8.0-0
+maintainers:
+- email: zanhsieh@gmail.com
+ name: zanhsieh
+- email: rluckie@cisco.com
+ name: rtluckie
+- email: maor.friedman@redhat.com
+ name: maorfr
+- email: miroslav.hadzhiev@gmail.com
+ name: Xtigyro
+- email: mail@torstenwalter.de
+ name: torstenwalter
+name: grafana
+sources:
+- https://github.com/grafana/grafana
+type: application
+version: 6.43.3
diff --git a/charts/kube-prometheus-stack/charts/grafana/README.md b/charts/kube-prometheus-stack/charts/grafana/README.md
new file mode 100644
index 0000000..35f4684
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/README.md
@@ -0,0 +1,600 @@
+# Grafana Helm Chart
+
+* Installs the web dashboarding system [Grafana](http://grafana.org/)
+
+## Get Repo Info
+
+```console
+helm repo add grafana https://grafana.github.io/helm-charts
+helm repo update
+```
+
+_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+helm install my-release grafana/grafana
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the my-release deployment:
+
+```console
+helm delete my-release
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
+incompatible breaking change needing manual actions.
+
+### To 4.0.0 (And 3.12.1)
+
+This version requires Helm >= 2.12.0.
+
+### To 5.0.0
+
+You have to add --force to your helm upgrade command as the labels of the chart have changed.
+
+### To 6.0.0
+
+This version requires Helm >= 3.1.0.
+
+## Configuration
+
+| Parameter | Description | Default |
+|-------------------------------------------|-----------------------------------------------|---------------------------------------------------------|
+| `replicas` | Number of nodes | `1` |
+| `podDisruptionBudget.minAvailable` | Pod disruption minimum available | `nil` |
+| `podDisruptionBudget.maxUnavailable` | Pod disruption maximum unavailable | `nil` |
+| `deploymentStrategy` | Deployment strategy | `{ "type": "RollingUpdate" }` |
+| `livenessProbe` | Liveness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } "initialDelaySeconds": 60, "timeoutSeconds": 30, "failureThreshold": 10 }` |
+| `readinessProbe` | Readiness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } }`|
+| `securityContext` | Deployment securityContext | `{"runAsUser": 472, "runAsGroup": 472, "fsGroup": 472}` |
+| `priorityClassName` | Name of Priority Class to assign pods | `nil` |
+| `image.repository` | Image repository | `grafana/grafana` |
+| `image.tag` | Overrides the Grafana image tag whose default is the chart appVersion (`Must be >= 5.0.0`) | `` |
+| `image.sha` | Image sha (optional) | `` |
+| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
+| `image.pullSecrets` | Image pull secrets (can be templated) | `[]` |
+| `service.enabled` | Enable grafana service | `true` |
+| `service.type` | Kubernetes service type | `ClusterIP` |
+| `service.port` | Kubernetes port where service is exposed | `80` |
+| `service.portName` | Name of the port on the service | `service` |
+| `service.appProtocol` | Adds the appProtocol field to the service | `` |
+| `service.targetPort` | Internal service is port | `3000` |
+| `service.nodePort` | Kubernetes service nodePort | `nil` |
+| `service.annotations` | Service annotations (can be templated) | `{}` |
+| `service.labels` | Custom labels | `{}` |
+| `service.clusterIP` | internal cluster service IP | `nil` |
+| `service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `nil` |
+| `service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to lb (if supported) | `[]` |
+| `service.externalIPs` | service external IP addresses | `[]` |
+| `headlessService` | Create a headless service | `false` |
+| `extraExposePorts` | Additional service ports for sidecar containers| `[]` |
+| `hostAliases` | adds rules to the pod's /etc/hosts | `[]` |
+| `ingress.enabled` | Enables Ingress | `false` |
+| `ingress.annotations` | Ingress annotations (values are templated) | `{}` |
+| `ingress.labels` | Custom labels | `{}` |
+| `ingress.path` | Ingress accepted path | `/` |
+| `ingress.pathType` | Ingress type of path | `Prefix` |
+| `ingress.hosts` | Ingress accepted hostnames | `["chart-example.local"]` |
+| `ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). Requires `ingress.hosts` to have one or more host entries. | `[]` |
+| `ingress.tls` | Ingress TLS configuration | `[]` |
+| `resources` | CPU/Memory resource requests/limits | `{}` |
+| `nodeSelector` | Node labels for pod assignment | `{}` |
+| `tolerations` | Toleration labels for pod assignment | `[]` |
+| `affinity` | Affinity settings for pod assignment | `{}` |
+| `extraInitContainers` | Init containers to add to the grafana pod | `{}` |
+| `extraContainers` | Sidecar containers to add to the grafana pod | `""` |
+| `extraContainerVolumes` | Volumes that can be mounted in sidecar containers | `[]` |
+| `extraLabels` | Custom labels for all manifests | `{}` |
+| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` |
+| `persistence.enabled` | Use persistent volume to store data | `false` |
+| `persistence.type` | Type of persistence (`pvc` or `statefulset`) | `pvc` |
+| `persistence.size` | Size of persistent volume claim | `10Gi` |
+| `persistence.existingClaim` | Use an existing PVC to persist data (can be templated) | `nil` |
+| `persistence.storageClassName` | Type of persistent volume claim | `nil` |
+| `persistence.accessModes` | Persistence access modes | `[ReadWriteOnce]` |
+| `persistence.annotations` | PersistentVolumeClaim annotations | `{}` |
+| `persistence.finalizers` | PersistentVolumeClaim finalizers | `[ "kubernetes.io/pvc-protection" ]` |
+| `persistence.extraPvcLabels` | Extra labels to apply to a PVC. | `{}` |
+| `persistence.subPath` | Mount a sub dir of the persistent volume (can be templated) | `nil` |
+| `persistence.inMemory.enabled` | If persistence is not enabled, whether to mount the local storage in-memory to improve performance | `false` |
+| `persistence.inMemory.sizeLimit` | SizeLimit for the in-memory local storage | `nil` |
+| `initChownData.enabled` | If false, don't reset data ownership at startup | true |
+| `initChownData.image.repository` | init-chown-data container image repository | `busybox` |
+| `initChownData.image.tag` | init-chown-data container image tag | `1.31.1` |
+| `initChownData.image.sha` | init-chown-data container image sha (optional)| `""` |
+| `initChownData.image.pullPolicy` | init-chown-data container image pull policy | `IfNotPresent` |
+| `initChownData.resources` | init-chown-data pod resource requests & limits | `{}` |
+| `schedulerName` | Alternate scheduler name | `nil` |
+| `env` | Extra environment variables passed to pods | `{}` |
+| `envValueFrom` | Environment variables from alternate sources. See the API docs on [EnvVarSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core) for format details. Can be templated | `{}` |
+| `envFromSecret` | Name of a Kubernetes secret (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `""` |
+| `envFromSecrets` | List of Kubernetes secrets (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `[]` |
+| `envFromConfigMaps` | List of Kubernetes ConfigMaps (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `[]` |
+| `envRenderSecret` | Sensible environment variables passed to pods and stored as secret | `{}` |
+| `enableServiceLinks` | Inject Kubernetes services as environment variables. | `true` |
+| `extraSecretMounts` | Additional grafana server secret mounts | `[]` |
+| `extraVolumeMounts` | Additional grafana server volume mounts | `[]` |
+| `createConfigmap` | Enable creating the grafana configmap | `true` |
+| `extraConfigmapMounts` | Additional grafana server configMap volume mounts (values are templated) | `[]` |
+| `extraEmptyDirMounts` | Additional grafana server emptyDir volume mounts | `[]` |
+| `plugins` | Plugins to be loaded along with Grafana | `[]` |
+| `datasources` | Configure grafana datasources (passed through tpl) | `{}` |
+| `alerting` | Configure grafana alerting (passed through tpl) | `{}` |
+| `notifiers` | Configure grafana notifiers | `{}` |
+| `dashboardProviders` | Configure grafana dashboard providers | `{}` |
+| `dashboards` | Dashboards to import | `{}` |
+| `dashboardsConfigMaps` | ConfigMaps reference that contains dashboards | `{}` |
+| `grafana.ini` | Grafana's primary configuration | `{}` |
+| `ldap.enabled` | Enable LDAP authentication | `false` |
+| `ldap.existingSecret` | The name of an existing secret containing the `ldap.toml` file, this must have the key `ldap-toml`. | `""` |
+| `ldap.config` | Grafana's LDAP configuration | `""` |
+| `annotations` | Deployment annotations | `{}` |
+| `labels` | Deployment labels | `{}` |
+| `podAnnotations` | Pod annotations | `{}` |
+| `podLabels` | Pod labels | `{}` |
+| `podPortName` | Name of the grafana port on the pod | `grafana` |
+| `lifecycleHooks` | Lifecycle hooks for podStart and preStop [Example](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/#define-poststart-and-prestop-handlers) | `{}` |
+| `sidecar.image.repository` | Sidecar image repository | `quay.io/kiwigrid/k8s-sidecar` |
+| `sidecar.image.tag` | Sidecar image tag | `1.19.2` |
+| `sidecar.image.sha` | Sidecar image sha (optional) | `""` |
+| `sidecar.imagePullPolicy` | Sidecar image pull policy | `IfNotPresent` |
+| `sidecar.resources` | Sidecar resources | `{}` |
+| `sidecar.securityContext` | Sidecar securityContext | `{}` |
+| `sidecar.enableUniqueFilenames` | Sets the kiwigrid/k8s-sidecar UNIQUE_FILENAMES environment variable. If set to `true` the sidecar will create unique filenames where duplicate data keys exist between ConfigMaps and/or Secrets within the same or multiple Namespaces. | `false` |
+| `sidecar.alerts.enabled` | Enables the cluster wide search for alerts and adds/updates/deletes them in grafana |`false` |
+| `sidecar.alerts.label` | Label that config maps with alerts should have to be added | `grafana_alert` |
+| `sidecar.alerts.labelValue` | Label value that config maps with alerts should have to be added | `""` |
+| `sidecar.alerts.searchNamespace` | Namespaces list. If specified, the sidecar will search for alerts config-maps inside these namespaces. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces. | `nil` |
+| `sidecar.alerts.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` |
+| `sidecar.alerts.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` |
+| `sidecar.alerts.reloadURL` | Full url of datasource configuration reload API endpoint, to invoke after a config-map change | `"http://localhost:3000/api/admin/provisioning/alerting/reload"` |
+| `sidecar.alerts.skipReload` | Enabling this omits defining the REQ_URL and REQ_METHOD environment variables | `false` |
+| `sidecar.alerts.initDatasources` | Set to true to deploy the datasource sidecar as an initContainer in addition to a container. This is needed if skipReload is true, to load any alerts defined at startup time. | `false` |
+| `sidecar.dashboards.enabled` | Enables the cluster wide search for dashboards and adds/updates/deletes them in grafana | `false` |
+| `sidecar.dashboards.SCProvider` | Enables creation of sidecar provider | `true` |
+| `sidecar.dashboards.provider.name` | Unique name of the grafana provider | `sidecarProvider` |
+| `sidecar.dashboards.provider.orgid` | Id of the organisation, to which the dashboards should be added | `1` |
+| `sidecar.dashboards.provider.folder` | Logical folder in which grafana groups dashboards | `""` |
+| `sidecar.dashboards.provider.disableDelete` | Activate to avoid the deletion of imported dashboards | `false` |
+| `sidecar.dashboards.provider.allowUiUpdates` | Allow updating provisioned dashboards from the UI | `false` |
+| `sidecar.dashboards.provider.type` | Provider type | `file` |
+| `sidecar.dashboards.provider.foldersFromFilesStructure` | Allow Grafana to replicate dashboard structure from filesystem. | `false` |
+| `sidecar.dashboards.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` |
+| `sidecar.skipTlsVerify` | Set to true to skip tls verification for kube api calls | `nil` |
+| `sidecar.dashboards.label` | Label that config maps with dashboards should have to be added | `grafana_dashboard` |
+| `sidecar.dashboards.labelValue` | Label value that config maps with dashboards should have to be added | `""` |
+| `sidecar.dashboards.folder` | Folder in the pod that should hold the collected dashboards (unless `sidecar.dashboards.defaultFolderName` is set). This path will be mounted. | `/tmp/dashboards` |
+| `sidecar.dashboards.folderAnnotation` | The annotation the sidecar will look for in configmaps to override the destination folder for files | `nil` |
+| `sidecar.dashboards.defaultFolderName` | The default folder name, it will create a subfolder under the `sidecar.dashboards.folder` and put dashboards in there instead | `nil` |
+| `sidecar.dashboards.searchNamespace` | Namespaces list. If specified, the sidecar will search for dashboards config-maps inside these namespaces. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces. | `nil` |
+| `sidecar.dashboards.script` | Absolute path to shell script to execute after a configmap got reloaded. | `nil` |
+| `sidecar.dashboards.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` |
+| `sidecar.dashboards.extraMounts` | Additional dashboard sidecar volume mounts. | `[]` |
+| `sidecar.datasources.enabled` | Enables the cluster wide search for datasources and adds/updates/deletes them in grafana |`false` |
+| `sidecar.datasources.label` | Label that config maps with datasources should have to be added | `grafana_datasource` |
+| `sidecar.datasources.labelValue` | Label value that config maps with datasources should have to be added | `""` |
+| `sidecar.datasources.searchNamespace` | Namespaces list. If specified, the sidecar will search for datasources config-maps inside these namespaces. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces. | `nil` |
+| `sidecar.datasources.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` |
+| `sidecar.datasources.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` |
+| `sidecar.datasources.reloadURL` | Full url of datasource configuration reload API endpoint, to invoke after a config-map change | `"http://localhost:3000/api/admin/provisioning/datasources/reload"` |
+| `sidecar.datasources.skipReload` | Enabling this omits defining the REQ_URL and REQ_METHOD environment variables | `false` |
+| `sidecar.datasources.initDatasources` | Set to true to deploy the datasource sidecar as an initContainer in addition to a container. This is needed if skipReload is true, to load any datasources defined at startup time. | `false` |
+| `sidecar.notifiers.enabled` | Enables the cluster wide search for notifiers and adds/updates/deletes them in grafana | `false` |
+| `sidecar.notifiers.label` | Label that config maps with notifiers should have to be added | `grafana_notifier` |
+| `sidecar.notifiers.labelValue` | Label value that config maps with notifiers should have to be added | `""` |
+| `sidecar.notifiers.searchNamespace` | Namespaces list. If specified, the sidecar will search for notifiers config-maps (or secrets) inside these namespaces. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces. | `nil` |
+| `sidecar.notifiers.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` |
+| `sidecar.notifiers.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` |
+| `sidecar.notifiers.reloadURL` | Full url of notifier configuration reload API endpoint, to invoke after a config-map change | `"http://localhost:3000/api/admin/provisioning/notifications/reload"` |
+| `sidecar.notifiers.skipReload` | Enabling this omits defining the REQ_URL and REQ_METHOD environment variables | `false` |
+| `sidecar.notifiers.initNotifiers` | Set to true to deploy the notifier sidecar as an initContainer in addition to a container. This is needed if skipReload is true, to load any notifiers defined at startup time. | `false` |
+| `smtp.existingSecret` | The name of an existing secret containing the SMTP credentials. | `""` |
+| `smtp.userKey` | The key in the existing SMTP secret containing the username. | `"user"` |
+| `smtp.passwordKey` | The key in the existing SMTP secret containing the password. | `"password"` |
+| `admin.existingSecret` | The name of an existing secret containing the admin credentials (can be templated). | `""` |
+| `admin.userKey` | The key in the existing admin secret containing the username. | `"admin-user"` |
+| `admin.passwordKey` | The key in the existing admin secret containing the password. | `"admin-password"` |
+| `serviceAccount.autoMount` | Automount the service account token in the pod| `true` |
+| `serviceAccount.annotations` | ServiceAccount annotations | |
+| `serviceAccount.create` | Create service account | `true` |
+| `serviceAccount.labels` | ServiceAccount labels | `{}` |
+| `serviceAccount.name` | Service account name to use, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `` |
+| `serviceAccount.nameTest` | Service account name to use for test, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `nil` |
+| `rbac.create` | Create and use RBAC resources | `true` |
+| `rbac.namespaced` | Creates Role and Rolebinding instead of the default ClusterRole and ClusteRoleBindings for the grafana instance | `false` |
+| `rbac.useExistingRole` | Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to the rolename set here. | `nil` |
+| `rbac.pspEnabled` | Create PodSecurityPolicy (with `rbac.create`, grant roles permissions as well) | `true` |
+| `rbac.pspUseAppArmor` | Enforce AppArmor in created PodSecurityPolicy (requires `rbac.pspEnabled`) | `true` |
+| `rbac.extraRoleRules` | Additional rules to add to the Role | [] |
+| `rbac.extraClusterRoleRules` | Additional rules to add to the ClusterRole | [] |
+| `command` | Define command to be executed by grafana container at startup | `nil` |
+| `testFramework.enabled` | Whether to create test-related resources | `true` |
+| `testFramework.image` | `test-framework` image repository. | `bats/bats` |
+| `testFramework.tag` | `test-framework` image tag. | `v1.4.1` |
+| `testFramework.imagePullPolicy` | `test-framework` image pull policy. | `IfNotPresent` |
+| `testFramework.securityContext` | `test-framework` securityContext | `{}` |
+| `downloadDashboards.env` | Environment variables to be passed to the `download-dashboards` container | `{}` |
+| `downloadDashboards.envFromSecret` | Name of a Kubernetes secret (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `""` |
+| `downloadDashboards.resources` | Resources of `download-dashboards` container | `{}` |
+| `downloadDashboardsImage.repository` | Curl docker image repo | `curlimages/curl` |
+| `downloadDashboardsImage.tag` | Curl docker image tag | `7.73.0` |
+| `downloadDashboardsImage.sha` | Curl docker image sha (optional) | `""` |
+| `downloadDashboardsImage.pullPolicy` | Curl docker image pull policy | `IfNotPresent` |
+| `namespaceOverride` | Override the deployment namespace | `""` (`Release.Namespace`) |
+| `serviceMonitor.enabled` | Use servicemonitor from prometheus operator | `false` |
+| `serviceMonitor.namespace` | Namespace this servicemonitor is installed in | |
+| `serviceMonitor.interval` | How frequently Prometheus should scrape | `1m` |
+| `serviceMonitor.path` | Path to scrape | `/metrics` |
+| `serviceMonitor.scheme` | Scheme to use for metrics scraping | `http` |
+| `serviceMonitor.tlsConfig` | TLS configuration block for the endpoint | `{}` |
+| `serviceMonitor.labels` | Labels for the servicemonitor passed to Prometheus Operator | `{}` |
+| `serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `30s` |
+| `serviceMonitor.relabelings` | MetricRelabelConfigs to apply to samples before ingestion. | `[]` |
+| `revisionHistoryLimit` | Number of old ReplicaSets to retain | `10` |
+| `imageRenderer.enabled` | Enable the image-renderer deployment & service | `false` |
+| `imageRenderer.image.repository` | image-renderer Image repository | `grafana/grafana-image-renderer` |
+| `imageRenderer.image.tag` | image-renderer Image tag | `latest` |
+| `imageRenderer.image.sha` | image-renderer Image sha (optional) | `""` |
+| `imageRenderer.image.pullPolicy` | image-renderer ImagePullPolicy | `Always` |
+| `imageRenderer.env` | extra env-vars for image-renderer | `{}` |
+| `imageRenderer.serviceAccountName` | image-renderer deployment serviceAccountName | `""` |
+| `imageRenderer.securityContext` | image-renderer deployment securityContext | `{}` |
+| `imageRenderer.hostAliases` | image-renderer deployment Host Aliases | `[]` |
+| `imageRenderer.priorityClassName` | image-renderer deployment priority class | `''` |
+| `imageRenderer.service.enabled` | Enable the image-renderer service | `true` |
+| `imageRenderer.service.portName` | image-renderer service port name | `http` |
+| `imageRenderer.service.port` | image-renderer port used by deployment | `8081` |
+| `imageRenderer.service.targetPort` | image-renderer service port used by service | `8081` |
+| `imageRenderer.appProtocol` | Adds the appProtocol field to the service | `` |
+| `imageRenderer.grafanaSubPath` | Grafana sub path to use for image renderer callback url | `''` |
+| `imageRenderer.podPortName` | name of the image-renderer port on the pod | `http` |
+| `imageRenderer.revisionHistoryLimit` | number of image-renderer replica sets to keep | `10` |
+| `imageRenderer.networkPolicy.limitIngress` | Enable a NetworkPolicy to limit inbound traffic from only the created grafana pods | `true` |
+| `imageRenderer.networkPolicy.limitEgress` | Enable a NetworkPolicy to limit outbound traffic to only the created grafana pods | `false` |
+| `imageRenderer.resources` | Set resource limits for image-renderer pdos | `{}` |
+| `imageRenderer.nodeSelector` | Node labels for pod assignment | `{}` |
+| `imageRenderer.tolerations` | Toleration labels for pod assignment | `[]` |
+| `imageRenderer.affinity` | Affinity settings for pod assignment | `{}` |
+| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources. | `false` |
+| `networkPolicy.allowExternal` | Don't require client label for connections | `true` |
+| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed | `{}` |
+| `networkPolicy.ingress` | Enable the creation of an ingress network policy | `true` |
+| `networkPolicy.egress.enabled` | Enable the creation of an egress network policy | `false` |
+| `networkPolicy.egress.ports` | An array of ports to allow for the egress | `[]` |
+| `enableKubeBackwardCompatibility` | Enable backward compatibility of kubernetes where pod's defintion version below 1.13 doesn't have the enableServiceLinks option | `false` |
+
+
+
+### Example ingress with path
+
+With grafana 6.3 and above
+```yaml
+grafana.ini:
+ server:
+ domain: monitoring.example.com
+ root_url: "%(protocol)s://%(domain)s/grafana"
+ serve_from_sub_path: true
+ingress:
+ enabled: true
+ hosts:
+ - "monitoring.example.com"
+ path: "/grafana"
+```
+
+### Example of extraVolumeMounts
+
+Volume can be type persistentVolumeClaim or hostPath but not both at same time.
+If neither existingClaim or hostPath argument is given then type is emptyDir.
+
+```yaml
+- extraVolumeMounts:
+ - name: plugins
+ mountPath: /var/lib/grafana/plugins
+ subPath: configs/grafana/plugins
+ existingClaim: existing-grafana-claim
+ readOnly: false
+ - name: dashboards
+ mountPath: /var/lib/grafana/dashboards
+ hostPath: /usr/shared/grafana/dashboards
+ readOnly: false
+```
+
+## Import dashboards
+
+There are a few methods to import dashboards to Grafana. Below are some examples and explanations as to how to use each method:
+
+```yaml
+dashboards:
+ default:
+ some-dashboard:
+ json: |
+ {
+ "annotations":
+
+ ...
+ # Complete json file here
+ ...
+
+ "title": "Some Dashboard",
+ "uid": "abcd1234",
+ "version": 1
+ }
+ custom-dashboard:
+ # This is a path to a file inside the dashboards directory inside the chart directory
+ file: dashboards/custom-dashboard.json
+ prometheus-stats:
+ # Ref: https://grafana.com/dashboards/2
+ gnetId: 2
+ revision: 2
+ datasource: Prometheus
+ loki-dashboard-quick-search:
+ gnetId: 12019
+ revision: 2
+ datasource:
+ - name: DS_PROMETHEUS
+ value: Prometheus
+ - name: DS_LOKI
+ value: Loki
+ local-dashboard:
+ url: https://raw.githubusercontent.com/user/repository/master/dashboards/dashboard.json
+```
+
+## BASE64 dashboards
+
+Dashboards could be stored on a server that does not return JSON directly and instead of it returns a Base64 encoded file (e.g. Gerrit)
+A new parameter has been added to the url use case so if you specify a b64content value equals to true after the url entry a Base64 decoding is applied before save the file to disk.
+If this entry is not set or is equals to false not decoding is applied to the file before saving it to disk.
+
+### Gerrit use case
+
+Gerrit API for download files has the following schema: <https://yourgerritserver/a/{project-name}/branches/{branch-id}/files/{file-id}/content> where {project-name} and
+{file-id} usually has '/' in their values and so they MUST be replaced by %2F so if project-name is user/repo, branch-id is master and file-id is equals to dir1/dir2/dashboard
+the url value is <https://yourgerritserver/a/user%2Frepo/branches/master/files/dir1%2Fdir2%2Fdashboard/content>
+
+## Sidecar for dashboards
+
+If the parameter `sidecar.dashboards.enabled` is set, a sidecar container is deployed in the grafana
+pod. This container watches all configmaps (or secrets) in the cluster and filters out the ones with
+a label as defined in `sidecar.dashboards.label`. The files defined in those configmaps are written
+to a folder and accessed by grafana. Changes to the configmaps are monitored and the imported
+dashboards are deleted/updated.
+
+A recommendation is to use one configmap per dashboard, as a reduction of multiple dashboards inside
+one configmap is currently not properly mirrored in grafana.
+
+Example dashboard config:
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: sample-grafana-dashboard
+ labels:
+ grafana_dashboard: "1"
+data:
+ k8s-dashboard.json: |-
+ [...]
+```
+
+## Sidecar for datasources
+
+If the parameter `sidecar.datasources.enabled` is set, an init container is deployed in the grafana
+pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and
+filters out the ones with a label as defined in `sidecar.datasources.label`. The files defined in
+those secrets are written to a folder and accessed by grafana on startup. Using these yaml files,
+the data sources in grafana can be imported.
+
+Secrets are recommended over configmaps for this usecase because datasources usually contain private
+data like usernames and passwords. Secrets are the more appropriate cluster resource to manage those.
+
+Example values to add a datasource adapted from [Grafana](http://docs.grafana.org/administration/provisioning/#example-datasource-config-file):
+
+```yaml
+datasources:
+ datasources.yaml:
+ apiVersion: 1
+ datasources:
+ # <string, required> name of the datasource. Required
+ - name: Graphite
+ # <string, required> datasource type. Required
+ type: graphite
+ # <string, required> access mode. proxy or direct (Server or Browser in the UI). Required
+ access: proxy
+ # <int> org id. will default to orgId 1 if not specified
+ orgId: 1
+ # <string> url
+ url: http://localhost:8080
+ # <string> database password, if used
+ password:
+ # <string> database user, if used
+ user:
+ # <string> database name, if used
+ database:
+ # <bool> enable/disable basic auth
+ basicAuth:
+ # <string> basic auth username
+ basicAuthUser:
+ # <string> basic auth password
+ basicAuthPassword:
+ # <bool> enable/disable with credentials headers
+ withCredentials:
+ # <bool> mark as default datasource. Max one per org
+ isDefault:
+ # <map> fields that will be converted to json and stored in json_data
+ jsonData:
+ graphiteVersion: "1.1"
+ tlsAuth: true
+ tlsAuthWithCACert: true
+ # <string> json object of data that will be encrypted.
+ secureJsonData:
+ tlsCACert: "..."
+ tlsClientCert: "..."
+ tlsClientKey: "..."
+ version: 1
+ # <bool> allow users to edit datasources from the UI.
+ editable: false
+```
+
+## Sidecar for notifiers
+
+If the parameter `sidecar.notifiers.enabled` is set, an init container is deployed in the grafana
+pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and
+filters out the ones with a label as defined in `sidecar.notifiers.label`. The files defined in
+those secrets are written to a folder and accessed by grafana on startup. Using these yaml files,
+the notification channels in grafana can be imported. The secrets must be created before
+`helm install` so that the notifiers init container can list the secrets.
+
+Secrets are recommended over configmaps for this usecase because alert notification channels usually contain
+private data like SMTP usernames and passwords. Secrets are the more appropriate cluster resource to manage those.
+
+Example datasource config adapted from [Grafana](https://grafana.com/docs/grafana/latest/administration/provisioning/#alert-notification-channels):
+
+```yaml
+notifiers:
+ - name: notification-channel-1
+ type: slack
+ uid: notifier1
+ # either
+ org_id: 2
+ # or
+ org_name: Main Org.
+ is_default: true
+ send_reminder: true
+ frequency: 1h
+ disable_resolve_message: false
+ # See `Supported Settings` section for settings supporter for each
+ # alert notification type.
+ settings:
+ recipient: 'XXX'
+ token: 'xoxb'
+ uploadImage: true
+ url: https://slack.com
+
+delete_notifiers:
+ - name: notification-channel-1
+ uid: notifier1
+ org_id: 2
+ - name: notification-channel-2
+ # default org_id: 1
+```
+
+## How to serve Grafana with a path prefix (/grafana)
+
+In order to serve Grafana with a prefix (e.g., <http://example.com/grafana>), add the following to your values.yaml.
+
+```yaml
+ingress:
+ enabled: true
+ annotations:
+ kubernetes.io/ingress.class: "nginx"
+ nginx.ingress.kubernetes.io/rewrite-target: /$1
+ nginx.ingress.kubernetes.io/use-regex: "true"
+
+ path: /grafana/?(.*)
+ hosts:
+ - k8s.example.dev
+
+grafana.ini:
+ server:
+ root_url: http://localhost:3000/grafana # this host can be localhost
+```
+
+## How to securely reference secrets in grafana.ini
+
+This example uses Grafana [file providers](https://grafana.com/docs/grafana/latest/administration/configuration/#file-provider) for secret values and the `extraSecretMounts` configuration flag (Additional grafana server secret mounts) to mount the secrets.
+
+In grafana.ini:
+
+```yaml
+grafana.ini:
+ [auth.generic_oauth]
+ enabled = true
+ client_id = $__file{/etc/secrets/auth_generic_oauth/client_id}
+ client_secret = $__file{/etc/secrets/auth_generic_oauth/client_secret}
+```
+
+Existing secret, or created along with helm:
+
+```yaml
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: auth-generic-oauth-secret
+type: Opaque
+stringData:
+ client_id: <value>
+ client_secret: <value>
+```
+
+Include in the `extraSecretMounts` configuration flag:
+
+```yaml
+- extraSecretMounts:
+ - name: auth-generic-oauth-secret-mount
+ secretName: auth-generic-oauth-secret
+ defaultMode: 0440
+ mountPath: /etc/secrets/auth_generic_oauth
+ readOnly: true
+```
+
+### extraSecretMounts using a Container Storage Interface (CSI) provider
+
+This example uses a CSI driver e.g. retrieving secrets using [Azure Key Vault Provider](https://github.com/Azure/secrets-store-csi-driver-provider-azure)
+
+```yaml
+- extraSecretMounts:
+ - name: secrets-store-inline
+ mountPath: /run/secrets
+ readOnly: true
+ csi:
+ driver: secrets-store.csi.k8s.io
+ readOnly: true
+ volumeAttributes:
+ secretProviderClass: "my-provider"
+ nodePublishSecretRef:
+ name: akv-creds
+```
+
+## Image Renderer Plug-In
+
+This chart supports enabling [remote image rendering](https://github.com/grafana/grafana-image-renderer/blob/master/README.md#run-in-docker)
+
+```yaml
+imageRenderer:
+ enabled: true
+```
+
+### Image Renderer NetworkPolicy
+
+By default the image-renderer pods will have a network policy which only allows ingress traffic from the created grafana instance
+
+### High Availability for unified alerting
+
+If you want to run Grafana in a high availability cluster you need to enable
+the headless service by setting `headlessService: true` in your `values.yaml`
+file.
+
+As next step you have to setup the `grafana.ini` in your `values.yaml` in a way
+that it will make use of the headless service to obtain all the IPs of the
+cluster. You should replace ``{{ Name }}`` with the name of your helm deployment.
+
+```yaml
+grafana.ini:
+ ...
+ unified_alerting:
+ enabled: true
+ ha_peers: {{ Name }}-headless:9094
+ alerting:
+ enabled: false
+```
diff --git a/charts/kube-prometheus-stack/charts/grafana/ci/default-values.yaml b/charts/kube-prometheus-stack/charts/grafana/ci/default-values.yaml
new file mode 100644
index 0000000..fc2ba60
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/ci/default-values.yaml
@@ -0,0 +1 @@
+# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml.
diff --git a/charts/kube-prometheus-stack/charts/grafana/ci/with-affinity-values.yaml b/charts/kube-prometheus-stack/charts/grafana/ci/with-affinity-values.yaml
new file mode 100644
index 0000000..f5b9b53
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/ci/with-affinity-values.yaml
@@ -0,0 +1,16 @@
+affinity:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - podAffinityTerm:
+ labelSelector:
+ matchLabels:
+ app.kubernetes.io/instance: grafana-test
+ app.kubernetes.io/name: grafana
+ topologyKey: failure-domain.beta.kubernetes.io/zone
+ weight: 100
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchLabels:
+ app.kubernetes.io/instance: grafana-test
+ app.kubernetes.io/name: grafana
+ topologyKey: kubernetes.io/hostname
diff --git a/charts/kube-prometheus-stack/charts/grafana/ci/with-dashboard-json-values.yaml b/charts/kube-prometheus-stack/charts/grafana/ci/with-dashboard-json-values.yaml
new file mode 100644
index 0000000..e0c4e41
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/ci/with-dashboard-json-values.yaml
@@ -0,0 +1,53 @@
+dashboards:
+ my-provider:
+ my-awesome-dashboard:
+ # An empty but valid dashboard
+ json: |
+ {
+ "__inputs": [],
+ "__requires": [
+ {
+ "type": "grafana",
+ "id": "grafana",
+ "name": "Grafana",
+ "version": "6.3.5"
+ }
+ ],
+ "annotations": {
+ "list": [
+ {
+ "builtIn": 1,
+ "datasource": "-- Grafana --",
+ "enable": true,
+ "hide": true,
+ "iconColor": "rgba(0, 211, 255, 1)",
+ "name": "Annotations & Alerts",
+ "type": "dashboard"
+ }
+ ]
+ },
+ "editable": true,
+ "gnetId": null,
+ "graphTooltip": 0,
+ "id": null,
+ "links": [],
+ "panels": [],
+ "schemaVersion": 19,
+ "style": "dark",
+ "tags": [],
+ "templating": {
+ "list": []
+ },
+ "time": {
+ "from": "now-6h",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": ["5s"]
+ },
+ "timezone": "",
+ "title": "Dummy Dashboard",
+ "uid": "IdcYQooWk",
+ "version": 1
+ }
+ datasource: Prometheus
diff --git a/charts/kube-prometheus-stack/charts/grafana/ci/with-dashboard-values.yaml b/charts/kube-prometheus-stack/charts/grafana/ci/with-dashboard-values.yaml
new file mode 100644
index 0000000..7b662c5
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/ci/with-dashboard-values.yaml
@@ -0,0 +1,19 @@
+dashboards:
+ my-provider:
+ my-awesome-dashboard:
+ gnetId: 10000
+ revision: 1
+ datasource: Prometheus
+dashboardProviders:
+ dashboardproviders.yaml:
+ apiVersion: 1
+ providers:
+ - name: 'my-provider'
+ orgId: 1
+ folder: ''
+ type: file
+ updateIntervalSeconds: 10
+ disableDeletion: true
+ editable: true
+ options:
+ path: /var/lib/grafana/dashboards/my-provider
diff --git a/charts/kube-prometheus-stack/charts/grafana/ci/with-extraconfigmapmounts-values.yaml b/charts/kube-prometheus-stack/charts/grafana/ci/with-extraconfigmapmounts-values.yaml
new file mode 100644
index 0000000..f2d55a8
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/ci/with-extraconfigmapmounts-values.yaml
@@ -0,0 +1,7 @@
+extraConfigmapMounts:
+ - name: '{{ template "grafana.fullname" . }}'
+ configMap: '{{ template "grafana.fullname" . }}'
+ mountPath: /var/lib/grafana/dashboards/test-dashboard.json
+ # This is not a realistic test, but for this we only care about extraConfigmapMounts not being empty and pointing to an existing ConfigMap
+ subPath: grafana.ini
+ readOnly: true
diff --git a/charts/kube-prometheus-stack/charts/grafana/ci/with-image-renderer-values.yaml b/charts/kube-prometheus-stack/charts/grafana/ci/with-image-renderer-values.yaml
new file mode 100644
index 0000000..32f3074
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/ci/with-image-renderer-values.yaml
@@ -0,0 +1,19 @@
+podLabels:
+ customLableA: Aaaaa
+imageRenderer:
+ enabled: true
+ env:
+ RENDERING_ARGS: --disable-gpu,--window-size=1280x758
+ RENDERING_MODE: clustered
+ podLabels:
+ customLableB: Bbbbb
+ networkPolicy:
+ limitIngress: true
+ limitEgress: true
+ resources:
+ limits:
+ cpu: 1000m
+ memory: 1000Mi
+ requests:
+ cpu: 500m
+ memory: 50Mi
diff --git a/charts/kube-prometheus-stack/charts/grafana/ci/with-persistence.yaml b/charts/kube-prometheus-stack/charts/grafana/ci/with-persistence.yaml
new file mode 100644
index 0000000..b92ca02
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/ci/with-persistence.yaml
@@ -0,0 +1,3 @@
+persistence:
+ type: pvc
+ enabled: true
diff --git a/charts/kube-prometheus-stack/charts/grafana/dashboards/custom-dashboard.json b/charts/kube-prometheus-stack/charts/grafana/dashboards/custom-dashboard.json
new file mode 100644
index 0000000..9e26dfe
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/dashboards/custom-dashboard.json
@@ -0,0 +1 @@
+{}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/NOTES.txt b/charts/kube-prometheus-stack/charts/grafana/templates/NOTES.txt
new file mode 100644
index 0000000..1fc8436
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/templates/NOTES.txt
@@ -0,0 +1,54 @@
+1. Get your '{{ .Values.adminUser }}' user password by running:
+
+ kubectl get secret --namespace {{ template "grafana.namespace" . }} {{ template "grafana.fullname" . }} -o jsonpath="{.data.admin-password}" | base64 --decode ; echo
+
+2. The Grafana server can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster:
+
+ {{ template "grafana.fullname" . }}.{{ template "grafana.namespace" . }}.svc.cluster.local
+{{ if .Values.ingress.enabled }}
+ If you bind grafana to 80, please update values in values.yaml and reinstall:
+ ```
+ securityContext:
+ runAsUser: 0
+ runAsGroup: 0
+ fsGroup: 0
+
+ command:
+ - "setcap"
+ - "'cap_net_bind_service=+ep'"
+ - "/usr/sbin/grafana-server &&"
+ - "sh"
+ - "/run.sh"
+ ```
+ Details refer to https://grafana.com/docs/installation/configuration/#http-port.
+ Or grafana would always crash.
+
+ From outside the cluster, the server URL(s) are:
+{{- range .Values.ingress.hosts }}
+ http://{{ . }}
+{{- end }}
+{{ else }}
+ Get the Grafana URL to visit by running these commands in the same shell:
+{{ if contains "NodePort" .Values.service.type -}}
+ export NODE_PORT=$(kubectl get --namespace {{ template "grafana.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "grafana.fullname" . }})
+ export NODE_IP=$(kubectl get nodes --namespace {{ template "grafana.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
+ echo http://$NODE_IP:$NODE_PORT
+{{ else if contains "LoadBalancer" .Values.service.type -}}
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ You can watch the status of by running 'kubectl get svc --namespace {{ template "grafana.namespace" . }} -w {{ template "grafana.fullname" . }}'
+ export SERVICE_IP=$(kubectl get svc --namespace {{ template "grafana.namespace" . }} {{ template "grafana.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+ http://$SERVICE_IP:{{ .Values.service.port -}}
+{{ else if contains "ClusterIP" .Values.service.type }}
+ export POD_NAME=$(kubectl get pods --namespace {{ template "grafana.namespace" . }} -l "app.kubernetes.io/name={{ template "grafana.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+ kubectl --namespace {{ template "grafana.namespace" . }} port-forward $POD_NAME 3000
+{{- end }}
+{{- end }}
+
+3. Login with the password from step 1 and the username: {{ .Values.adminUser }}
+
+{{- if not .Values.persistence.enabled }}
+#################################################################################
+###### WARNING: Persistence is disabled!!! You will lose your data when #####
+###### the Grafana pod is terminated. #####
+#################################################################################
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/_helpers.tpl b/charts/kube-prometheus-stack/charts/grafana/templates/_helpers.tpl
new file mode 100644
index 0000000..369e69f
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/templates/_helpers.tpl
@@ -0,0 +1,174 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "grafana.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "grafana.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "grafana.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account
+*/}}
+{{- define "grafana.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+ {{ default (include "grafana.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{- define "grafana.serviceAccountNameTest" -}}
+{{- if .Values.serviceAccount.create -}}
+ {{ default (print (include "grafana.fullname" .) "-test") .Values.serviceAccount.nameTest }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccount.nameTest }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Allow the release namespace to be overridden for multi-namespace deployments in combined charts
+*/}}
+{{- define "grafana.namespace" -}}
+ {{- if .Values.namespaceOverride -}}
+ {{- .Values.namespaceOverride -}}
+ {{- else -}}
+ {{- .Release.Namespace -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "grafana.labels" -}}
+helm.sh/chart: {{ include "grafana.chart" . }}
+{{ include "grafana.selectorLabels" . }}
+{{- if or .Chart.AppVersion .Values.image.tag }}
+app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- if .Values.extraLabels }}
+{{ toYaml .Values.extraLabels }}
+{{- end }}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "grafana.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "grafana.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "grafana.imageRenderer.labels" -}}
+helm.sh/chart: {{ include "grafana.chart" . }}
+{{ include "grafana.imageRenderer.selectorLabels" . }}
+{{- if or .Chart.AppVersion .Values.image.tag }}
+app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Selector labels ImageRenderer
+*/}}
+{{- define "grafana.imageRenderer.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "grafana.name" . }}-image-renderer
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+{{/*
+Looks if there's an existing secret and reuse its password. If not it generates
+new password and use it.
+*/}}
+{{- define "grafana.password" -}}
+{{- $secret := (lookup "v1" "Secret" (include "grafana.namespace" .) (include "grafana.fullname" .) ) -}}
+ {{- if $secret -}}
+ {{- index $secret "data" "admin-password" -}}
+ {{- else -}}
+ {{- (randAlphaNum 40) | b64enc | quote -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for rbac.
+*/}}
+{{- define "grafana.rbac.apiVersion" -}}
+ {{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }}
+ {{- print "rbac.authorization.k8s.io/v1" -}}
+ {{- else -}}
+ {{- print "rbac.authorization.k8s.io/v1beta1" -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for ingress.
+*/}}
+{{- define "grafana.ingress.apiVersion" -}}
+ {{- if and (.Capabilities.APIVersions.Has "networking.k8s.io/v1") (semverCompare ">= 1.19-0" .Capabilities.KubeVersion.Version) -}}
+ {{- print "networking.k8s.io/v1" -}}
+ {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}}
+ {{- print "networking.k8s.io/v1beta1" -}}
+ {{- else -}}
+ {{- print "extensions/v1beta1" -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for podDisruptionBudget.
+*/}}
+{{- define "grafana.podDisruptionBudget.apiVersion" -}}
+ {{- if $.Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" -}}
+ {{- print "policy/v1" -}}
+ {{- else -}}
+ {{- print "policy/v1beta1" -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Return if ingress is stable.
+*/}}
+{{- define "grafana.ingress.isStable" -}}
+ {{- eq (include "grafana.ingress.apiVersion" .) "networking.k8s.io/v1" -}}
+{{- end -}}
+
+{{/*
+Return if ingress supports ingressClassName.
+*/}}
+{{- define "grafana.ingress.supportsIngressClassName" -}}
+ {{- or (eq (include "grafana.ingress.isStable" .) "true") (and (eq (include "grafana.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" .Capabilities.KubeVersion.Version)) -}}
+{{- end -}}
+
+{{/*
+Return if ingress supports pathType.
+*/}}
+{{- define "grafana.ingress.supportsPathType" -}}
+ {{- or (eq (include "grafana.ingress.isStable" .) "true") (and (eq (include "grafana.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" .Capabilities.KubeVersion.Version)) -}}
+{{- end -}}
diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/_pod.tpl b/charts/kube-prometheus-stack/charts/grafana/templates/_pod.tpl
new file mode 100644
index 0000000..358345d
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/templates/_pod.tpl
@@ -0,0 +1,1115 @@
+{{- define "grafana.pod" -}}
+{{- if .Values.schedulerName }}
+schedulerName: "{{ .Values.schedulerName }}"
+{{- end }}
+serviceAccountName: {{ template "grafana.serviceAccountName" . }}
+automountServiceAccountToken: {{ .Values.serviceAccount.autoMount }}
+{{- with .Values.securityContext }}
+securityContext:
+ {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- with .Values.hostAliases }}
+hostAliases:
+ {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- if .Values.priorityClassName }}
+priorityClassName: {{ .Values.priorityClassName }}
+{{- end }}
+{{- if ( or .Values.persistence.enabled .Values.dashboards .Values.extraInitContainers (and .Values.sidecar.datasources.enabled .Values.sidecar.datasources.initDatasources) (and .Values.sidecar.notifiers.enabled .Values.sidecar.notifiers.initNotifiers)) }}
+initContainers:
+{{- end }}
+{{- if ( and .Values.persistence.enabled .Values.initChownData.enabled ) }}
+ - name: init-chown-data
+ {{- if .Values.initChownData.image.sha }}
+ image: "{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}@sha256:{{ .Values.initChownData.image.sha }}"
+ {{- else }}
+ image: "{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}"
+ {{- end }}
+ imagePullPolicy: {{ .Values.initChownData.image.pullPolicy }}
+ {{- with .Values.initChownData.securityContext }}
+ securityContext:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ command: ["chown", "-R", "{{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.runAsGroup }}", "/var/lib/grafana"]
+ {{- with .Values.initChownData.resources }}
+ resources:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ volumeMounts:
+ - name: storage
+ mountPath: "/var/lib/grafana"
+{{- if .Values.persistence.subPath }}
+ subPath: {{ tpl .Values.persistence.subPath . }}
+{{- end }}
+{{- end }}
+{{- if .Values.dashboards }}
+ - name: download-dashboards
+ {{- if .Values.downloadDashboardsImage.sha }}
+ image: "{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}@sha256:{{ .Values.downloadDashboardsImage.sha }}"
+ {{- else }}
+ image: "{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}"
+ {{- end }}
+ imagePullPolicy: {{ .Values.downloadDashboardsImage.pullPolicy }}
+ command: ["/bin/sh"]
+ args: [ "-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh -x /etc/grafana/download_dashboards.sh" ]
+ {{- with .Values.downloadDashboards.resources }}
+ resources:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ env:
+{{- range $key, $value := .Values.downloadDashboards.env }}
+ - name: "{{ $key }}"
+ value: "{{ $value }}"
+{{- end }}
+ {{- with .Values.downloadDashboards.securityContext }}
+ securityContext:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+{{- if .Values.downloadDashboards.envFromSecret }}
+ envFrom:
+ - secretRef:
+ name: {{ tpl .Values.downloadDashboards.envFromSecret . }}
+{{- end }}
+ volumeMounts:
+ - name: config
+ mountPath: "/etc/grafana/download_dashboards.sh"
+ subPath: download_dashboards.sh
+ - name: storage
+ mountPath: "/var/lib/grafana"
+{{- if .Values.persistence.subPath }}
+ subPath: {{ tpl .Values.persistence.subPath . }}
+{{- end }}
+ {{- range .Values.extraSecretMounts }}
+ - name: {{ .name }}
+ mountPath: {{ .mountPath }}
+ readOnly: {{ .readOnly }}
+ {{- end }}
+{{- end }}
+{{- if and .Values.sidecar.datasources.enabled .Values.sidecar.datasources.initDatasources }}
+ - name: {{ template "grafana.name" . }}-init-sc-datasources
+ {{- if .Values.sidecar.image.sha }}
+ image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
+ {{- else }}
+ image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
+ {{- end }}
+ imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }}
+ env:
+ {{- range $key, $value := .Values.sidecar.datasources.env }}
+ - name: "{{ $key }}"
+ value: "{{ $value }}"
+ {{- end }}
+ {{- if .Values.sidecar.datasources.ignoreAlreadyProcessed }}
+ - name: IGNORE_ALREADY_PROCESSED
+ value: "true"
+ {{- end }}
+ - name: METHOD
+ value: "LIST"
+ - name: LABEL
+ value: "{{ .Values.sidecar.datasources.label }}"
+ {{- if .Values.sidecar.datasources.labelValue }}
+ - name: LABEL_VALUE
+ value: {{ quote .Values.sidecar.datasources.labelValue }}
+ {{- end }}
+ {{- if or .Values.sidecar.logLevel .Values.sidecar.datasources.logLevel }}
+ - name: LOG_LEVEL
+ value: {{ default .Values.sidecar.logLevel .Values.sidecar.datasources.logLevel }}
+ {{- end }}
+ - name: FOLDER
+ value: "/etc/grafana/provisioning/datasources"
+ - name: RESOURCE
+ value: {{ quote .Values.sidecar.datasources.resource }}
+ {{- if .Values.sidecar.enableUniqueFilenames }}
+ - name: UNIQUE_FILENAMES
+ value: "{{ .Values.sidecar.enableUniqueFilenames }}"
+ {{- end }}
+ {{- if .Values.sidecar.datasources.searchNamespace }}
+ - name: NAMESPACE
+ value: "{{ tpl (.Values.sidecar.datasources.searchNamespace | join ",") . }}"
+ {{- end }}
+ {{- if .Values.sidecar.skipTlsVerify }}
+ - name: SKIP_TLS_VERIFY
+ value: "{{ .Values.sidecar.skipTlsVerify }}"
+ {{- end }}
+ {{- with .Values.sidecar.resources }}
+ resources:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ {{- with .Values.sidecar.securityContext }}
+ securityContext:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ volumeMounts:
+ - name: sc-datasources-volume
+ mountPath: "/etc/grafana/provisioning/datasources"
+{{- end }}
+{{- if and .Values.sidecar.notifiers.enabled .Values.sidecar.notifiers.initNotifiers }}
+ - name: {{ template "grafana.name" . }}-init-sc-notifiers
+ {{- if .Values.sidecar.image.sha }}
+ image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
+ {{- else }}
+ image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
+ {{- end }}
+ imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }}
+ env:
+ {{- range $key, $value := .Values.sidecar.notifiers.env }}
+ - name: "{{ $key }}"
+ value: "{{ $value }}"
+ {{- end }}
+ {{- if .Values.sidecar.notifiers.ignoreAlreadyProcessed }}
+ - name: IGNORE_ALREADY_PROCESSED
+ value: "true"
+ {{- end }}
+ - name: METHOD
+ value: LIST
+ - name: LABEL
+ value: "{{ .Values.sidecar.notifiers.label }}"
+ {{- if .Values.sidecar.notifiers.labelValue }}
+ - name: LABEL_VALUE
+ value: {{ quote .Values.sidecar.notifiers.labelValue }}
+ {{- end }}
+ {{- if or .Values.sidecar.logLevel .Values.sidecar.notifiers.logLevel }}
+ - name: LOG_LEVEL
+ value: {{ default .Values.sidecar.logLevel .Values.sidecar.notifiers.logLevel }}
+ {{- end }}
+ - name: FOLDER
+ value: "/etc/grafana/provisioning/notifiers"
+ - name: RESOURCE
+ value: {{ quote .Values.sidecar.notifiers.resource }}
+ {{- if .Values.sidecar.enableUniqueFilenames }}
+ - name: UNIQUE_FILENAMES
+ value: "{{ .Values.sidecar.enableUniqueFilenames }}"
+ {{- end }}
+ {{- if .Values.sidecar.notifiers.searchNamespace }}
+ - name: NAMESPACE
+ value: "{{ tpl (.Values.sidecar.notifiers.searchNamespace | join ",") . }}"
+ {{- end }}
+ {{- if .Values.sidecar.skipTlsVerify }}
+ - name: SKIP_TLS_VERIFY
+ value: "{{ .Values.sidecar.skipTlsVerify }}"
+ {{- end }}
+ {{- with .Values.sidecar.livenessProbe }}
+ livenessProbe:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ {{- with .Values.sidecar.readinessProbe }}
+ readinessProbe:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ {{- with .Values.sidecar.resources }}
+ resources:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ {{- with .Values.sidecar.securityContext }}
+ securityContext:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ volumeMounts:
+ - name: sc-notifiers-volume
+ mountPath: "/etc/grafana/provisioning/notifiers"
+{{- end}}
+{{- if .Values.extraInitContainers }}
+{{ tpl (toYaml .Values.extraInitContainers) . | indent 2 }}
+{{- end }}
+{{- if .Values.image.pullSecrets }}
+imagePullSecrets:
+{{- $root := . }}
+{{- range .Values.image.pullSecrets }}
+ - name: {{ tpl . $root }}
+{{- end}}
+{{- end }}
+{{- if not .Values.enableKubeBackwardCompatibility }}
+enableServiceLinks: {{ .Values.enableServiceLinks }}
+{{- end }}
+containers:
+{{- if .Values.sidecar.alerts.enabled }}
+ - name: {{ template "grafana.name" . }}-sc-alerts
+ {{- if .Values.sidecar.image.sha }}
+ image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
+ {{- else }}
+ image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
+ {{- end }}
+ imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }}
+ env:
+ {{- range $key, $value := .Values.sidecar.alerts.env }}
+ - name: "{{ $key }}"
+ value: "{{ $value }}"
+ {{- end }}
+ {{- if .Values.sidecar.alerts.ignoreAlreadyProcessed }}
+ - name: IGNORE_ALREADY_PROCESSED
+ value: "true"
+ {{- end }}
+ - name: METHOD
+ value: {{ .Values.sidecar.alerts.watchMethod }}
+ - name: LABEL
+ value: "{{ .Values.sidecar.alerts.label }}"
+ {{- with .Values.sidecar.alerts.labelValue }}
+ - name: LABEL_VALUE
+ value: {{ quote . }}
+ {{- end }}
+ {{- if or .Values.sidecar.logLevel .Values.sidecar.alerts.logLevel }}
+ - name: LOG_LEVEL
+ value: {{ default .Values.sidecar.logLevel .Values.sidecar.alerts.logLevel }}
+ {{- end }}
+ - name: FOLDER
+ value: "/etc/grafana/provisioning/alerting"
+ - name: RESOURCE
+ value: {{ quote .Values.sidecar.alerts.resource }}
+ {{- if .Values.sidecar.enableUniqueFilenames }}
+ - name: UNIQUE_FILENAMES
+ value: "{{ .Values.sidecar.enableUniqueFilenames }}"
+ {{- end }}
+ {{- with .Values.sidecar.alerts.searchNamespace }}
+ - name: NAMESPACE
+ value: {{ . | join "," | quote }}
+ {{- end }}
+ {{- with .Values.sidecar.alerts.skipTlsVerify }}
+ - name: SKIP_TLS_VERIFY
+ value: {{ quote . }}
+ {{- end }}
+ {{- with .Values.sidecar.alerts.script }}
+ - name: SCRIPT
+ value: {{ quote . }}
+ {{- end }}
+ {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
+ - name: REQ_USERNAME
+ valueFrom:
+ secretKeyRef:
+ name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }}
+ key: {{ .Values.admin.userKey | default "admin-user" }}
+ {{- end }}
+ {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
+ - name: REQ_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }}
+ key: {{ .Values.admin.passwordKey | default "admin-password" }}
+ {{- end }}
+ {{- if not .Values.sidecar.alerts.skipReload }}
+ - name: REQ_URL
+ value: {{ .Values.sidecar.alerts.reloadURL }}
+ - name: REQ_METHOD
+ value: POST
+ {{- end }}
+ {{- if .Values.sidecar.alerts.watchServerTimeout }}
+ {{- if ne .Values.sidecar.alerts.watchMethod "WATCH" }}
+ {{- fail (printf "Cannot use .Values.sidecar.alerts.watchServerTimeout with .Values.sidecar.alerts.watchMethod %s" .Values.sidecar.alerts.watchMethod) }}
+ {{- end }}
+ - name: WATCH_SERVER_TIMEOUT
+ value: "{{ .Values.sidecar.alerts.watchServerTimeout }}"
+ {{- end }}
+ {{- if .Values.sidecar.alerts.watchClientTimeout }}
+ {{- if ne .Values.sidecar.alerts.watchMethod "WATCH" }}
+ {{- fail (printf "Cannot use .Values.sidecar.alerts.watchClientTimeout with .Values.sidecar.alerts.watchMethod %s" .Values.sidecar.alerts.watchMethod) }}
+ {{- end }}
+ - name: WATCH_CLIENT_TIMEOUT
+ value: "{{ .Values.sidecar.alerts.watchClientTimeout }}"
+ {{- end }}
+ {{- with .Values.sidecar.livenessProbe }}
+ livenessProbe:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ {{- with .Values.sidecar.readinessProbe }}
+ readinessProbe:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ {{- with .Values.sidecar.resources }}
+ resources:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ {{- with .Values.sidecar.securityContext }}
+ securityContext:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ volumeMounts:
+ - name: sc-alerts-volume
+ mountPath: "/etc/grafana/provisioning/alerting"
+{{- end}}
+{{- if .Values.sidecar.dashboards.enabled }}
+ - name: {{ template "grafana.name" . }}-sc-dashboard
+ {{- if .Values.sidecar.image.sha }}
+ image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
+ {{- else }}
+ image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
+ {{- end }}
+ imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }}
+ env:
+ {{- range $key, $value := .Values.sidecar.dashboards.env }}
+ - name: "{{ $key }}"
+ value: "{{ $value }}"
+ {{- end }}
+ {{- if .Values.sidecar.dashboards.ignoreAlreadyProcessed }}
+ - name: IGNORE_ALREADY_PROCESSED
+ value: "true"
+ {{- end }}
+ - name: METHOD
+ value: {{ .Values.sidecar.dashboards.watchMethod }}
+ - name: LABEL
+ value: "{{ .Values.sidecar.dashboards.label }}"
+ {{- if .Values.sidecar.dashboards.labelValue }}
+ - name: LABEL_VALUE
+ value: {{ quote .Values.sidecar.dashboards.labelValue }}
+ {{- end }}
+ {{- if or .Values.sidecar.logLevel .Values.sidecar.dashboards.logLevel }}
+ - name: LOG_LEVEL
+ value: {{ default .Values.sidecar.logLevel .Values.sidecar.dashboards.logLevel }}
+ {{- end }}
+ - name: FOLDER
+ value: "{{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}"
+ - name: RESOURCE
+ value: {{ quote .Values.sidecar.dashboards.resource }}
+ {{- if .Values.sidecar.enableUniqueFilenames }}
+ - name: UNIQUE_FILENAMES
+ value: "{{ .Values.sidecar.enableUniqueFilenames }}"
+ {{- end }}
+ {{- if .Values.sidecar.dashboards.searchNamespace }}
+ - name: NAMESPACE
+ value: "{{ tpl (.Values.sidecar.dashboards.searchNamespace | join ",") . }}"
+ {{- end }}
+ {{- if .Values.sidecar.skipTlsVerify }}
+ - name: SKIP_TLS_VERIFY
+ value: "{{ .Values.sidecar.skipTlsVerify }}"
+ {{- end }}
+ {{- if .Values.sidecar.dashboards.folderAnnotation }}
+ - name: FOLDER_ANNOTATION
+ value: "{{ .Values.sidecar.dashboards.folderAnnotation }}"
+ {{- end }}
+ {{- if .Values.sidecar.dashboards.script }}
+ - name: SCRIPT
+ value: "{{ .Values.sidecar.dashboards.script }}"
+ {{- end }}
+ {{- if .Values.sidecar.dashboards.watchServerTimeout }}
+ {{- if ne .Values.sidecar.dashboards.watchMethod "WATCH" }}
+ {{- fail (printf "Cannot use .Values.sidecar.dashboards.watchServerTimeout with .Values.sidecar.dashboards.watchMethod %s" .Values.sidecar.dashboards.watchMethod) }}
+ {{- end }}
+ - name: WATCH_SERVER_TIMEOUT
+ value: "{{ .Values.sidecar.dashboards.watchServerTimeout }}"
+ {{- end }}
+ {{- if .Values.sidecar.dashboards.watchClientTimeout }}
+ {{- if ne .Values.sidecar.dashboards.watchMethod "WATCH" }}
+ {{- fail (printf "Cannot use .Values.sidecar.dashboards.watchClientTimeout with .Values.sidecar.dashboards.watchMethod %s" .Values.sidecar.dashboards.watchMethod) }}
+ {{- end }}
+ - name: WATCH_CLIENT_TIMEOUT
+ value: "{{ .Values.sidecar.dashboards.watchClientTimeout }}"
+ {{- end }}
+ {{- with .Values.sidecar.livenessProbe }}
+ livenessProbe:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ {{- with .Values.sidecar.readinessProbe }}
+ readinessProbe:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ {{- with .Values.sidecar.resources }}
+ resources:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ {{- with .Values.sidecar.securityContext }}
+ securityContext:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ volumeMounts:
+ - name: sc-dashboard-volume
+ mountPath: {{ .Values.sidecar.dashboards.folder | quote }}
+ {{- if .Values.sidecar.dashboards.extraMounts }}
+ {{- toYaml .Values.sidecar.dashboards.extraMounts | trim | nindent 6}}
+ {{- end }}
+{{- end}}
+{{- if .Values.sidecar.datasources.enabled }}
+ - name: {{ template "grafana.name" . }}-sc-datasources
+ {{- if .Values.sidecar.image.sha }}
+ image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
+ {{- else }}
+ image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
+ {{- end }}
+ imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }}
+ env:
+ {{- range $key, $value := .Values.sidecar.datasources.env }}
+ - name: "{{ $key }}"
+ value: "{{ $value }}"
+ {{- end }}
+ {{- if .Values.sidecar.datasources.ignoreAlreadyProcessed }}
+ - name: IGNORE_ALREADY_PROCESSED
+ value: "true"
+ {{- end }}
+ - name: METHOD
+ value: {{ .Values.sidecar.datasources.watchMethod }}
+ - name: LABEL
+ value: "{{ .Values.sidecar.datasources.label }}"
+ {{- if .Values.sidecar.datasources.labelValue }}
+ - name: LABEL_VALUE
+ value: {{ quote .Values.sidecar.datasources.labelValue }}
+ {{- end }}
+ {{- if or .Values.sidecar.logLevel .Values.sidecar.datasources.logLevel }}
+ - name: LOG_LEVEL
+ value: {{ default .Values.sidecar.logLevel .Values.sidecar.datasources.logLevel }}
+ {{- end }}
+ - name: FOLDER
+ value: "/etc/grafana/provisioning/datasources"
+ - name: RESOURCE
+ value: {{ quote .Values.sidecar.datasources.resource }}
+ {{- if .Values.sidecar.enableUniqueFilenames }}
+ - name: UNIQUE_FILENAMES
+ value: "{{ .Values.sidecar.enableUniqueFilenames }}"
+ {{- end }}
+ {{- if .Values.sidecar.datasources.searchNamespace }}
+ - name: NAMESPACE
+ value: "{{ tpl (.Values.sidecar.datasources.searchNamespace | join ",") . }}"
+ {{- end }}
+ {{- if .Values.sidecar.skipTlsVerify }}
+ - name: SKIP_TLS_VERIFY
+ value: "{{ .Values.sidecar.skipTlsVerify }}"
+ {{- end }}
+ {{- if .Values.sidecar.datasources.script }}
+ - name: SCRIPT
+ value: "{{ .Values.sidecar.datasources.script }}"
+ {{- end }}
+ {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
+ - name: REQ_USERNAME
+ valueFrom:
+ secretKeyRef:
+ name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }}
+ key: {{ .Values.admin.userKey | default "admin-user" }}
+ {{- end }}
+ {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
+ - name: REQ_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }}
+ key: {{ .Values.admin.passwordKey | default "admin-password" }}
+ {{- end }}
+ {{- if not .Values.sidecar.datasources.skipReload }}
+ - name: REQ_URL
+ value: {{ .Values.sidecar.datasources.reloadURL }}
+ - name: REQ_METHOD
+ value: POST
+ {{- end }}
+ {{- if .Values.sidecar.datasources.watchServerTimeout }}
+ {{- if ne .Values.sidecar.datasources.watchMethod "WATCH" }}
+ {{- fail (printf "Cannot use .Values.sidecar.datasources.watchServerTimeout with .Values.sidecar.datasources.watchMethod %s" .Values.sidecar.datasources.watchMethod) }}
+ {{- end }}
+ - name: WATCH_SERVER_TIMEOUT
+ value: "{{ .Values.sidecar.datasources.watchServerTimeout }}"
+ {{- end }}
+ {{- if .Values.sidecar.datasources.watchClientTimeout }}
+ {{- if ne .Values.sidecar.datasources.watchMethod "WATCH" }}
+ {{- fail (printf "Cannot use .Values.sidecar.datasources.watchClientTimeout with .Values.sidecar.datasources.watchMethod %s" .Values.sidecar.datasources.watchMethod) }}
+ {{- end }}
+ - name: WATCH_CLIENT_TIMEOUT
+ value: "{{ .Values.sidecar.datasources.watchClientTimeout }}"
+ {{- end }}
+ {{- with .Values.sidecar.livenessProbe }}
+ livenessProbe:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ {{- with .Values.sidecar.readinessProbe }}
+ readinessProbe:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ {{- with .Values.sidecar.resources }}
+ resources:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ {{- with .Values.sidecar.securityContext }}
+ securityContext:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ volumeMounts:
+ - name: sc-datasources-volume
+ mountPath: "/etc/grafana/provisioning/datasources"
+{{- end}}
+{{- if .Values.sidecar.notifiers.enabled }}
+ - name: {{ template "grafana.name" . }}-sc-notifiers
+ {{- if .Values.sidecar.image.sha }}
+ image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
+ {{- else }}
+ image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
+ {{- end }}
+ imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }}
+ env:
+ {{- range $key, $value := .Values.sidecar.notifiers.env }}
+ - name: "{{ $key }}"
+ value: "{{ $value }}"
+ {{- end }}
+ {{- if .Values.sidecar.notifiers.ignoreAlreadyProcessed }}
+ - name: IGNORE_ALREADY_PROCESSED
+ value: "true"
+ {{- end }}
+ - name: METHOD
+ value: {{ .Values.sidecar.notifiers.watchMethod }}
+ - name: LABEL
+ value: "{{ .Values.sidecar.notifiers.label }}"
+ {{- if .Values.sidecar.notifiers.labelValue }}
+ - name: LABEL_VALUE
+ value: {{ quote .Values.sidecar.notifiers.labelValue }}
+ {{- end }}
+ {{- if or .Values.sidecar.logLevel .Values.sidecar.notifiers.logLevel }}
+ - name: LOG_LEVEL
+ value: {{ default .Values.sidecar.logLevel .Values.sidecar.notifiers.logLevel }}
+ {{- end }}
+ - name: FOLDER
+ value: "/etc/grafana/provisioning/notifiers"
+ - name: RESOURCE
+ value: {{ quote .Values.sidecar.notifiers.resource }}
+ {{- if .Values.sidecar.enableUniqueFilenames }}
+ - name: UNIQUE_FILENAMES
+ value: "{{ .Values.sidecar.enableUniqueFilenames }}"
+ {{- end }}
+ {{- if .Values.sidecar.notifiers.searchNamespace }}
+ - name: NAMESPACE
+ value: "{{ tpl (.Values.sidecar.notifiers.searchNamespace | join ",") . }}"
+ {{- end }}
+ {{- if .Values.sidecar.skipTlsVerify }}
+ - name: SKIP_TLS_VERIFY
+ value: "{{ .Values.sidecar.skipTlsVerify }}"
+ {{- end }}
+ {{- if .Values.sidecar.notifiers.script }}
+ - name: SCRIPT
+ value: "{{ .Values.sidecar.notifiers.script }}"
+ {{- end }}
+ {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
+ - name: REQ_USERNAME
+ valueFrom:
+ secretKeyRef:
+ name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }}
+ key: {{ .Values.admin.userKey | default "admin-user" }}
+ {{- end }}
+ {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
+ - name: REQ_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }}
+ key: {{ .Values.admin.passwordKey | default "admin-password" }}
+ {{- end }}
+ {{- if not .Values.sidecar.notifiers.skipReload }}
+ - name: REQ_URL
+ value: {{ .Values.sidecar.notifiers.reloadURL }}
+ - name: REQ_METHOD
+ value: POST
+ {{- end }}
+ {{- if .Values.sidecar.notifiers.watchServerTimeout }}
+ {{- if ne .Values.sidecar.notifiers.watchMethod "WATCH" }}
+ {{- fail (printf "Cannot use .Values.sidecar.notifiers.watchServerTimeout with .Values.sidecar.notifiers.watchMethod %s" .Values.sidecar.notifiers.watchMethod) }}
+ {{- end }}
+ - name: WATCH_SERVER_TIMEOUT
+ value: "{{ .Values.sidecar.notifiers.watchServerTimeout }}"
+ {{- end }}
+ {{- if .Values.sidecar.notifiers.watchClientTimeout }}
+ {{- if ne .Values.sidecar.notifiers.watchMethod "WATCH" }}
+ {{- fail (printf "Cannot use .Values.sidecar.notifiers.watchClientTimeout with .Values.sidecar.notifiers.watchMethod %s" .Values.sidecar.notifiers.watchMethod) }}
+ {{- end }}
+ - name: WATCH_CLIENT_TIMEOUT
+ value: "{{ .Values.sidecar.notifiers.watchClientTimeout }}"
+ {{- end }}
+ {{- with .Values.sidecar.livenessProbe }}
+ livenessProbe:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ {{- with .Values.sidecar.readinessProbe }}
+ readinessProbe:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ {{- with .Values.sidecar.resources }}
+ resources:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ {{- with .Values.sidecar.securityContext }}
+ securityContext:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ volumeMounts:
+ - name: sc-notifiers-volume
+ mountPath: "/etc/grafana/provisioning/notifiers"
+{{- end}}
+{{- if .Values.sidecar.plugins.enabled }}
+ - name: {{ template "grafana.name" . }}-sc-plugins
+ {{- if .Values.sidecar.image.sha }}
+ image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
+ {{- else }}
+ image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
+ {{- end }}
+ imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }}
+ env:
+ {{- range $key, $value := .Values.sidecar.plugins.env }}
+ - name: "{{ $key }}"
+ value: "{{ $value }}"
+ {{- end }}
+ {{- if .Values.sidecar.plugins.ignoreAlreadyProcessed }}
+ - name: IGNORE_ALREADY_PROCESSED
+ value: "true"
+ {{- end }}
+ - name: METHOD
+ value: {{ .Values.sidecar.plugins.watchMethod }}
+ - name: LABEL
+ value: "{{ .Values.sidecar.plugins.label }}"
+ {{- if .Values.sidecar.plugins.labelValue }}
+ - name: LABEL_VALUE
+ value: {{ quote .Values.sidecar.plugins.labelValue }}
+ {{- end }}
+ {{- if or .Values.sidecar.logLevel .Values.sidecar.plugins.logLevel }}
+ - name: LOG_LEVEL
+ value: {{ default .Values.sidecar.logLevel .Values.sidecar.plugins.logLevel }}
+ {{- end }}
+ - name: FOLDER
+ value: "/etc/grafana/provisioning/plugins"
+ - name: RESOURCE
+ value: {{ quote .Values.sidecar.plugins.resource }}
+ {{- if .Values.sidecar.enableUniqueFilenames }}
+ - name: UNIQUE_FILENAMES
+ value: "{{ .Values.sidecar.enableUniqueFilenames }}"
+ {{- end }}
+ {{- if .Values.sidecar.plugins.searchNamespace }}
+ - name: NAMESPACE
+ value: "{{ tpl (.Values.sidecar.plugins.searchNamespace | join ",") . }}"
+ {{- end }}
+ {{- if .Values.sidecar.plugins.script }}
+ - name: SCRIPT
+ value: "{{ .Values.sidecar.plugins.script }}"
+ {{- end }}
+ {{- if .Values.sidecar.skipTlsVerify }}
+ - name: SKIP_TLS_VERIFY
+ value: "{{ .Values.sidecar.skipTlsVerify }}"
+ {{- end }}
+ {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
+ - name: REQ_USERNAME
+ valueFrom:
+ secretKeyRef:
+ name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }}
+ key: {{ .Values.admin.userKey | default "admin-user" }}
+ {{- end }}
+ {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
+ - name: REQ_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }}
+ key: {{ .Values.admin.passwordKey | default "admin-password" }}
+ {{- end }}
+ {{- if not .Values.sidecar.plugins.skipReload }}
+ - name: REQ_URL
+ value: {{ .Values.sidecar.plugins.reloadURL }}
+ - name: REQ_METHOD
+ value: POST
+ {{- end }}
+ {{- if .Values.sidecar.plugins.watchServerTimeout }}
+ {{- if ne .Values.sidecar.plugins.watchMethod "WATCH" }}
+ {{- fail (printf "Cannot use .Values.sidecar.plugins.watchServerTimeout with .Values.sidecar.plugins.watchMethod %s" .Values.sidecar.plugins.watchMethod) }}
+ {{- end }}
+ - name: WATCH_SERVER_TIMEOUT
+ value: "{{ .Values.sidecar.plugins.watchServerTimeout }}"
+ {{- end }}
+ {{- if .Values.sidecar.plugins.watchClientTimeout }}
+ {{- if ne .Values.sidecar.plugins.watchMethod "WATCH" }}
+ {{- fail (printf "Cannot use .Values.sidecar.plugins.watchClientTimeout with .Values.sidecar.plugins.watchMethod %s" .Values.sidecar.plugins.watchMethod) }}
+ {{- end }}
+ - name: WATCH_CLIENT_TIMEOUT
+ value: "{{ .Values.sidecar.plugins.watchClientTimeout }}"
+ {{- end }}
+ {{- with .Values.sidecar.livenessProbe }}
+ livenessProbe:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ {{- with .Values.sidecar.readinessProbe }}
+ readinessProbe:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ {{- with .Values.sidecar.resources }}
+ resources:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ {{- with .Values.sidecar.securityContext }}
+ securityContext:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ volumeMounts:
+ - name: sc-plugins-volume
+ mountPath: "/etc/grafana/provisioning/plugins"
+{{- end}}
+ - name: {{ .Chart.Name }}
+ {{- if .Values.image.sha }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}@sha256:{{ .Values.image.sha }}"
+ {{- else }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+ {{- end }}
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ {{- if .Values.command }}
+ command:
+ {{- range .Values.command }}
+ - {{ . | quote }}
+ {{- end }}
+ {{- end}}
+ {{- with .Values.containerSecurityContext }}
+ securityContext:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ volumeMounts:
+ - name: config
+ mountPath: "/etc/grafana/grafana.ini"
+ subPath: grafana.ini
+ {{- if .Values.ldap.enabled }}
+ - name: ldap
+ mountPath: "/etc/grafana/ldap.toml"
+ subPath: ldap.toml
+ {{- end }}
+ {{- $root := . }}
+ {{- range .Values.extraConfigmapMounts }}
+ - name: {{ tpl .name $root }}
+ mountPath: {{ tpl .mountPath $root }}
+ subPath: {{ (tpl .subPath $root) | default "" }}
+ readOnly: {{ .readOnly }}
+ {{- end }}
+ - name: storage
+ mountPath: "/var/lib/grafana"
+{{- if .Values.persistence.subPath }}
+ subPath: {{ tpl .Values.persistence.subPath . }}
+{{- end }}
+{{- if .Values.dashboards }}
+{{- range $provider, $dashboards := .Values.dashboards }}
+{{- range $key, $value := $dashboards }}
+{{- if (or (hasKey $value "json") (hasKey $value "file")) }}
+ - name: dashboards-{{ $provider }}
+ mountPath: "/var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json"
+ subPath: "{{ $key }}.json"
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end -}}
+{{- if .Values.dashboardsConfigMaps }}
+{{- range (keys .Values.dashboardsConfigMaps | sortAlpha) }}
+ - name: dashboards-{{ . }}
+ mountPath: "/var/lib/grafana/dashboards/{{ . }}"
+{{- end }}
+{{- end }}
+{{- if .Values.datasources }}
+{{- range (keys .Values.datasources | sortAlpha) }}
+ - name: config
+ mountPath: "/etc/grafana/provisioning/datasources/{{ . }}"
+ subPath: {{ . | quote }}
+{{- end }}
+{{- end }}
+{{- if .Values.notifiers }}
+{{- range (keys .Values.notifiers | sortAlpha) }}
+ - name: config
+ mountPath: "/etc/grafana/provisioning/notifiers/{{ . }}"
+ subPath: {{ . | quote }}
+{{- end }}
+{{- end }}
+{{- if .Values.alerting }}
+{{- range (keys .Values.alerting | sortAlpha) }}
+ - name: config
+ mountPath: "/etc/grafana/provisioning/alerting/{{ . }}"
+ subPath: {{ . | quote }}
+{{- end }}
+{{- end }}
+{{- if .Values.dashboardProviders }}
+{{- range (keys .Values.dashboardProviders | sortAlpha) }}
+ - name: config
+ mountPath: "/etc/grafana/provisioning/dashboards/{{ . }}"
+ subPath: {{ . | quote }}
+{{- end }}
+{{- end }}
+{{- with .Values.sidecar.alerts.enabled }}
+ - name: sc-alerts-volume
+ mountPath: "/etc/grafana/provisioning/alerting"
+{{- end}}
+{{- if .Values.sidecar.dashboards.enabled }}
+ - name: sc-dashboard-volume
+ mountPath: {{ .Values.sidecar.dashboards.folder | quote }}
+{{ if .Values.sidecar.dashboards.SCProvider }}
+ - name: sc-dashboard-provider
+ mountPath: "/etc/grafana/provisioning/dashboards/sc-dashboardproviders.yaml"
+ subPath: provider.yaml
+{{- end}}
+{{- end}}
+{{- if .Values.sidecar.datasources.enabled }}
+ - name: sc-datasources-volume
+ mountPath: "/etc/grafana/provisioning/datasources"
+{{- end}}
+{{- if .Values.sidecar.plugins.enabled }}
+ - name: sc-plugins-volume
+ mountPath: "/etc/grafana/provisioning/plugins"
+{{- end}}
+{{- if .Values.sidecar.notifiers.enabled }}
+ - name: sc-notifiers-volume
+ mountPath: "/etc/grafana/provisioning/notifiers"
+{{- end}}
+ {{- range .Values.extraSecretMounts }}
+ - name: {{ .name }}
+ mountPath: {{ .mountPath }}
+ readOnly: {{ .readOnly }}
+ subPath: {{ .subPath | default "" }}
+ {{- end }}
+ {{- range .Values.extraVolumeMounts }}
+ - name: {{ .name }}
+ mountPath: {{ .mountPath }}
+ subPath: {{ .subPath | default "" }}
+ readOnly: {{ .readOnly }}
+ {{- end }}
+ {{- range .Values.extraEmptyDirMounts }}
+ - name: {{ .name }}
+ mountPath: {{ .mountPath }}
+ {{- end }}
+ ports:
+ - name: {{ .Values.podPortName }}
+ containerPort: {{ .Values.service.targetPort }}
+ protocol: TCP
+ env:
+ {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
+ - name: GF_SECURITY_ADMIN_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }}
+ key: {{ .Values.admin.userKey | default "admin-user" }}
+ {{- end }}
+ {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
+ - name: GF_SECURITY_ADMIN_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }}
+ key: {{ .Values.admin.passwordKey | default "admin-password" }}
+ {{- end }}
+ {{- if .Values.plugins }}
+ - name: GF_INSTALL_PLUGINS
+ valueFrom:
+ configMapKeyRef:
+ name: {{ template "grafana.fullname" . }}
+ key: plugins
+ {{- end }}
+ {{- if .Values.smtp.existingSecret }}
+ - name: GF_SMTP_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.smtp.existingSecret }}
+ key: {{ .Values.smtp.userKey | default "user" }}
+ - name: GF_SMTP_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.smtp.existingSecret }}
+ key: {{ .Values.smtp.passwordKey | default "password" }}
+ {{- end }}
+ {{- if .Values.imageRenderer.enabled }}
+ - name: GF_RENDERING_SERVER_URL
+ value: http://{{ template "grafana.fullname" . }}-image-renderer.{{ template "grafana.namespace" . }}:{{ .Values.imageRenderer.service.port }}/render
+ - name: GF_RENDERING_CALLBACK_URL
+ value: {{ .Values.imageRenderer.grafanaProtocol }}://{{ template "grafana.fullname" . }}.{{ template "grafana.namespace" . }}:{{ .Values.service.port }}/{{ .Values.imageRenderer.grafanaSubPath }}
+ {{- end }}
+ - name: GF_PATHS_DATA
+ value: {{ (get .Values "grafana.ini").paths.data }}
+ - name: GF_PATHS_LOGS
+ value: {{ (get .Values "grafana.ini").paths.logs }}
+ - name: GF_PATHS_PLUGINS
+ value: {{ (get .Values "grafana.ini").paths.plugins }}
+ - name: GF_PATHS_PROVISIONING
+ value: {{ (get .Values "grafana.ini").paths.provisioning }}
+ {{- range $key, $value := .Values.envValueFrom }}
+ - name: {{ $key | quote }}
+ valueFrom:
+{{ tpl (toYaml $value) $ | indent 10 }}
+ {{- end }}
+{{- range $key, $value := .Values.env }}
+ - name: "{{ tpl $key $ }}"
+ value: "{{ tpl (print $value) $ }}"
+{{- end }}
+ {{- if or .Values.envFromSecret (or .Values.envRenderSecret .Values.envFromSecrets) .Values.envFromConfigMaps }}
+ envFrom:
+ {{- if .Values.envFromSecret }}
+ - secretRef:
+ name: {{ tpl .Values.envFromSecret . }}
+ {{- end }}
+ {{- if .Values.envRenderSecret }}
+ - secretRef:
+ name: {{ template "grafana.fullname" . }}-env
+ {{- end }}
+ {{- range .Values.envFromSecrets }}
+ - secretRef:
+ name: {{ tpl .name $ }}
+ optional: {{ .optional | default false }}
+ {{- end }}
+ {{- range .Values.envFromConfigMaps }}
+ - configMapRef:
+ name: {{ tpl .name $ }}
+ optional: {{ .optional | default false }}
+ {{- end }}
+ {{- end }}
+ {{- with .Values.livenessProbe }}
+ livenessProbe:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ {{- with .Values.readinessProbe }}
+ readinessProbe:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+{{- if .Values.lifecycleHooks }}
+ lifecycle: {{ tpl (.Values.lifecycleHooks | toYaml) . | nindent 6 }}
+{{- end }}
+ {{- with .Values.resources }}
+ resources:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+{{- with .Values.extraContainers }}
+{{ tpl . $ | indent 2 }}
+{{- end }}
+{{- with .Values.nodeSelector }}
+nodeSelector:
+ {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- $root := . }}
+{{- with .Values.affinity }}
+affinity:
+{{ tpl (toYaml .) $root | indent 2 }}
+{{- end }}
+{{- with .Values.topologySpreadConstraints }}
+topologySpreadConstraints:
+ {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- with .Values.tolerations }}
+tolerations:
+ {{- toYaml . | nindent 2 }}
+{{- end }}
+volumes:
+ - name: config
+ configMap:
+ name: {{ template "grafana.fullname" . }}
+{{- $root := . }}
+{{- range .Values.extraConfigmapMounts }}
+ - name: {{ tpl .name $root }}
+ configMap:
+ name: {{ tpl .configMap $root }}
+ {{- if .items }}
+ items: {{ toYaml .items | nindent 6 }}
+ {{- end }}
+{{- end }}
+ {{- if .Values.dashboards }}
+ {{- range (keys .Values.dashboards | sortAlpha) }}
+ - name: dashboards-{{ . }}
+ configMap:
+ name: {{ template "grafana.fullname" $ }}-dashboards-{{ . }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.dashboardsConfigMaps }}
+ {{ $root := . }}
+ {{- range $provider, $name := .Values.dashboardsConfigMaps }}
+ - name: dashboards-{{ $provider }}
+ configMap:
+ name: {{ tpl $name $root }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.ldap.enabled }}
+ - name: ldap
+ secret:
+ {{- if .Values.ldap.existingSecret }}
+ secretName: {{ .Values.ldap.existingSecret }}
+ {{- else }}
+ secretName: {{ template "grafana.fullname" . }}
+ {{- end }}
+ items:
+ - key: ldap-toml
+ path: ldap.toml
+ {{- end }}
+{{- if and .Values.persistence.enabled (eq .Values.persistence.type "pvc") }}
+ - name: storage
+ persistentVolumeClaim:
+ claimName: {{ tpl (.Values.persistence.existingClaim | default (include "grafana.fullname" .)) . }}
+{{- else if and .Values.persistence.enabled (eq .Values.persistence.type "statefulset") }}
+# nothing
+{{- else }}
+ - name: storage
+{{- if .Values.persistence.inMemory.enabled }}
+ emptyDir:
+ medium: Memory
+{{- if .Values.persistence.inMemory.sizeLimit }}
+ sizeLimit: {{ .Values.persistence.inMemory.sizeLimit }}
+{{- end -}}
+{{- else }}
+ emptyDir: {}
+{{- end -}}
+{{- end -}}
+{{- if .Values.sidecar.alerts.enabled }}
+ - name: sc-alerts-volume
+{{- if .Values.sidecar.alerts.sizeLimit }}
+ emptyDir:
+ sizeLimit: {{ .Values.sidecar.alerts.sizeLimit }}
+{{- else }}
+ emptyDir: {}
+{{- end -}}
+{{- end -}}
+{{- if .Values.sidecar.dashboards.enabled }}
+ - name: sc-dashboard-volume
+{{- if .Values.sidecar.dashboards.sizeLimit }}
+ emptyDir:
+ sizeLimit: {{ .Values.sidecar.dashboards.sizeLimit }}
+{{- else }}
+ emptyDir: {}
+{{- end -}}
+{{- if .Values.sidecar.dashboards.SCProvider }}
+ - name: sc-dashboard-provider
+ configMap:
+ name: {{ template "grafana.fullname" . }}-config-dashboards
+{{- end }}
+{{- end }}
+{{- if .Values.sidecar.datasources.enabled }}
+ - name: sc-datasources-volume
+{{- if .Values.sidecar.datasources.sizeLimit }}
+ emptyDir:
+ sizeLimit: {{ .Values.sidecar.datasources.sizeLimit }}
+{{- else }}
+ emptyDir: {}
+{{- end -}}
+{{- end -}}
+{{- if .Values.sidecar.plugins.enabled }}
+ - name: sc-plugins-volume
+{{- if .Values.sidecar.plugins.sizeLimit }}
+ emptyDir:
+ sizeLimit: {{ .Values.sidecar.plugins.sizeLimit }}
+{{- else }}
+ emptyDir: {}
+{{- end -}}
+{{- end -}}
+{{- if .Values.sidecar.notifiers.enabled }}
+ - name: sc-notifiers-volume
+{{- if .Values.sidecar.notifiers.sizeLimit }}
+ emptyDir:
+ sizeLimit: {{ .Values.sidecar.notifiers.sizeLimit }}
+{{- else }}
+ emptyDir: {}
+{{- end -}}
+{{- end -}}
+{{- range .Values.extraSecretMounts }}
+{{- if .secretName }}
+ - name: {{ .name }}
+ secret:
+ secretName: {{ .secretName }}
+ defaultMode: {{ .defaultMode }}
+ {{- if .items }}
+ items: {{ toYaml .items | nindent 6 }}
+ {{- end }}
+{{- else if .projected }}
+ - name: {{ .name }}
+ projected: {{- toYaml .projected | nindent 6 }}
+{{- else if .csi }}
+ - name: {{ .name }}
+ csi: {{- toYaml .csi | nindent 6 }}
+{{- end }}
+{{- end }}
+{{- range .Values.extraVolumeMounts }}
+ - name: {{ .name }}
+ {{- if .existingClaim }}
+ persistentVolumeClaim:
+ claimName: {{ .existingClaim }}
+ {{- else if .hostPath }}
+ hostPath:
+ path: {{ .hostPath }}
+ {{- else if .csi }}
+ csi:
+ data:
+ {{ toYaml .data | nindent 6 }}
+ {{- else }}
+ emptyDir: {}
+ {{- end }}
+{{- end }}
+{{- range .Values.extraEmptyDirMounts }}
+ - name: {{ .name }}
+ emptyDir: {}
+{{- end -}}
+{{- if .Values.extraContainerVolumes }}
+{{ tpl (toYaml .Values.extraContainerVolumes) . | indent 2 }}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/clusterrole.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/clusterrole.yaml
new file mode 100644
index 0000000..154658b
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/templates/clusterrole.yaml
@@ -0,0 +1,25 @@
+{{- if and .Values.rbac.create (not .Values.rbac.namespaced) (not .Values.rbac.useExistingRole) }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ labels:
+ {{- include "grafana.labels" . | nindent 4 }}
+{{- with .Values.annotations }}
+ annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+ name: {{ template "grafana.fullname" . }}-clusterrole
+{{- if or .Values.sidecar.dashboards.enabled (or .Values.rbac.extraClusterRoleRules (or .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled)) }}
+rules:
+{{- if or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled) }}
+- apiGroups: [""] # "" indicates the core API group
+ resources: ["configmaps", "secrets"]
+ verbs: ["get", "watch", "list"]
+{{- end}}
+{{- with .Values.rbac.extraClusterRoleRules }}
+{{ toYaml . | indent 0 }}
+{{- end}}
+{{- else }}
+rules: []
+{{- end}}
+{{- end}}
diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/clusterrolebinding.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/clusterrolebinding.yaml
new file mode 100644
index 0000000..4accbfa
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/templates/clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{- if and .Values.rbac.create (not .Values.rbac.namespaced) }}
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ template "grafana.fullname" . }}-clusterrolebinding
+ labels:
+ {{- include "grafana.labels" . | nindent 4 }}
+{{- with .Values.annotations }}
+ annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ template "grafana.serviceAccountName" . }}
+ namespace: {{ template "grafana.namespace" . }}
+roleRef:
+ kind: ClusterRole
+{{- if (not .Values.rbac.useExistingRole) }}
+ name: {{ template "grafana.fullname" . }}-clusterrole
+{{- else }}
+ name: {{ .Values.rbac.useExistingRole }}
+{{- end }}
+ apiGroup: rbac.authorization.k8s.io
+{{- end -}}
diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/configmap-dashboard-provider.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/configmap-dashboard-provider.yaml
new file mode 100644
index 0000000..ff78adb
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/templates/configmap-dashboard-provider.yaml
@@ -0,0 +1,29 @@
+{{- if and .Values.sidecar.dashboards.enabled .Values.sidecar.dashboards.SCProvider }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ labels:
+ {{- include "grafana.labels" . | nindent 4 }}
+{{- with .Values.annotations }}
+ annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+ name: {{ template "grafana.fullname" . }}-config-dashboards
+ namespace: {{ template "grafana.namespace" . }}
+data:
+ provider.yaml: |-
+ apiVersion: 1
+ providers:
+ - name: '{{ .Values.sidecar.dashboards.provider.name }}'
+ orgId: {{ .Values.sidecar.dashboards.provider.orgid }}
+ {{- if not .Values.sidecar.dashboards.provider.foldersFromFilesStructure }}
+ folder: '{{ .Values.sidecar.dashboards.provider.folder }}'
+ {{- end}}
+ type: {{ .Values.sidecar.dashboards.provider.type }}
+ disableDeletion: {{ .Values.sidecar.dashboards.provider.disableDelete }}
+ allowUiUpdates: {{ .Values.sidecar.dashboards.provider.allowUiUpdates }}
+ updateIntervalSeconds: {{ .Values.sidecar.dashboards.provider.updateIntervalSeconds | default 30 }}
+ options:
+ foldersFromFilesStructure: {{ .Values.sidecar.dashboards.provider.foldersFromFilesStructure }}
+ path: {{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}
+{{- end}}
diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/configmap.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/configmap.yaml
new file mode 100644
index 0000000..1f3db0b
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/templates/configmap.yaml
@@ -0,0 +1,134 @@
+{{- if .Values.createConfigmap }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "grafana.fullname" . }}
+ namespace: {{ template "grafana.namespace" . }}
+ labels:
+ {{- include "grafana.labels" . | nindent 4 }}
+{{- with .Values.annotations }}
+ annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+data:
+{{- if .Values.plugins }}
+ plugins: {{ join "," .Values.plugins }}
+{{- end }}
+ grafana.ini: |
+{{- range $elem, $elemVal := index .Values "grafana.ini" }}
+ {{- if not (kindIs "map" $elemVal) }}
+ {{- if kindIs "invalid" $elemVal }}
+ {{ $elem }} =
+ {{- else if kindIs "string" $elemVal }}
+ {{ $elem }} = {{ tpl $elemVal $ }}
+ {{- else }}
+ {{ $elem }} = {{ $elemVal }}
+ {{- end }}
+ {{- end }}
+{{- end }}
+{{- range $key, $value := index .Values "grafana.ini" }}
+ {{- if kindIs "map" $value }}
+ [{{ $key }}]
+ {{- range $elem, $elemVal := $value }}
+ {{- if kindIs "invalid" $elemVal }}
+ {{ $elem }} =
+ {{- else if kindIs "string" $elemVal }}
+ {{ $elem }} = {{ tpl $elemVal $ }}
+ {{- else }}
+ {{ $elem }} = {{ $elemVal }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+{{- end }}
+
+{{- if .Values.datasources }}
+{{ $root := . }}
+ {{- range $key, $value := .Values.datasources }}
+ {{ $key }}: |
+{{ tpl (toYaml $value | indent 4) $root }}
+ {{- end -}}
+{{- end -}}
+
+{{- if .Values.notifiers }}
+ {{- range $key, $value := .Values.notifiers }}
+ {{ $key }}: |
+{{ toYaml $value | indent 4 }}
+ {{- end -}}
+{{- end -}}
+
+{{- if .Values.alerting }}
+{{ $root := . }}
+ {{- range $key, $value := .Values.alerting }}
+ {{ $key }}: |
+{{ tpl (toYaml $value | indent 4) $root }}
+ {{- end -}}
+{{- end -}}
+
+{{- if .Values.dashboardProviders }}
+ {{- range $key, $value := .Values.dashboardProviders }}
+ {{ $key }}: |
+{{ toYaml $value | indent 4 }}
+ {{- end -}}
+{{- end -}}
+
+{{- if .Values.dashboards }}
+ download_dashboards.sh: |
+ #!/usr/bin/env sh
+ set -euf
+ {{- if .Values.dashboardProviders }}
+ {{- range $key, $value := .Values.dashboardProviders }}
+ {{- range $value.providers }}
+ mkdir -p {{ .options.path }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{ $dashboardProviders := .Values.dashboardProviders }}
+ {{- range $provider, $dashboards := .Values.dashboards }}
+ {{- range $key, $value := $dashboards }}
+ {{- if (or (hasKey $value "gnetId") (hasKey $value "url")) }}
+ curl -skf \
+ --connect-timeout 60 \
+ --max-time 60 \
+ {{- if not $value.b64content }}
+ -H "Accept: application/json" \
+ {{- if $value.token }}
+ -H "Authorization: token {{ $value.token }}" \
+ {{- end }}
+ {{- if $value.bearerToken }}
+ -H "Authorization: Bearer {{ $value.bearerToken }}" \
+ {{- end }}
+ {{- if $value.gitlabToken }}
+ -H "PRIVATE-TOKEN: {{ $value.gitlabToken }}" \
+ {{- end }}
+ -H "Content-Type: application/json;charset=UTF-8" \
+ {{- end -}}
+ {{- $dpPath := "" -}}
+ {{- range $kd := (index $dashboardProviders "dashboardproviders.yaml").providers -}}
+ {{- if eq $kd.name $provider -}}
+ {{- $dpPath = $kd.options.path -}}
+ {{- end -}}
+ {{- end -}}
+ {{- if $value.url }}
+ "{{ $value.url }}" \
+ {{- else }}
+ "https://grafana.com/api/dashboards/{{ $value.gnetId }}/revisions/{{- if $value.revision -}}{{ $value.revision }}{{- else -}}1{{- end -}}/download" \
+ {{- end -}}
+ {{- if $value.datasource }}
+ {{- if kindIs "string" $value.datasource }}
+ | sed '/-- .* --/! s/"datasource":.*,/"datasource": "{{ $value.datasource }}",/g' \
+ {{- end -}}
+ {{- if kindIs "slice" $value.datasource -}}
+ {{- range $value.datasource }}
+ | sed '/-- .* --/! s/${{"{"}}{{ .name }}}/{{ .value }}/g' \
+ {{- end -}}
+ {{- end -}}
+ {{- end -}}
+ {{- if $value.b64content }}
+ | base64 -d \
+ {{- end }}
+ > "{{- if $dpPath -}}{{ $dpPath }}{{- else -}}/var/lib/grafana/dashboards/{{ $provider }}{{- end -}}/{{ $key }}.json"
+ {{ end }}
+ {{- end -}}
+ {{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/dashboards-json-configmap.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/dashboards-json-configmap.yaml
new file mode 100644
index 0000000..59e0be6
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/templates/dashboards-json-configmap.yaml
@@ -0,0 +1,35 @@
+{{- if .Values.dashboards }}
+{{ $files := .Files }}
+{{- range $provider, $dashboards := .Values.dashboards }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "grafana.fullname" $ }}-dashboards-{{ $provider }}
+ namespace: {{ template "grafana.namespace" $ }}
+ labels:
+ {{- include "grafana.labels" $ | nindent 4 }}
+ dashboard-provider: {{ $provider }}
+{{- if $dashboards }}
+data:
+{{- $dashboardFound := false }}
+{{- range $key, $value := $dashboards }}
+{{- if (or (hasKey $value "json") (hasKey $value "file")) }}
+{{- $dashboardFound = true }}
+{{ print $key | indent 2 }}.json:
+{{- if hasKey $value "json" }}
+ |-
+{{ $value.json | indent 6 }}
+{{- end }}
+{{- if hasKey $value "file" }}
+{{ toYaml ( $files.Get $value.file ) | indent 4}}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- if not $dashboardFound }}
+ {}
+{{- end }}
+{{- end }}
+---
+{{- end }}
+
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/deployment.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/deployment.yaml
new file mode 100644
index 0000000..fee9c33
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/templates/deployment.yaml
@@ -0,0 +1,50 @@
+{{ if (and (not .Values.useStatefulSet) (or (not .Values.persistence.enabled) (eq .Values.persistence.type "pvc"))) }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ template "grafana.fullname" . }}
+ namespace: {{ template "grafana.namespace" . }}
+ labels:
+ {{- include "grafana.labels" . | nindent 4 }}
+{{- if .Values.labels }}
+{{ toYaml .Values.labels | indent 4 }}
+{{- end }}
+{{- with .Values.annotations }}
+ annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+ {{- if and (not .Values.autoscaling.enabled) (.Values.replicas) }}
+ replicas: {{ .Values.replicas }}
+ {{- end }}
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+ selector:
+ matchLabels:
+ {{- include "grafana.selectorLabels" . | nindent 6 }}
+{{- with .Values.deploymentStrategy }}
+ strategy:
+{{ toYaml . | trim | indent 4 }}
+{{- end }}
+ template:
+ metadata:
+ labels:
+ {{- include "grafana.selectorLabels" . | nindent 8 }}
+{{- with .Values.podLabels }}
+{{ toYaml . | indent 8 }}
+{{- end }}
+ annotations:
+ checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }}
+ checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }}
+{{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
+ checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
+{{- end }}
+{{- if .Values.envRenderSecret }}
+ checksum/secret-env: {{ include (print $.Template.BasePath "/secret-env.yaml") . | sha256sum }}
+{{- end }}
+{{- with .Values.podAnnotations }}
+{{ toYaml . | indent 8 }}
+{{- end }}
+ spec:
+ {{- include "grafana.pod" . | indent 6 }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/extra-manifests.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/extra-manifests.yaml
new file mode 100644
index 0000000..a9bb3b6
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/templates/extra-manifests.yaml
@@ -0,0 +1,4 @@
+{{ range .Values.extraObjects }}
+---
+{{ tpl (toYaml .) $ }}
+{{ end }}
diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/headless-service.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/headless-service.yaml
new file mode 100644
index 0000000..b5faddc
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/templates/headless-service.yaml
@@ -0,0 +1,22 @@
+{{- if or .Values.headlessService (and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "statefulset"))}}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "grafana.fullname" . }}-headless
+ namespace: {{ template "grafana.namespace" . }}
+ labels:
+ {{- include "grafana.labels" . | nindent 4 }}
+{{- with .Values.annotations }}
+ annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+ clusterIP: None
+ selector:
+ {{- include "grafana.selectorLabels" . | nindent 4 }}
+ type: ClusterIP
+ ports:
+ - protocol: TCP
+ port: 3000
+ targetPort: {{ .Values.service.targetPort }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/hpa.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/hpa.yaml
new file mode 100644
index 0000000..0572397
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/templates/hpa.yaml
@@ -0,0 +1,21 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+ name: {{ template "grafana.fullname" . }}
+ namespace: {{ template "grafana.namespace" . }}
+ labels:
+ app.kubernetes.io/name: {{ template "grafana.name" . }}
+ helm.sh/chart: {{ template "grafana.chart" . }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+ scaleTargetRef:
+ apiVersion: apps/v1
+ kind: Deployment
+ name: {{ template "grafana.fullname" . }}
+ minReplicas: {{ .Values.autoscaling.minReplicas }}
+ maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+ metrics:
+{{ toYaml .Values.autoscaling.metrics | indent 4 }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-deployment.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-deployment.yaml
new file mode 100644
index 0000000..f1b9fc3
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-deployment.yaml
@@ -0,0 +1,120 @@
+{{ if .Values.imageRenderer.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ template "grafana.fullname" . }}-image-renderer
+ namespace: {{ template "grafana.namespace" . }}
+ labels:
+ {{- include "grafana.imageRenderer.labels" . | nindent 4 }}
+ {{- if .Values.imageRenderer.labels }}
+ {{ toYaml .Values.imageRenderer.labels | indent 4 }}
+ {{- end }}
+ {{- with .Values.imageRenderer.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ replicas: {{ .Values.imageRenderer.replicas }}
+ revisionHistoryLimit: {{ .Values.imageRenderer.revisionHistoryLimit }}
+ selector:
+ matchLabels:
+ {{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }}
+
+ {{- with .Values.imageRenderer.deploymentStrategy }}
+ strategy:
+ {{- toYaml . | trim | nindent 4 }}
+ {{- end }}
+ template:
+ metadata:
+ labels:
+ {{- include "grafana.imageRenderer.selectorLabels" . | nindent 8 }}
+ {{- with .Values.imageRenderer.podLabels }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ annotations:
+ checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ {{- with .Values.imageRenderer.podAnnotations }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ spec:
+ {{- if .Values.imageRenderer.schedulerName }}
+ schedulerName: "{{ .Values.imageRenderer.schedulerName }}"
+ {{- end }}
+ {{- if .Values.imageRenderer.serviceAccountName }}
+ serviceAccountName: "{{ .Values.imageRenderer.serviceAccountName }}"
+ {{- end }}
+ {{- if .Values.imageRenderer.securityContext }}
+ securityContext:
+ {{- toYaml .Values.imageRenderer.securityContext | nindent 8 }}
+ {{- end }}
+ {{- if .Values.imageRenderer.hostAliases }}
+ hostAliases:
+ {{- toYaml .Values.imageRenderer.hostAliases | nindent 8 }}
+ {{- end }}
+ {{- if .Values.imageRenderer.priorityClassName }}
+ priorityClassName: {{ .Values.imageRenderer.priorityClassName }}
+ {{- end }}
+ {{- if .Values.imageRenderer.image.pullSecrets }}
+ imagePullSecrets:
+ {{- $root := . }}
+ {{- range .Values.imageRenderer.image.pullSecrets }}
+ - name: {{ tpl . $root }}
+ {{- end}}
+ {{- end }}
+ containers:
+ - name: {{ .Chart.Name }}-image-renderer
+ {{- if .Values.imageRenderer.image.sha }}
+ image: "{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}@sha256:{{ .Values.imageRenderer.image.sha }}"
+ {{- else }}
+ image: "{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}"
+ {{- end }}
+ imagePullPolicy: {{ .Values.imageRenderer.image.pullPolicy }}
+ {{- if .Values.imageRenderer.command }}
+ command:
+ {{- range .Values.imageRenderer.command }}
+ - {{ . }}
+ {{- end }}
+ {{- end}}
+ ports:
+ - name: {{ .Values.imageRenderer.service.portName }}
+ containerPort: {{ .Values.imageRenderer.service.targetPort }}
+ protocol: TCP
+ livenessProbe:
+ httpGet:
+ path: /
+ port: {{ .Values.imageRenderer.service.portName }}
+ env:
+ - name: HTTP_PORT
+ value: {{ .Values.imageRenderer.service.targetPort | quote }}
+ {{- range $key, $value := .Values.imageRenderer.env }}
+ - name: {{ $key | quote }}
+ value: {{ $value | quote }}
+ {{- end }}
+ {{- with .Values.imageRenderer.containerSecurityContext }}
+ securityContext:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ - mountPath: /tmp
+ name: image-renderer-tmpfs
+ {{- with .Values.imageRenderer.resources }}
+ resources:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ {{- with .Values.imageRenderer.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- $root := . }}
+ {{- with .Values.imageRenderer.affinity }}
+ affinity:
+ {{- tpl (toYaml .) $root | nindent 8 }}
+ {{- end }}
+ {{- with .Values.imageRenderer.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ volumes:
+ - name: image-renderer-tmpfs
+ emptyDir: {}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-network-policy.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-network-policy.yaml
new file mode 100644
index 0000000..0d9bdfe
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-network-policy.yaml
@@ -0,0 +1,73 @@
+{{- if and (.Values.imageRenderer.enabled) (.Values.imageRenderer.networkPolicy.limitIngress) }}
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: {{ template "grafana.fullname" . }}-image-renderer-ingress
+ namespace: {{ template "grafana.namespace" . }}
+ annotations:
+ comment: Limit image-renderer ingress traffic from grafana
+spec:
+ podSelector:
+ matchLabels:
+ {{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }}
+ {{- if .Values.imageRenderer.podLabels }}
+ {{ toYaml .Values.imageRenderer.podLabels | nindent 6 }}
+ {{- end }}
+
+ policyTypes:
+ - Ingress
+ ingress:
+ - ports:
+ - port: {{ .Values.imageRenderer.service.targetPort }}
+ protocol: TCP
+ from:
+ - namespaceSelector:
+ matchLabels:
+ name: {{ template "grafana.namespace" . }}
+ podSelector:
+ matchLabels:
+ {{- include "grafana.selectorLabels" . | nindent 14 }}
+ {{- if .Values.podLabels }}
+ {{ toYaml .Values.podLabels | nindent 14 }}
+ {{- end }}
+{{ end }}
+
+{{- if and (.Values.imageRenderer.enabled) (.Values.imageRenderer.networkPolicy.limitEgress) }}
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: {{ template "grafana.fullname" . }}-image-renderer-egress
+ namespace: {{ template "grafana.namespace" . }}
+ annotations:
+ comment: Limit image-renderer egress traffic to grafana
+spec:
+ podSelector:
+ matchLabels:
+ {{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }}
+ {{- if .Values.imageRenderer.podLabels }}
+ {{ toYaml .Values.imageRenderer.podLabels | nindent 6 }}
+ {{- end }}
+
+ policyTypes:
+ - Egress
+ egress:
+ # allow dns resolution
+ - ports:
+ - port: 53
+ protocol: UDP
+ - port: 53
+ protocol: TCP
+ # talk only to grafana
+ - ports:
+ - port: {{ .Values.service.port }}
+ protocol: TCP
+ to:
+ - podSelector:
+ matchLabels:
+ {{- include "grafana.selectorLabels" . | nindent 14 }}
+ {{- if .Values.podLabels }}
+ {{ toYaml .Values.podLabels | nindent 14 }}
+ {{- end }}
+{{ end }}
diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-service.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-service.yaml
new file mode 100644
index 0000000..fcf707a
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-service.yaml
@@ -0,0 +1,33 @@
+{{ if .Values.imageRenderer.enabled }}
+{{ if .Values.imageRenderer.service.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "grafana.fullname" . }}-image-renderer
+ namespace: {{ template "grafana.namespace" . }}
+ labels:
+ {{- include "grafana.imageRenderer.labels" . | nindent 4 }}
+{{- if .Values.imageRenderer.service.labels }}
+{{ toYaml .Values.imageRenderer.service.labels | indent 4 }}
+{{- end }}
+{{- with .Values.imageRenderer.service.annotations }}
+ annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+ type: ClusterIP
+ {{- if .Values.imageRenderer.service.clusterIP }}
+ clusterIP: {{ .Values.imageRenderer.service.clusterIP }}
+ {{end}}
+ ports:
+ - name: {{ .Values.imageRenderer.service.portName }}
+ port: {{ .Values.imageRenderer.service.port }}
+ protocol: TCP
+ targetPort: {{ .Values.imageRenderer.service.targetPort }}
+ {{- if .Values.imageRenderer.appProtocol }}
+ appProtocol: {{ .Values.imageRenderer.appProtocol }}
+ {{- end }}
+ selector:
+ {{- include "grafana.imageRenderer.selectorLabels" . | nindent 4 }}
+{{ end }}
+{{ end }}
diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/ingress.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/ingress.yaml
new file mode 100644
index 0000000..7699cec
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/templates/ingress.yaml
@@ -0,0 +1,78 @@
+{{- if .Values.ingress.enabled -}}
+{{- $ingressApiIsStable := eq (include "grafana.ingress.isStable" .) "true" -}}
+{{- $ingressSupportsIngressClassName := eq (include "grafana.ingress.supportsIngressClassName" .) "true" -}}
+{{- $ingressSupportsPathType := eq (include "grafana.ingress.supportsPathType" .) "true" -}}
+{{- $fullName := include "grafana.fullname" . -}}
+{{- $servicePort := .Values.service.port -}}
+{{- $ingressPath := .Values.ingress.path -}}
+{{- $ingressPathType := .Values.ingress.pathType -}}
+{{- $extraPaths := .Values.ingress.extraPaths -}}
+apiVersion: {{ include "grafana.ingress.apiVersion" . }}
+kind: Ingress
+metadata:
+ name: {{ $fullName }}
+ namespace: {{ template "grafana.namespace" . }}
+ labels:
+ {{- include "grafana.labels" . | nindent 4 }}
+{{- if .Values.ingress.labels }}
+{{ toYaml .Values.ingress.labels | indent 4 }}
+{{- end }}
+ {{- if .Values.ingress.annotations }}
+ annotations:
+ {{- range $key, $value := .Values.ingress.annotations }}
+ {{ $key }}: {{ tpl $value $ | quote }}
+ {{- end }}
+ {{- end }}
+spec:
+ {{- if and $ingressSupportsIngressClassName .Values.ingress.ingressClassName }}
+ ingressClassName: {{ .Values.ingress.ingressClassName }}
+ {{- end -}}
+{{- if .Values.ingress.tls }}
+ tls:
+{{ tpl (toYaml .Values.ingress.tls) $ | indent 4 }}
+{{- end }}
+ rules:
+ {{- if .Values.ingress.hosts }}
+ {{- range .Values.ingress.hosts }}
+ - host: {{ tpl . $}}
+ http:
+ paths:
+{{- if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+ - path: {{ $ingressPath }}
+ {{- if $ingressSupportsPathType }}
+ pathType: {{ $ingressPathType }}
+ {{- end }}
+ backend:
+ {{- if $ingressApiIsStable }}
+ service:
+ name: {{ $fullName }}
+ port:
+ number: {{ $servicePort }}
+ {{- else }}
+ serviceName: {{ $fullName }}
+ servicePort: {{ $servicePort }}
+ {{- end }}
+ {{- end }}
+ {{- else }}
+ - http:
+ paths:
+ - backend:
+ {{- if $ingressApiIsStable }}
+ service:
+ name: {{ $fullName }}
+ port:
+ number: {{ $servicePort }}
+ {{- else }}
+ serviceName: {{ $fullName }}
+ servicePort: {{ $servicePort }}
+ {{- end }}
+ {{- if $ingressPath }}
+ path: {{ $ingressPath }}
+ {{- end }}
+ {{- if $ingressSupportsPathType }}
+ pathType: {{ $ingressPathType }}
+ {{- end }}
+ {{- end -}}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/networkpolicy.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/networkpolicy.yaml
new file mode 100644
index 0000000..b751d94
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/templates/networkpolicy.yaml
@@ -0,0 +1,52 @@
+{{- if .Values.networkPolicy.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: {{ template "grafana.fullname" . }}
+ namespace: {{ template "grafana.namespace" . }}
+ labels:
+ {{- include "grafana.labels" . | nindent 4 }}
+ {{- with .Values.labels }}
+ {{ toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ policyTypes:
+ {{- if .Values.networkPolicy.ingress }}
+ - Ingress
+ {{- end }}
+ {{- if .Values.networkPolicy.egress.enabled }}
+ - Egress
+ {{- end }}
+ podSelector:
+ matchLabels:
+ {{- include "grafana.selectorLabels" . | nindent 6 }}
+
+ {{- if .Values.networkPolicy.egress.enabled }}
+ egress:
+ - ports:
+ {{ .Values.networkPolicy.egress.ports | toJson }}
+ {{- end }}
+ {{- if .Values.networkPolicy.ingress }}
+ ingress:
+ - ports:
+ - port: {{ .Values.service.targetPort }}
+ {{- if not .Values.networkPolicy.allowExternal }}
+ from:
+ - podSelector:
+ matchLabels:
+ {{ template "grafana.fullname" . }}-client: "true"
+ {{- with .Values.networkPolicy.explicitNamespacesSelector }}
+ - namespaceSelector:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ - podSelector:
+ matchLabels:
+ {{- include "grafana.labels" . | nindent 14 }}
+ role: read
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/poddisruptionbudget.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/poddisruptionbudget.yaml
new file mode 100644
index 0000000..70901b7
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/templates/poddisruptionbudget.yaml
@@ -0,0 +1,22 @@
+{{- if .Values.podDisruptionBudget }}
+apiVersion: {{ include "grafana.podDisruptionBudget.apiVersion" . }}
+kind: PodDisruptionBudget
+metadata:
+ name: {{ template "grafana.fullname" . }}
+ namespace: {{ template "grafana.namespace" . }}
+ labels:
+ {{- include "grafana.labels" . | nindent 4 }}
+{{- if .Values.labels }}
+{{ toYaml .Values.labels | indent 4 }}
+{{- end }}
+spec:
+{{- if .Values.podDisruptionBudget.minAvailable }}
+ minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
+{{- end }}
+{{- if .Values.podDisruptionBudget.maxUnavailable }}
+ maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
+{{- end }}
+ selector:
+ matchLabels:
+ {{- include "grafana.selectorLabels" . | nindent 6 }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/podsecuritypolicy.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/podsecuritypolicy.yaml
new file mode 100644
index 0000000..d9905c6
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/templates/podsecuritypolicy.yaml
@@ -0,0 +1,51 @@
+{{- if .Values.rbac.pspEnabled }}
+{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ template "grafana.fullname" . }}
+ labels:
+ {{- include "grafana.labels" . | nindent 4 }}
+ annotations:
+ seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
+ seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
+ {{- if .Values.rbac.pspUseAppArmor }}
+ apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
+ apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
+ {{- end }}
+spec:
+ privileged: false
+ allowPrivilegeEscalation: false
+ requiredDropCapabilities:
+ # Default set from Docker, with DAC_OVERRIDE and CHOWN
+ - ALL
+ volumes:
+ - 'configMap'
+ - 'emptyDir'
+ - 'projected'
+ - 'csi'
+ - 'secret'
+ - 'downwardAPI'
+ - 'persistentVolumeClaim'
+ hostNetwork: false
+ hostIPC: false
+ hostPID: false
+ runAsUser:
+ rule: 'RunAsAny'
+ seLinux:
+ rule: 'RunAsAny'
+ supplementalGroups:
+ rule: 'MustRunAs'
+ ranges:
+ # Forbid adding the root group.
+ - min: 1
+ max: 65535
+ fsGroup:
+ rule: 'MustRunAs'
+ ranges:
+ # Forbid adding the root group.
+ - min: 1
+ max: 65535
+ readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/pvc.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/pvc.yaml
new file mode 100644
index 0000000..65dd100
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/templates/pvc.yaml
@@ -0,0 +1,36 @@
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "pvc")}}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: {{ template "grafana.fullname" . }}
+ namespace: {{ template "grafana.namespace" . }}
+ labels:
+ {{- include "grafana.labels" . | nindent 4 }}
+ {{- with .Values.persistence.extraPvcLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.persistence.annotations }}
+ annotations:
+{{ toYaml . | indent 4 }}
+ {{- end }}
+ {{- with .Values.persistence.finalizers }}
+ finalizers:
+{{ toYaml . | indent 4 }}
+ {{- end }}
+spec:
+ accessModes:
+ {{- range .Values.persistence.accessModes }}
+ - {{ . | quote }}
+ {{- end }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size | quote }}
+ {{- if .Values.persistence.storageClassName }}
+ storageClassName: {{ .Values.persistence.storageClassName }}
+ {{- end -}}
+ {{- with .Values.persistence.selectorLabels }}
+ selector:
+ matchLabels:
+{{ toYaml . | indent 6 }}
+ {{- end }}
+{{- end -}}
diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/role.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/role.yaml
new file mode 100644
index 0000000..ff2160f
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/templates/role.yaml
@@ -0,0 +1,32 @@
+{{- if and .Values.rbac.create (not .Values.rbac.useExistingRole) -}}
+apiVersion: {{ template "grafana.rbac.apiVersion" . }}
+kind: Role
+metadata:
+ name: {{ template "grafana.fullname" . }}
+ namespace: {{ template "grafana.namespace" . }}
+ labels:
+ {{- include "grafana.labels" . | nindent 4 }}
+{{- with .Values.annotations }}
+ annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+{{- if or .Values.rbac.pspEnabled (and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled (or .Values.sidecar.plugins.enabled .Values.rbac.extraRoleRules)))) }}
+rules:
+{{- if .Values.rbac.pspEnabled }}
+- apiGroups: ['extensions']
+ resources: ['podsecuritypolicies']
+ verbs: ['use']
+ resourceNames: [{{ template "grafana.fullname" . }}]
+{{- end }}
+{{- if and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled)) }}
+- apiGroups: [""] # "" indicates the core API group
+ resources: ["configmaps", "secrets"]
+ verbs: ["get", "watch", "list"]
+{{- end }}
+{{- with .Values.rbac.extraRoleRules }}
+{{ toYaml . | indent 0 }}
+{{- end}}
+{{- else }}
+rules: []
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/rolebinding.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/rolebinding.yaml
new file mode 100644
index 0000000..e010725
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/templates/rolebinding.yaml
@@ -0,0 +1,25 @@
+{{- if .Values.rbac.create -}}
+apiVersion: {{ template "grafana.rbac.apiVersion" . }}
+kind: RoleBinding
+metadata:
+ name: {{ template "grafana.fullname" . }}
+ namespace: {{ template "grafana.namespace" . }}
+ labels:
+ {{- include "grafana.labels" . | nindent 4 }}
+{{- with .Values.annotations }}
+ annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+{{- if (not .Values.rbac.useExistingRole) }}
+ name: {{ template "grafana.fullname" . }}
+{{- else }}
+ name: {{ .Values.rbac.useExistingRole }}
+{{- end }}
+subjects:
+- kind: ServiceAccount
+ name: {{ template "grafana.serviceAccountName" . }}
+ namespace: {{ template "grafana.namespace" . }}
+{{- end -}}
diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/secret-env.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/secret-env.yaml
new file mode 100644
index 0000000..5c09313
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/templates/secret-env.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.envRenderSecret }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ template "grafana.fullname" . }}-env
+ namespace: {{ template "grafana.namespace" . }}
+ labels:
+ {{- include "grafana.labels" . | nindent 4 }}
+type: Opaque
+data:
+{{- range $key, $val := .Values.envRenderSecret }}
+ {{ $key }}: {{ $val | b64enc | quote }}
+{{- end -}}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/secret.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/secret.yaml
new file mode 100644
index 0000000..c8aa750
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/templates/secret.yaml
@@ -0,0 +1,26 @@
+{{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ template "grafana.fullname" . }}
+ namespace: {{ template "grafana.namespace" . }}
+ labels:
+ {{- include "grafana.labels" . | nindent 4 }}
+{{- with .Values.annotations }}
+ annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+type: Opaque
+data:
+ {{- if and (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) }}
+ admin-user: {{ .Values.adminUser | b64enc | quote }}
+ {{- if .Values.adminPassword }}
+ admin-password: {{ .Values.adminPassword | b64enc | quote }}
+ {{- else }}
+ admin-password: {{ template "grafana.password" . }}
+ {{- end }}
+ {{- end }}
+ {{- if not .Values.ldap.existingSecret }}
+ ldap-toml: {{ tpl .Values.ldap.config $ | b64enc | quote }}
+ {{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/service.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/service.yaml
new file mode 100644
index 0000000..d0a1756
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/templates/service.yaml
@@ -0,0 +1,55 @@
+{{ if .Values.service.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "grafana.fullname" . }}
+ namespace: {{ template "grafana.namespace" . }}
+ labels:
+ {{- include "grafana.labels" . | nindent 4 }}
+{{- if .Values.service.labels }}
+{{ toYaml .Values.service.labels | indent 4 }}
+{{- end }}
+{{- $root := . }}
+{{- with .Values.service.annotations }}
+ annotations:
+{{ tpl (toYaml . | indent 4) $root }}
+{{- end }}
+spec:
+{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }}
+ type: ClusterIP
+ {{- if .Values.service.clusterIP }}
+ clusterIP: {{ .Values.service.clusterIP }}
+ {{end}}
+{{- else if eq .Values.service.type "LoadBalancer" }}
+ type: {{ .Values.service.type }}
+ {{- if .Values.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+ {{- end }}
+ {{- if .Values.service.loadBalancerSourceRanges }}
+ loadBalancerSourceRanges:
+{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }}
+ {{- end -}}
+{{- else }}
+ type: {{ .Values.service.type }}
+{{- end }}
+{{- if .Values.service.externalIPs }}
+ externalIPs:
+{{ toYaml .Values.service.externalIPs | indent 4 }}
+{{- end }}
+ ports:
+ - name: {{ .Values.service.portName }}
+ port: {{ .Values.service.port }}
+ protocol: TCP
+ targetPort: {{ .Values.service.targetPort }}
+ {{- if .Values.service.appProtocol }}
+ appProtocol: {{ .Values.service.appProtocol }}
+ {{- end }}
+ {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }}
+ nodePort: {{.Values.service.nodePort}}
+ {{ end }}
+ {{- if .Values.extraExposePorts }}
+ {{- tpl (toYaml .Values.extraExposePorts) . | nindent 4 }}
+ {{- end }}
+ selector:
+ {{- include "grafana.selectorLabels" . | nindent 4 }}
+{{ end }}
diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/serviceaccount.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/serviceaccount.yaml
new file mode 100644
index 0000000..1a401fe
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/templates/serviceaccount.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ {{- include "grafana.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- $root := . }}
+{{- with .Values.serviceAccount.annotations }}
+ annotations:
+{{ tpl (toYaml . | indent 4) $root }}
+{{- end }}
+ name: {{ template "grafana.serviceAccountName" . }}
+ namespace: {{ template "grafana.namespace" . }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/servicemonitor.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/servicemonitor.yaml
new file mode 100644
index 0000000..0876a63
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/templates/servicemonitor.yaml
@@ -0,0 +1,44 @@
+{{- if .Values.serviceMonitor.enabled }}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ template "grafana.fullname" . }}
+ {{- if .Values.serviceMonitor.namespace }}
+ namespace: {{ tpl .Values.serviceMonitor.namespace . }}
+ {{- else }}
+ namespace: {{ template "grafana.namespace" . }}
+ {{- end }}
+ labels:
+ {{- include "grafana.labels" . | nindent 4 }}
+ {{- if .Values.serviceMonitor.labels }}
+ {{- toYaml .Values.serviceMonitor.labels | nindent 4 }}
+ {{- end }}
+spec:
+ endpoints:
+ - port: {{ .Values.service.portName }}
+ {{- with .Values.serviceMonitor.interval }}
+ interval: {{ . }}
+ {{- end }}
+ {{- with .Values.serviceMonitor.scrapeTimeout }}
+ scrapeTimeout: {{ . }}
+ {{- end }}
+ honorLabels: true
+ path: {{ .Values.serviceMonitor.path }}
+ scheme: {{ .Values.serviceMonitor.scheme }}
+ {{- if .Values.serviceMonitor.tlsConfig }}
+ tlsConfig:
+ {{- toYaml .Values.serviceMonitor.tlsConfig | nindent 6 }}
+ {{- end }}
+ {{- if .Values.serviceMonitor.relabelings }}
+ relabelings:
+ {{- toYaml .Values.serviceMonitor.relabelings | nindent 4 }}
+ {{- end }}
+ jobLabel: "{{ .Release.Name }}"
+ selector:
+ matchLabels:
+ {{- include "grafana.selectorLabels" . | nindent 8 }}
+ namespaceSelector:
+ matchNames:
+ - {{ template "grafana.namespace" . }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/statefulset.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/statefulset.yaml
new file mode 100644
index 0000000..b308dec
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/templates/statefulset.yaml
@@ -0,0 +1,54 @@
+{{- if (or (.Values.useStatefulSet) (and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "statefulset")))}}
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: {{ template "grafana.fullname" . }}
+ namespace: {{ template "grafana.namespace" . }}
+ labels:
+ {{- include "grafana.labels" . | nindent 4 }}
+{{- with .Values.annotations }}
+ annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+ replicas: {{ .Values.replicas }}
+ selector:
+ matchLabels:
+ {{- include "grafana.selectorLabels" . | nindent 6 }}
+ serviceName: {{ template "grafana.fullname" . }}-headless
+ template:
+ metadata:
+ labels:
+ {{- include "grafana.selectorLabels" . | nindent 8 }}
+{{- with .Values.podLabels }}
+{{ toYaml . | indent 8 }}
+{{- end }}
+ annotations:
+ checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }}
+ checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }}
+ {{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
+ checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
+{{- end }}
+{{- with .Values.podAnnotations }}
+{{ toYaml . | indent 8 }}
+{{- end }}
+ spec:
+ {{- include "grafana.pod" . | nindent 6 }}
+ {{- if .Values.persistence.enabled}}
+ volumeClaimTemplates:
+ - metadata:
+ name: storage
+ spec:
+ accessModes: {{ .Values.persistence.accessModes }}
+ storageClassName: {{ .Values.persistence.storageClassName }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size }}
+ {{- with .Values.persistence.selectorLabels }}
+ selector:
+ matchLabels:
+{{ toYaml . | indent 10 }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/tests/test-configmap.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/tests/test-configmap.yaml
new file mode 100644
index 0000000..bdf2917
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/templates/tests/test-configmap.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.testFramework.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "grafana.fullname" . }}-test
+ namespace: {{ template "grafana.namespace" . }}
+ annotations:
+ "helm.sh/hook": test-success
+ "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+ labels:
+ {{- include "grafana.labels" . | nindent 4 }}
+data:
+ run.sh: |-
+ @test "Test Health" {
+ url="http://{{ template "grafana.fullname" . }}/api/health"
+
+ code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^ HTTP/{print $2}')
+ [ "$code" == "200" ]
+ }
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/tests/test-podsecuritypolicy.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/tests/test-podsecuritypolicy.yaml
new file mode 100644
index 0000000..2e664c0
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/templates/tests/test-podsecuritypolicy.yaml
@@ -0,0 +1,34 @@
+{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled }}
+{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ template "grafana.fullname" . }}-test
+ annotations:
+ "helm.sh/hook": test-success
+ "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+ labels:
+ {{- include "grafana.labels" . | nindent 4 }}
+spec:
+ allowPrivilegeEscalation: true
+ privileged: false
+ hostNetwork: false
+ hostIPC: false
+ hostPID: false
+ fsGroup:
+ rule: RunAsAny
+ seLinux:
+ rule: RunAsAny
+ supplementalGroups:
+ rule: RunAsAny
+ runAsUser:
+ rule: RunAsAny
+ volumes:
+ - configMap
+ - downwardAPI
+ - emptyDir
+ - projected
+ - csi
+ - secret
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/tests/test-role.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/tests/test-role.yaml
new file mode 100644
index 0000000..772a09f
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/templates/tests/test-role.yaml
@@ -0,0 +1,17 @@
+{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ template "grafana.fullname" . }}-test
+ namespace: {{ template "grafana.namespace" . }}
+ annotations:
+ "helm.sh/hook": test-success
+ "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+ labels:
+ {{- include "grafana.labels" . | nindent 4 }}
+rules:
+- apiGroups: ['policy']
+ resources: ['podsecuritypolicies']
+ verbs: ['use']
+ resourceNames: [{{ template "grafana.fullname" . }}-test]
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/tests/test-rolebinding.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/tests/test-rolebinding.yaml
new file mode 100644
index 0000000..3405ffb
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/templates/tests/test-rolebinding.yaml
@@ -0,0 +1,20 @@
+{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ template "grafana.fullname" . }}-test
+ namespace: {{ template "grafana.namespace" . }}
+ annotations:
+ "helm.sh/hook": test-success
+ "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+ labels:
+ {{- include "grafana.labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ template "grafana.fullname" . }}-test
+subjects:
+- kind: ServiceAccount
+ name: {{ template "grafana.serviceAccountNameTest" . }}
+ namespace: {{ template "grafana.namespace" . }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/tests/test-serviceaccount.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/tests/test-serviceaccount.yaml
new file mode 100644
index 0000000..3145c2e
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/templates/tests/test-serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if and .Values.testFramework.enabled .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ {{- include "grafana.labels" . | nindent 4 }}
+ name: {{ template "grafana.serviceAccountNameTest" . }}
+ namespace: {{ template "grafana.namespace" . }}
+ annotations:
+ "helm.sh/hook": test-success
+ "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/tests/test.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/tests/test.yaml
new file mode 100644
index 0000000..ef43d80
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/templates/tests/test.yaml
@@ -0,0 +1,51 @@
+{{- if .Values.testFramework.enabled }}
+apiVersion: v1
+kind: Pod
+metadata:
+ name: {{ template "grafana.fullname" . }}-test
+ labels:
+ {{- include "grafana.labels" . | nindent 4 }}
+ annotations:
+ "helm.sh/hook": test-success
+ "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+ namespace: {{ template "grafana.namespace" . }}
+spec:
+ serviceAccountName: {{ template "grafana.serviceAccountNameTest" . }}
+ {{- if .Values.testFramework.securityContext }}
+ securityContext: {{ toYaml .Values.testFramework.securityContext | nindent 4 }}
+ {{- end }}
+ {{- $root := . }}
+ {{- if .Values.image.pullSecrets }}
+ imagePullSecrets:
+ {{- range .Values.image.pullSecrets }}
+ - name: {{ tpl . $root }}
+ {{- end}}
+ {{- end }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml . | indent 4 }}
+ {{- end }}
+ {{- $root := . }}
+ {{- with .Values.affinity }}
+ affinity:
+{{ tpl (toYaml .) $root | indent 4 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+{{ toYaml . | indent 4 }}
+ {{- end }}
+ containers:
+ - name: {{ .Release.Name }}-test
+ image: "{{ .Values.testFramework.image}}:{{ .Values.testFramework.tag }}"
+ imagePullPolicy: "{{ .Values.testFramework.imagePullPolicy}}"
+ command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"]
+ volumeMounts:
+ - mountPath: /tests
+ name: tests
+ readOnly: true
+ volumes:
+ - name: tests
+ configMap:
+ name: {{ template "grafana.fullname" . }}-test
+ restartPolicy: Never
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/grafana/values.yaml b/charts/kube-prometheus-stack/charts/grafana/values.yaml
new file mode 100644
index 0000000..a519cd0
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/grafana/values.yaml
@@ -0,0 +1,1142 @@
+rbac:
+ create: true
+ ## Use an existing ClusterRole/Role (depending on rbac.namespaced false/true)
+ # useExistingRole: name-of-some-(cluster)role
+ pspEnabled: true
+ pspUseAppArmor: true
+ namespaced: false
+ extraRoleRules: []
+ # - apiGroups: []
+ # resources: []
+ # verbs: []
+ extraClusterRoleRules: []
+ # - apiGroups: []
+ # resources: []
+ # verbs: []
+serviceAccount:
+ create: true
+ name:
+ nameTest:
+ ## ServiceAccount labels.
+ labels: {}
+## Service account annotations. Can be templated.
+# annotations:
+# eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here
+ autoMount: true
+
+replicas: 1
+
+## Create a headless service for the deployment
+headlessService: false
+
+## Create HorizontalPodAutoscaler object for deployment type
+#
+autoscaling:
+ enabled: false
+# minReplicas: 1
+# maxReplicas: 10
+# metrics:
+# - type: Resource
+# resource:
+# name: cpu
+# targetAverageUtilization: 60
+# - type: Resource
+# resource:
+# name: memory
+# targetAverageUtilization: 60
+
+## See `kubectl explain poddisruptionbudget.spec` for more
+## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
+podDisruptionBudget: {}
+# minAvailable: 1
+# maxUnavailable: 1
+
+## See `kubectl explain deployment.spec.strategy` for more
+## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
+deploymentStrategy:
+ type: RollingUpdate
+
+readinessProbe:
+ httpGet:
+ path: /api/health
+ port: 3000
+
+livenessProbe:
+ httpGet:
+ path: /api/health
+ port: 3000
+ initialDelaySeconds: 60
+ timeoutSeconds: 30
+ failureThreshold: 10
+
+## Use an alternate scheduler, e.g. "stork".
+## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
+##
+# schedulerName: "default-scheduler"
+
+image:
+ repository: grafana/grafana
+ # Overrides the Grafana image tag whose default is the chart appVersion
+ tag: ""
+ sha: ""
+ pullPolicy: IfNotPresent
+
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ## Can be templated.
+ ##
+ # pullSecrets:
+ # - myRegistrKeySecretName
+
+testFramework:
+ enabled: true
+ image: "bats/bats"
+ tag: "v1.4.1"
+ imagePullPolicy: IfNotPresent
+ securityContext: {}
+
+securityContext:
+ runAsUser: 472
+ runAsGroup: 472
+ fsGroup: 472
+
+containerSecurityContext:
+ {}
+
+# Enable creating the grafana configmap
+createConfigmap: true
+
+# Extra configmaps to mount in grafana pods
+# Values are templated.
+extraConfigmapMounts: []
+ # - name: certs-configmap
+ # mountPath: /etc/grafana/ssl/
+ # subPath: certificates.crt # (optional)
+ # configMap: certs-configmap
+ # readOnly: true
+
+
+extraEmptyDirMounts: []
+ # - name: provisioning-notifiers
+ # mountPath: /etc/grafana/provisioning/notifiers
+
+
+# Apply extra labels to common labels.
+extraLabels: {}
+
+## Assign a PriorityClassName to pods if set
+# priorityClassName:
+
+downloadDashboardsImage:
+ repository: curlimages/curl
+ tag: 7.85.0
+ sha: ""
+ pullPolicy: IfNotPresent
+
+downloadDashboards:
+ env: {}
+ envFromSecret: ""
+ resources: {}
+ securityContext: {}
+
+## Pod Annotations
+# podAnnotations: {}
+
+## Pod Labels
+# podLabels: {}
+
+podPortName: grafana
+
+## Deployment annotations
+# annotations: {}
+
+## Expose the grafana service to be accessed from outside the cluster (LoadBalancer service).
+## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it.
+## ref: http://kubernetes.io/docs/user-guide/services/
+##
+service:
+ enabled: true
+ type: ClusterIP
+ port: 80
+ targetPort: 3000
+ # targetPort: 4181 To be used with a proxy extraContainer
+ ## Service annotations. Can be templated.
+ annotations: {}
+ labels: {}
+ portName: service
+ # Adds the appProtocol field to the service. This allows to work with istio protocol selection. Ex: "http" or "tcp"
+ appProtocol: ""
+
+serviceMonitor:
+ ## If true, a ServiceMonitor CRD is created for a prometheus operator
+ ## https://github.com/coreos/prometheus-operator
+ ##
+ enabled: false
+ path: /metrics
+ # namespace: monitoring (defaults to use the namespace this chart is deployed to)
+ labels: {}
+ interval: 1m
+ scheme: http
+ tlsConfig: {}
+ scrapeTimeout: 30s
+ relabelings: []
+
+extraExposePorts: []
+ # - name: keycloak
+ # port: 8080
+ # targetPort: 8080
+ # type: ClusterIP
+
+# overrides pod.spec.hostAliases in the grafana deployment's pods
+hostAliases: []
+ # - ip: "1.2.3.4"
+ # hostnames:
+ # - "my.host.com"
+
+ingress:
+ enabled: false
+ # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
+ # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
+ # ingressClassName: nginx
+ # Values can be templated
+ annotations: {}
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: "true"
+ labels: {}
+ path: /
+
+ # pathType is only for k8s >= 1.1=
+ pathType: Prefix
+
+ hosts:
+ - chart-example.local
+ ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
+ extraPaths: []
+ # - path: /*
+ # backend:
+ # serviceName: ssl-redirect
+ # servicePort: use-annotation
+ ## Or for k8s > 1.19
+ # - path: /*
+ # pathType: Prefix
+ # backend:
+ # service:
+ # name: ssl-redirect
+ # port:
+ # name: use-annotation
+
+
+ tls: []
+ # - secretName: chart-example-tls
+ # hosts:
+ # - chart-example.local
+
+resources: {}
+# limits:
+# cpu: 100m
+# memory: 128Mi
+# requests:
+# cpu: 100m
+# memory: 128Mi
+
+## Node labels for pod assignment
+## ref: https://kubernetes.io/docs/user-guide/node-selection/
+#
+nodeSelector: {}
+
+## Tolerations for pod assignment
+## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+##
+tolerations: []
+
+## Affinity for pod assignment (evaluated as template)
+## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+##
+affinity: {}
+
+## Topology Spread Constraints
+## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+##
+topologySpreadConstraints: []
+
+## Additional init containers (evaluated as template)
+## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+##
+extraInitContainers: []
+
+## Enable an Specify container in extraContainers. This is meant to allow adding an authentication proxy to a grafana pod
+extraContainers: ""
+# extraContainers: |
+# - name: proxy
+# image: quay.io/gambol99/keycloak-proxy:latest
+# args:
+# - -provider=github
+# - -client-id=
+# - -client-secret=
+# - -github-org=<ORG_NAME>
+# - -email-domain=*
+# - -cookie-secret=
+# - -http-address=http://0.0.0.0:4181
+# - -upstream-url=http://127.0.0.1:3000
+# ports:
+# - name: proxy-web
+# containerPort: 4181
+
+## Volumes that can be used in init containers that will not be mounted to deployment pods
+extraContainerVolumes: []
+# - name: volume-from-secret
+# secret:
+# secretName: secret-to-mount
+# - name: empty-dir-volume
+# emptyDir: {}
+
+## Enable persistence using Persistent Volume Claims
+## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+##
+persistence:
+ type: pvc
+ enabled: false
+ # storageClassName: default
+ accessModes:
+ - ReadWriteOnce
+ size: 10Gi
+ # annotations: {}
+ finalizers:
+ - kubernetes.io/pvc-protection
+ # selectorLabels: {}
+ ## Sub-directory of the PV to mount. Can be templated.
+ # subPath: ""
+ ## Name of an existing PVC. Can be templated.
+ # existingClaim:
+ ## Extra labels to apply to a PVC.
+ extraPvcLabels: {}
+
+ ## If persistence is not enabled, this allows to mount the
+ ## local storage in-memory to improve performance
+ ##
+ inMemory:
+ enabled: false
+ ## The maximum usage on memory medium EmptyDir would be
+ ## the minimum value between the SizeLimit specified
+ ## here and the sum of memory limits of all containers in a pod
+ ##
+ # sizeLimit: 300Mi
+
+initChownData:
+ ## If false, data ownership will not be reset at startup
+ ## This allows the grafana-server to be run with an arbitrary user
+ ##
+ enabled: true
+
+ ## initChownData container image
+ ##
+ image:
+ repository: busybox
+ tag: "1.31.1"
+ sha: ""
+ pullPolicy: IfNotPresent
+
+ ## initChownData resource requests and limits
+ ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ ##
+ resources: {}
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+ securityContext:
+ runAsNonRoot: false
+ runAsUser: 0
+
+
+# Administrator credentials when not using an existing secret (see below)
+adminUser: admin
+# adminPassword: strongpassword
+
+# Use an existing secret for the admin user.
+admin:
+ ## Name of the secret. Can be templated.
+ existingSecret: ""
+ userKey: admin-user
+ passwordKey: admin-password
+
+## Define command to be executed at startup by grafana container
+## Needed if using `vault-env` to manage secrets (ref: https://banzaicloud.com/blog/inject-secrets-into-pods-vault/)
+## Default is "run.sh" as defined in grafana's Dockerfile
+# command:
+# - "sh"
+# - "/run.sh"
+
+## Use an alternate scheduler, e.g. "stork".
+## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
+##
+# schedulerName:
+
+## Extra environment variables that will be pass onto deployment pods
+##
+## to provide grafana with access to CloudWatch on AWS EKS:
+## 1. create an iam role of type "Web identity" with provider oidc.eks.* (note the provider for later)
+## 2. edit the "Trust relationships" of the role, add a line inside the StringEquals clause using the
+## same oidc eks provider as noted before (same as the existing line)
+## also, replace NAMESPACE and prometheus-operator-grafana with the service account namespace and name
+##
+## "oidc.eks.us-east-1.amazonaws.com/id/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:sub": "system:serviceaccount:NAMESPACE:prometheus-operator-grafana",
+##
+## 3. attach a policy to the role, you can use a built in policy called CloudWatchReadOnlyAccess
+## 4. use the following env: (replace 123456789000 and iam-role-name-here with your aws account number and role name)
+##
+## env:
+## AWS_ROLE_ARN: arn:aws:iam::123456789000:role/iam-role-name-here
+## AWS_WEB_IDENTITY_TOKEN_FILE: /var/run/secrets/eks.amazonaws.com/serviceaccount/token
+## AWS_REGION: us-east-1
+##
+## 5. uncomment the EKS section in extraSecretMounts: below
+## 6. uncomment the annotation section in the serviceAccount: above
+## make sure to replace arn:aws:iam::123456789000:role/iam-role-name-here with your role arn
+
+env: {}
+
+## "valueFrom" environment variable references that will be added to deployment pods. Name is templated.
+## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core
+## Renders in container spec as:
+## env:
+## ...
+## - name: <key>
+## valueFrom:
+## <value rendered as YAML>
+envValueFrom: {}
+ # ENV_NAME:
+ # configMapKeyRef:
+ # name: configmap-name
+ # key: value_key
+
+## The name of a secret in the same kubernetes namespace which contain values to be added to the environment
+## This can be useful for auth tokens, etc. Value is templated.
+envFromSecret: ""
+
+## Sensible environment variables that will be rendered as new secret object
+## This can be useful for auth tokens, etc
+envRenderSecret: {}
+
+## The names of secrets in the same kubernetes namespace which contain values to be added to the environment
+## Each entry should contain a name key, and can optionally specify whether the secret must be defined with an optional key.
+## Name is templated.
+envFromSecrets: []
+## - name: secret-name
+## optional: true
+
+## The names of conifgmaps in the same kubernetes namespace which contain values to be added to the environment
+## Each entry should contain a name key, and can optionally specify whether the configmap must be defined with an optional key.
+## Name is templated.
+## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#configmapenvsource-v1-core
+envFromConfigMaps: []
+## - name: configmap-name
+## optional: true
+
+# Inject Kubernetes services as environment variables.
+# See https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#environment-variables
+enableServiceLinks: true
+
+## Additional grafana server secret mounts
+# Defines additional mounts with secrets. Secrets must be manually created in the namespace.
+extraSecretMounts: []
+ # - name: secret-files
+ # mountPath: /etc/secrets
+ # secretName: grafana-secret-files
+ # readOnly: true
+ # subPath: ""
+ #
+ # for AWS EKS (cloudwatch) use the following (see also instruction in env: above)
+ # - name: aws-iam-token
+ # mountPath: /var/run/secrets/eks.amazonaws.com/serviceaccount
+ # readOnly: true
+ # projected:
+ # defaultMode: 420
+ # sources:
+ # - serviceAccountToken:
+ # audience: sts.amazonaws.com
+ # expirationSeconds: 86400
+ # path: token
+ #
+ # for CSI e.g. Azure Key Vault use the following
+ # - name: secrets-store-inline
+ # mountPath: /run/secrets
+ # readOnly: true
+ # csi:
+ # driver: secrets-store.csi.k8s.io
+ # readOnly: true
+ # volumeAttributes:
+ # secretProviderClass: "akv-grafana-spc"
+ # nodePublishSecretRef: # Only required when using service principal mode
+ # name: grafana-akv-creds # Only required when using service principal mode
+
+## Additional grafana server volume mounts
+# Defines additional volume mounts.
+extraVolumeMounts: []
+ # - name: extra-volume-0
+ # mountPath: /mnt/volume0
+ # readOnly: true
+ # existingClaim: volume-claim
+ # - name: extra-volume-1
+ # mountPath: /mnt/volume1
+ # readOnly: true
+ # hostPath: /usr/shared/
+ # - name: grafana-secrets
+ # csi: true
+ # data:
+ # driver: secrets-store.csi.k8s.io
+ # readOnly: true
+ # volumeAttributes:
+ # secretProviderClass: "grafana-env-spc"
+
+## Container Lifecycle Hooks. Execute a specific bash command or make an HTTP request
+lifecycleHooks: {}
+ # postStart:
+ # exec:
+ # command: []
+
+## Pass the plugins you want installed as a list.
+##
+plugins: []
+ # - digrich-bubblechart-panel
+ # - grafana-clock-panel
+
+## Configure grafana datasources
+## ref: http://docs.grafana.org/administration/provisioning/#datasources
+##
+datasources: {}
+# datasources.yaml:
+# apiVersion: 1
+# datasources:
+# - name: Prometheus
+# type: prometheus
+# url: http://prometheus-prometheus-server
+# access: proxy
+# isDefault: true
+# - name: CloudWatch
+# type: cloudwatch
+# access: proxy
+# uid: cloudwatch
+# editable: false
+# jsonData:
+# authType: default
+# defaultRegion: us-east-1
+
+## Configure grafana alerting (can be templated)
+## ref: http://docs.grafana.org/administration/provisioning/#alerting
+##
+alerting: {}
+ # rules.yaml:
+ # apiVersion: 1
+ # groups:
+ # - orgId: 1
+ # name: '{{ .Chart.Name }}_my_rule_group'
+ # folder: my_first_folder
+ # interval: 60s
+ # rules:
+ # - uid: my_id_1
+ # title: my_first_rule
+ # condition: A
+ # data:
+ # - refId: A
+ # datasourceUid: '-100'
+ # model:
+ # conditions:
+ # - evaluator:
+ # params:
+ # - 3
+ # type: gt
+ # operator:
+ # type: and
+ # query:
+ # params:
+ # - A
+ # reducer:
+ # type: last
+ # type: query
+ # datasource:
+ # type: __expr__
+ # uid: '-100'
+ # expression: 1==0
+ # intervalMs: 1000
+ # maxDataPoints: 43200
+ # refId: A
+ # type: math
+ # dashboardUid: my_dashboard
+ # panelId: 123
+ # noDataState: Alerting
+ # for: 60s
+ # annotations:
+ # some_key: some_value
+ # labels:
+ # team: sre_team_1
+ # contactpoints.yaml:
+ # apiVersion: 1
+ # contactPoints:
+ # - orgId: 1
+ # name: cp_1
+ # receivers:
+ # - uid: first_uid
+ # type: pagerduty
+ # settings:
+ # integrationKey: XXX
+ # severity: critical
+ # class: ping failure
+ # component: Grafana
+ # group: app-stack
+ # summary: |
+ # {{ `{{ template "default.message" . }}` }}
+
+## Configure notifiers
+## ref: http://docs.grafana.org/administration/provisioning/#alert-notification-channels
+##
+notifiers: {}
+# notifiers.yaml:
+# notifiers:
+# - name: email-notifier
+# type: email
+# uid: email1
+# # either:
+# org_id: 1
+# # or
+# org_name: Main Org.
+# is_default: true
+# settings:
+# addresses: an_email_address@example.com
+# delete_notifiers:
+
+## Configure grafana dashboard providers
+## ref: http://docs.grafana.org/administration/provisioning/#dashboards
+##
+## `path` must be /var/lib/grafana/dashboards/<provider_name>
+##
+dashboardProviders: {}
+# dashboardproviders.yaml:
+# apiVersion: 1
+# providers:
+# - name: 'default'
+# orgId: 1
+# folder: ''
+# type: file
+# disableDeletion: false
+# editable: true
+# options:
+# path: /var/lib/grafana/dashboards/default
+
+## Configure grafana dashboard to import
+## NOTE: To use dashboards you must also enable/configure dashboardProviders
+## ref: https://grafana.com/dashboards
+##
+## dashboards per provider, use provider name as key.
+##
+dashboards: {}
+ # default:
+ # some-dashboard:
+ # json: |
+ # $RAW_JSON
+ # custom-dashboard:
+ # file: dashboards/custom-dashboard.json
+ # prometheus-stats:
+ # gnetId: 2
+ # revision: 2
+ # datasource: Prometheus
+ # local-dashboard:
+ # url: https://example.com/repository/test.json
+ # token: ''
+ # local-dashboard-base64:
+ # url: https://example.com/repository/test-b64.json
+ # token: ''
+ # b64content: true
+ # local-dashboard-gitlab:
+ # url: https://example.com/repository/test-gitlab.json
+ # gitlabToken: ''
+ # local-dashboard-bitbucket:
+ # url: https://example.com/repository/test-bitbucket.json
+ # bearerToken: ''
+
+## Reference to external ConfigMap per provider. Use provider name as key and ConfigMap name as value.
+## A provider dashboards must be defined either by external ConfigMaps or in values.yaml, not in both.
+## ConfigMap data example:
+##
+## data:
+## example-dashboard.json: |
+## RAW_JSON
+##
+dashboardsConfigMaps: {}
+# default: ""
+
+## Grafana's primary configuration
+## NOTE: values in map will be converted to ini format
+## ref: http://docs.grafana.org/installation/configuration/
+##
+grafana.ini:
+ paths:
+ data: /var/lib/grafana/
+ logs: /var/log/grafana
+ plugins: /var/lib/grafana/plugins
+ provisioning: /etc/grafana/provisioning
+ analytics:
+ check_for_updates: true
+ log:
+ mode: console
+ grafana_net:
+ url: https://grafana.net
+ server:
+ domain: "{{ if (and .Values.ingress.enabled .Values.ingress.hosts) }}{{ .Values.ingress.hosts | first }}{{ else }}''{{ end }}"
+## grafana Authentication can be enabled with the following values on grafana.ini
+ # server:
+ # The full public facing url you use in browser, used for redirects and emails
+ # root_url:
+ # https://grafana.com/docs/grafana/latest/auth/github/#enable-github-in-grafana
+ # auth.github:
+ # enabled: false
+ # allow_sign_up: false
+ # scopes: user:email,read:org
+ # auth_url: https://github.com/login/oauth/authorize
+ # token_url: https://github.com/login/oauth/access_token
+ # api_url: https://api.github.com/user
+ # team_ids:
+ # allowed_organizations:
+ # client_id:
+ # client_secret:
+## LDAP Authentication can be enabled with the following values on grafana.ini
+## NOTE: Grafana will fail to start if the value for ldap.toml is invalid
+ # auth.ldap:
+ # enabled: true
+ # allow_sign_up: true
+ # config_file: /etc/grafana/ldap.toml
+
+## Grafana's LDAP configuration
+## Templated by the template in _helpers.tpl
+## NOTE: To enable the grafana.ini must be configured with auth.ldap.enabled
+## ref: http://docs.grafana.org/installation/configuration/#auth-ldap
+## ref: http://docs.grafana.org/installation/ldap/#configuration
+ldap:
+ enabled: false
+ # `existingSecret` is a reference to an existing secret containing the ldap configuration
+ # for Grafana in a key `ldap-toml`.
+ existingSecret: ""
+ # `config` is the content of `ldap.toml` that will be stored in the created secret
+ config: ""
+ # config: |-
+ # verbose_logging = true
+
+ # [[servers]]
+ # host = "my-ldap-server"
+ # port = 636
+ # use_ssl = true
+ # start_tls = false
+ # ssl_skip_verify = false
+ # bind_dn = "uid=%s,ou=users,dc=myorg,dc=com"
+
+## Grafana's SMTP configuration
+## NOTE: To enable, grafana.ini must be configured with smtp.enabled
+## ref: http://docs.grafana.org/installation/configuration/#smtp
+smtp:
+ # `existingSecret` is a reference to an existing secret containing the smtp configuration
+ # for Grafana.
+ existingSecret: ""
+ userKey: "user"
+ passwordKey: "password"
+
+## Sidecars that collect the configmaps with specified label and stores the included files them into the respective folders
+## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards
+sidecar:
+ image:
+ repository: quay.io/kiwigrid/k8s-sidecar
+ tag: 1.19.2
+ sha: ""
+ imagePullPolicy: IfNotPresent
+ resources: {}
+# limits:
+# cpu: 100m
+# memory: 100Mi
+# requests:
+# cpu: 50m
+# memory: 50Mi
+ securityContext: {}
+ # skipTlsVerify Set to true to skip tls verification for kube api calls
+ # skipTlsVerify: true
+ enableUniqueFilenames: false
+ readinessProbe: {}
+ livenessProbe: {}
+ # Log level default for all sidecars. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. Defaults to INFO
+ # logLevel: INFO
+ alerts:
+ enabled: false
+ # Additional environment variables for the alerts sidecar
+ env: {}
+ # Do not reprocess already processed unchanged resources on k8s API reconnect.
+ # ignoreAlreadyProcessed: true
+ # label that the configmaps with alert are marked with
+ label: grafana_alert
+ # value of label that the configmaps with alert are set to
+ labelValue: ""
+ # Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL.
+ # logLevel: INFO
+ # If specified, the sidecar will search for alert config-maps inside this namespace.
+ # Otherwise the namespace in which the sidecar is running will be used.
+ # It's also possible to specify ALL to search in all namespaces
+ searchNamespace: null
+ # Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds.
+ watchMethod: WATCH
+ # search in configmap, secret or both
+ resource: both
+ # watchServerTimeout: request to the server, asking it to cleanly close the connection after that.
+ # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S
+ # watchServerTimeout: 3600
+ #
+ # watchClientTimeout: is a client-side timeout, configuring your local socket.
+ # If you have a network outage dropping all packets with no RST/FIN,
+ # this is how long your client waits before realizing & dropping the connection.
+ # defaults to 66sec (sic!)
+ # watchClientTimeout: 60
+ #
+ # Endpoint to send request to reload alerts
+ reloadURL: "http://localhost:3000/api/admin/provisioning/alerting/reload"
+ # Absolute path to shell script to execute after a alert got reloaded
+ script: null
+ skipReload: false
+ # Deploy the alert sidecar as an initContainer in addition to a container.
+ # Sets the size limit of the alert sidecar emptyDir volume
+ sizeLimit: {}
+ dashboards:
+ enabled: false
+ # Additional environment variables for the dashboards sidecar
+ env: {}
+ # Do not reprocess already processed unchanged resources on k8s API reconnect.
+ # ignoreAlreadyProcessed: true
+ SCProvider: true
+ # label that the configmaps with dashboards are marked with
+ label: grafana_dashboard
+ # value of label that the configmaps with dashboards are set to
+ labelValue: ""
+ # Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL.
+ # logLevel: INFO
+ # folder in the pod that should hold the collected dashboards (unless `defaultFolderName` is set)
+ folder: /tmp/dashboards
+ # The default folder name, it will create a subfolder under the `folder` and put dashboards in there instead
+ defaultFolderName: null
+ # Namespaces list. If specified, the sidecar will search for config-maps/secrets inside these namespaces.
+ # Otherwise the namespace in which the sidecar is running will be used.
+ # It's also possible to specify ALL to search in all namespaces.
+ searchNamespace: null
+ # Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds.
+ watchMethod: WATCH
+ # search in configmap, secret or both
+ resource: both
+ # If specified, the sidecar will look for annotation with this name to create folder and put graph here.
+ # You can use this parameter together with `provider.foldersFromFilesStructure`to annotate configmaps and create folder structure.
+ folderAnnotation: null
+ # Absolute path to shell script to execute after a configmap got reloaded
+ script: null
+ # watchServerTimeout: request to the server, asking it to cleanly close the connection after that.
+ # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S
+ # watchServerTimeout: 3600
+ #
+ # watchClientTimeout: is a client-side timeout, configuring your local socket.
+ # If you have a network outage dropping all packets with no RST/FIN,
+ # this is how long your client waits before realizing & dropping the connection.
+ # defaults to 66sec (sic!)
+ # watchClientTimeout: 60
+ #
+ # provider configuration that lets grafana manage the dashboards
+ provider:
+ # name of the provider, should be unique
+ name: sidecarProvider
+ # orgid as configured in grafana
+ orgid: 1
+ # folder in which the dashboards should be imported in grafana
+ folder: ''
+ # type of the provider
+ type: file
+ # disableDelete to activate a import-only behaviour
+ disableDelete: false
+ # allow updating provisioned dashboards from the UI
+ allowUiUpdates: false
+ # allow Grafana to replicate dashboard structure from filesystem
+ foldersFromFilesStructure: false
+ # Additional dashboard sidecar volume mounts
+ extraMounts: []
+ # Sets the size limit of the dashboard sidecar emptyDir volume
+ sizeLimit: {}
+ datasources:
+ enabled: false
+ # Additional environment variables for the datasourcessidecar
+ env: {}
+ # Do not reprocess already processed unchanged resources on k8s API reconnect.
+ # ignoreAlreadyProcessed: true
+ # label that the configmaps with datasources are marked with
+ label: grafana_datasource
+ # value of label that the configmaps with datasources are set to
+ labelValue: ""
+ # Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL.
+ # logLevel: INFO
+ # If specified, the sidecar will search for datasource config-maps inside this namespace.
+ # Otherwise the namespace in which the sidecar is running will be used.
+ # It's also possible to specify ALL to search in all namespaces
+ searchNamespace: null
+ # Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds.
+ watchMethod: WATCH
+ # search in configmap, secret or both
+ resource: both
+ # watchServerTimeout: request to the server, asking it to cleanly close the connection after that.
+ # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S
+ # watchServerTimeout: 3600
+ #
+ # watchClientTimeout: is a client-side timeout, configuring your local socket.
+ # If you have a network outage dropping all packets with no RST/FIN,
+ # this is how long your client waits before realizing & dropping the connection.
+ # defaults to 66sec (sic!)
+ # watchClientTimeout: 60
+ #
+ # Endpoint to send request to reload datasources
+ reloadURL: "http://localhost:3000/api/admin/provisioning/datasources/reload"
+ # Absolute path to shell script to execute after a datasource got reloaded
+ script: null
+ skipReload: false
+ # Deploy the datasource sidecar as an initContainer in addition to a container.
+ # This is needed if skipReload is true, to load any datasources defined at startup time.
+ initDatasources: false
+ # Sets the size limit of the datasource sidecar emptyDir volume
+ sizeLimit: {}
+ plugins:
+ enabled: false
+ # Additional environment variables for the plugins sidecar
+ env: {}
+ # Do not reprocess already processed unchanged resources on k8s API reconnect.
+ # ignoreAlreadyProcessed: true
+ # label that the configmaps with plugins are marked with
+ label: grafana_plugin
+ # value of label that the configmaps with plugins are set to
+ labelValue: ""
+ # Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL.
+ # logLevel: INFO
+ # If specified, the sidecar will search for plugin config-maps inside this namespace.
+ # Otherwise the namespace in which the sidecar is running will be used.
+ # It's also possible to specify ALL to search in all namespaces
+ searchNamespace: null
+ # Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds.
+ watchMethod: WATCH
+ # search in configmap, secret or both
+ resource: both
+ # watchServerTimeout: request to the server, asking it to cleanly close the connection after that.
+ # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S
+ # watchServerTimeout: 3600
+ #
+ # watchClientTimeout: is a client-side timeout, configuring your local socket.
+ # If you have a network outage dropping all packets with no RST/FIN,
+ # this is how long your client waits before realizing & dropping the connection.
+ # defaults to 66sec (sic!)
+ # watchClientTimeout: 60
+ #
+ # Endpoint to send request to reload plugins
+ reloadURL: "http://localhost:3000/api/admin/provisioning/plugins/reload"
+ # Absolute path to shell script to execute after a plugin got reloaded
+ script: null
+ skipReload: false
+ # Deploy the datasource sidecar as an initContainer in addition to a container.
+ # This is needed if skipReload is true, to load any plugins defined at startup time.
+ initPlugins: false
+ # Sets the size limit of the plugin sidecar emptyDir volume
+ sizeLimit: {}
+ notifiers:
+ enabled: false
+ # Additional environment variables for the notifierssidecar
+ env: {}
+ # Do not reprocess already processed unchanged resources on k8s API reconnect.
+ # ignoreAlreadyProcessed: true
+ # label that the configmaps with notifiers are marked with
+ label: grafana_notifier
+ # value of label that the configmaps with notifiers are set to
+ labelValue: ""
+ # Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL.
+ # logLevel: INFO
+ # If specified, the sidecar will search for notifier config-maps inside this namespace.
+ # Otherwise the namespace in which the sidecar is running will be used.
+ # It's also possible to specify ALL to search in all namespaces
+ searchNamespace: null
+ # Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds.
+ watchMethod: WATCH
+ # search in configmap, secret or both
+ resource: both
+ # watchServerTimeout: request to the server, asking it to cleanly close the connection after that.
+ # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S
+ # watchServerTimeout: 3600
+ #
+ # watchClientTimeout: is a client-side timeout, configuring your local socket.
+ # If you have a network outage dropping all packets with no RST/FIN,
+ # this is how long your client waits before realizing & dropping the connection.
+ # defaults to 66sec (sic!)
+ # watchClientTimeout: 60
+ #
+ # Endpoint to send request to reload notifiers
+ reloadURL: "http://localhost:3000/api/admin/provisioning/notifications/reload"
+ # Absolute path to shell script to execute after a notifier got reloaded
+ script: null
+ skipReload: false
+ # Deploy the notifier sidecar as an initContainer in addition to a container.
+ # This is needed if skipReload is true, to load any notifiers defined at startup time.
+ initNotifiers: false
+ # Sets the size limit of the notifier sidecar emptyDir volume
+ sizeLimit: {}
+
+## Override the deployment namespace
+##
+namespaceOverride: ""
+
+## Number of old ReplicaSets to retain
+##
+revisionHistoryLimit: 10
+
+## Add a seperate remote image renderer deployment/service
+imageRenderer:
+ deploymentStrategy: {}
+ # Enable the image-renderer deployment & service
+ enabled: false
+ replicas: 1
+ image:
+ # image-renderer Image repository
+ repository: grafana/grafana-image-renderer
+ # image-renderer Image tag
+ tag: latest
+ # image-renderer Image sha (optional)
+ sha: ""
+ # image-renderer ImagePullPolicy
+ pullPolicy: Always
+ # extra environment variables
+ env:
+ HTTP_HOST: "0.0.0.0"
+ # RENDERING_ARGS: --no-sandbox,--disable-gpu,--window-size=1280x758
+ # RENDERING_MODE: clustered
+ # IGNORE_HTTPS_ERRORS: true
+ # image-renderer deployment serviceAccount
+ serviceAccountName: ""
+ # image-renderer deployment securityContext
+ securityContext: {}
+ # image-renderer deployment container securityContext
+ containerSecurityContext:
+ capabilities:
+ drop: ['ALL']
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ # image-renderer deployment Host Aliases
+ hostAliases: []
+ # image-renderer deployment priority class
+ priorityClassName: ''
+ service:
+ # Enable the image-renderer service
+ enabled: true
+ # image-renderer service port name
+ portName: 'http'
+ # image-renderer service port used by both service and deployment
+ port: 8081
+ targetPort: 8081
+ # Adds the appProtocol field to the image-renderer service. This allows to work with istio protocol selection. Ex: "http" or "tcp"
+ appProtocol: ""
+ # If https is enabled in Grafana, this needs to be set as 'https' to correctly configure the callback used in Grafana
+ grafanaProtocol: http
+ # In case a sub_path is used this needs to be added to the image renderer callback
+ grafanaSubPath: ""
+ # name of the image-renderer port on the pod
+ podPortName: http
+ # number of image-renderer replica sets to keep
+ revisionHistoryLimit: 10
+ networkPolicy:
+ # Enable a NetworkPolicy to limit inbound traffic to only the created grafana pods
+ limitIngress: true
+ # Enable a NetworkPolicy to limit outbound traffic to only the created grafana pods
+ limitEgress: false
+ resources: {}
+# limits:
+# cpu: 100m
+# memory: 100Mi
+# requests:
+# cpu: 50m
+# memory: 50Mi
+ ## Node labels for pod assignment
+ ## ref: https://kubernetes.io/docs/user-guide/node-selection/
+ #
+ nodeSelector: {}
+
+ ## Tolerations for pod assignment
+ ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+ ##
+ tolerations: []
+
+ ## Affinity for pod assignment (evaluated as template)
+ ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+ ##
+ affinity: {}
+
+networkPolicy:
+ ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now.
+ ##
+ enabled: false
+ ## @param networkPolicy.allowExternal Don't require client label for connections
+ ## The Policy model to apply. When set to false, only pods with the correct
+ ## client label will have network access to grafana port defined.
+ ## When true, grafana will accept connections from any source
+ ## (with the correct destination port).
+ ##
+ ingress: true
+ ## @param networkPolicy.ingress When true enables the creation
+ ## an ingress network policy
+ ##
+ allowExternal: true
+ ## @param networkPolicy.explicitNamespacesSelector A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed
+ ## If explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace
+ ## and that match other criteria, the ones that have the good label, can reach the grafana.
+ ## But sometimes, we want the grafana to be accessible to clients from other namespaces, in this case, we can use this
+ ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added.
+ ##
+ ## Example:
+ ## explicitNamespacesSelector:
+ ## matchLabels:
+ ## role: frontend
+ ## matchExpressions:
+ ## - {key: role, operator: In, values: [frontend]}
+ ##
+ explicitNamespacesSelector: {}
+ ##
+ ##
+ ##
+ ##
+ ##
+ ##
+ egress:
+ ## @param networkPolicy.egress.enabled When enabled, an egress network policy will be
+ ## created allowing grafana to connect to external data sources from kubernetes cluster.
+ enabled: false
+ ##
+ ## @param networkPolicy.egress.ports Add individual ports to be allowed by the egress
+ ports: []
+ ## Add ports to the egress by specifying - port: <port number>
+ ## E.X.
+ ## ports:
+ ## - port: 80
+ ## - port: 443
+ ##
+ ##
+ ##
+ ##
+ ##
+ ##
+
+# Enable backward compatibility of kubernetes where version below 1.13 doesn't have the enableServiceLinks option
+enableKubeBackwardCompatibility: false
+useStatefulSet: false
+# Create a dynamic manifests via values:
+extraObjects: []
+ # - apiVersion: "kubernetes-client.io/v1"
+ # kind: ExternalSecret
+ # metadata:
+ # name: grafana-secrets
+ # spec:
+ # backendType: gcpSecretsManager
+ # data:
+ # - key: grafana-admin-password
+ # name: adminPassword
diff --git a/charts/kube-prometheus-stack/charts/kube-state-metrics/.helmignore b/charts/kube-prometheus-stack/charts/kube-state-metrics/.helmignore
new file mode 100644
index 0000000..f0c1319
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/charts/kube-prometheus-stack/charts/kube-state-metrics/Chart.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/Chart.yaml
new file mode 100644
index 0000000..93c1197
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/Chart.yaml
@@ -0,0 +1,21 @@
+apiVersion: v2
+appVersion: 2.6.0
+description: Install kube-state-metrics to generate and expose cluster-level metrics
+home: https://github.com/kubernetes/kube-state-metrics/
+keywords:
+- metric
+- monitoring
+- prometheus
+- kubernetes
+maintainers:
+- email: tariq.ibrahim@mulesoft.com
+ name: tariq1890
+- email: manuel@rueg.eu
+ name: mrueg
+- email: davidcalvertfr@gmail.com
+ name: dotdc
+name: kube-state-metrics
+sources:
+- https://github.com/kubernetes/kube-state-metrics/
+type: application
+version: 4.22.1
diff --git a/charts/kube-prometheus-stack/charts/kube-state-metrics/README.md b/charts/kube-prometheus-stack/charts/kube-state-metrics/README.md
new file mode 100644
index 0000000..7c2e169
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/README.md
@@ -0,0 +1,68 @@
+# kube-state-metrics Helm Chart
+
+Installs the [kube-state-metrics agent](https://github.com/kubernetes/kube-state-metrics).
+
+## Get Repo Info
+
+```console
+helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
+helm repo update
+```
+
+_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
+
+## Install Chart
+
+```console
+helm install [RELEASE_NAME] prometheus-community/kube-state-metrics [flags]
+```
+
+_See [configuration](#configuration) below._
+
+_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
+
+## Uninstall Chart
+
+```console
+helm uninstall [RELEASE_NAME]
+```
+
+This removes all the Kubernetes components associated with the chart and deletes the release.
+
+_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
+
+## Upgrading Chart
+
+```console
+helm upgrade [RELEASE_NAME] prometheus-community/kube-state-metrics [flags]
+```
+
+_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
+
+### Migrating from stable/kube-state-metrics and kubernetes/kube-state-metrics
+
+You can upgrade in-place:
+
+1. [get repo info](#get-repo-info)
+1. [upgrade](#upgrading-chart) your existing release name using the new chart repo
+
+
+## Upgrading to v3.0.0
+
+v3.0.0 includes kube-state-metrics v2.0, see the [changelog](https://github.com/kubernetes/kube-state-metrics/blob/release-2.0/CHANGELOG.md) for major changes on the application-side.
+
+The upgraded chart now the following changes:
+* Dropped support for helm v2 (helm v3 or later is required)
+* collectors key was renamed to resources
+* namespace key was renamed to namespaces
+
+
+## Configuration
+
+See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments:
+
+```console
+helm show values prometheus-community/kube-state-metrics
+```
+
+You may also run `helm show values` on this chart's [dependencies](#dependencies) for additional options.
diff --git a/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/NOTES.txt b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/NOTES.txt
new file mode 100644
index 0000000..5a646e0
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/NOTES.txt
@@ -0,0 +1,10 @@
+kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects.
+The exposed metrics can be found here:
+https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics
+
+The metrics are exported on the HTTP endpoint /metrics on the listening port.
+In your case, {{ template "kube-state-metrics.fullname" . }}.{{ template "kube-state-metrics.namespace" . }}.svc.cluster.local:{{ .Values.service.port }}/metrics
+
+They are served either as plaintext or protobuf depending on the Accept header.
+They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint.
+
diff --git a/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/_helpers.tpl b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/_helpers.tpl
new file mode 100644
index 0000000..0d193fb
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/_helpers.tpl
@@ -0,0 +1,101 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "kube-state-metrics.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "kube-state-metrics.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "kube-state-metrics.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+ {{ default (include "kube-state-metrics.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Allow the release namespace to be overridden for multi-namespace deployments in combined charts
+*/}}
+{{- define "kube-state-metrics.namespace" -}}
+ {{- if .Values.namespaceOverride -}}
+ {{- .Values.namespaceOverride -}}
+ {{- else -}}
+ {{- .Release.Namespace -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "kube-state-metrics.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Generate basic labels
+*/}}
+{{- define "kube-state-metrics.labels" }}
+helm.sh/chart: {{ template "kube-state-metrics.chart" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/component: metrics
+app.kubernetes.io/part-of: {{ template "kube-state-metrics.name" . }}
+{{- include "kube-state-metrics.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+{{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels }}
+{{- end }}
+{{- if .Values.releaseLabel }}
+release: {{ .Release.Name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "kube-state-metrics.selectorLabels" }}
+app.kubernetes.io/name: {{ include "kube-state-metrics.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/* Sets default scrape limits for servicemonitor */}}
+{{- define "servicemonitor.scrapeLimits" -}}
+{{- with .sampleLimit }}
+sampleLimit: {{ . }}
+{{- end }}
+{{- with .targetLimit }}
+targetLimit: {{ . }}
+{{- end }}
+{{- with .labelLimit }}
+labelLimit: {{ . }}
+{{- end }}
+{{- with .labelNameLengthLimit }}
+labelNameLengthLimit: {{ . }}
+{{- end }}
+{{- with .labelValueLengthLimit }}
+labelValueLengthLimit: {{ . }}
+{{- end }}
+{{- end -}}
diff --git a/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/clusterrolebinding.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/clusterrolebinding.yaml
new file mode 100644
index 0000000..cf9f628
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/clusterrolebinding.yaml
@@ -0,0 +1,20 @@
+{{- if and .Values.rbac.create .Values.rbac.useClusterRole -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ {{- include "kube-state-metrics.labels" . | indent 4 }}
+ name: {{ template "kube-state-metrics.fullname" . }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+{{- if .Values.rbac.useExistingRole }}
+ name: {{ .Values.rbac.useExistingRole }}
+{{- else }}
+ name: {{ template "kube-state-metrics.fullname" . }}
+{{- end }}
+subjects:
+- kind: ServiceAccount
+ name: {{ template "kube-state-metrics.serviceAccountName" . }}
+ namespace: {{ template "kube-state-metrics.namespace" . }}
+{{- end -}}
diff --git a/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/deployment.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/deployment.yaml
new file mode 100644
index 0000000..e529d3f
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/deployment.yaml
@@ -0,0 +1,179 @@
+apiVersion: apps/v1
+{{- if .Values.autosharding.enabled }}
+kind: StatefulSet
+{{- else }}
+kind: Deployment
+{{- end }}
+metadata:
+ name: {{ template "kube-state-metrics.fullname" . }}
+ namespace: {{ template "kube-state-metrics.namespace" . }}
+ labels:
+ {{- include "kube-state-metrics.labels" . | indent 4 }}
+ {{- if .Values.annotations }}
+ annotations:
+{{ toYaml .Values.annotations | indent 4 }}
+ {{- end }}
+spec:
+ selector:
+ matchLabels:
+ {{- include "kube-state-metrics.selectorLabels" . | indent 6 }}
+ replicas: {{ .Values.replicas }}
+ {{- if .Values.autosharding.enabled }}
+ serviceName: {{ template "kube-state-metrics.fullname" . }}
+ volumeClaimTemplates: []
+ {{- end }}
+ template:
+ metadata:
+ labels:
+ {{- include "kube-state-metrics.labels" . | indent 8 }}
+ {{- if .Values.podAnnotations }}
+ annotations:
+{{ toYaml .Values.podAnnotations | indent 8 }}
+ {{- end }}
+ spec:
+ hostNetwork: {{ .Values.hostNetwork }}
+ serviceAccountName: {{ template "kube-state-metrics.serviceAccountName" . }}
+ {{- if .Values.securityContext.enabled }}
+ securityContext: {{- omit .Values.securityContext "enabled" | toYaml | nindent 8 }}
+ {{- end }}
+ {{- if .Values.priorityClassName }}
+ priorityClassName: {{ .Values.priorityClassName }}
+ {{- end }}
+ containers:
+ - name: {{ template "kube-state-metrics.name" . }}
+ {{- if .Values.autosharding.enabled }}
+ env:
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ {{- end }}
+ args:
+ {{- if .Values.extraArgs }}
+ {{- .Values.extraArgs | toYaml | nindent 8 }}
+ {{- end }}
+ {{- if .Values.service.port }}
+ - --port={{ .Values.service.port | default 8080}}
+ {{- end }}
+ {{- if .Values.collectors }}
+ - --resources={{ .Values.collectors | join "," }}
+ {{- end }}
+ {{- if .Values.metricLabelsAllowlist }}
+ - --metric-labels-allowlist={{ .Values.metricLabelsAllowlist | join "," }}
+ {{- end }}
+ {{- if .Values.metricAnnotationsAllowList }}
+ - --metric-annotations-allowlist={{ .Values.metricAnnotationsAllowList | join "," }}
+ {{- end }}
+ {{- if .Values.metricAllowlist }}
+ - --metric-allowlist={{ .Values.metricAllowlist | join "," }}
+ {{- end }}
+ {{- if .Values.metricDenylist }}
+ - --metric-denylist={{ .Values.metricDenylist | join "," }}
+ {{- end }}
+ {{- $namespaces := list }}
+ {{- if .Values.namespaces }}
+ {{- range $ns := join "," .Values.namespaces | split "," }}
+ {{- $namespaces = append $namespaces (tpl $ns $) }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.releaseNamespace }}
+ {{- $namespaces = append $namespaces ( include "kube-state-metrics.namespace" . ) }}
+ {{- end }}
+ {{- if $namespaces }}
+ - --namespaces={{ $namespaces | mustUniq | join "," }}
+ {{- end }}
+ {{- if .Values.namespacesDenylist }}
+ - --namespaces-denylist={{ tpl (.Values.namespacesDenylist | join ",") $ }}
+ {{- end }}
+ {{- if .Values.autosharding.enabled }}
+ - --pod=$(POD_NAME)
+ - --pod-namespace=$(POD_NAMESPACE)
+ {{- end }}
+ {{- if .Values.kubeconfig.enabled }}
+ - --kubeconfig=/opt/k8s/.kube/config
+ {{- end }}
+ {{- if .Values.selfMonitor.telemetryHost }}
+ - --telemetry-host={{ .Values.selfMonitor.telemetryHost }}
+ {{- end }}
+ {{- if .Values.selfMonitor.telemetryPort }}
+ - --telemetry-port={{ .Values.selfMonitor.telemetryPort | default 8081 }}
+ {{- end }}
+ {{- if or (.Values.kubeconfig.enabled) (.Values.volumeMounts) }}
+ volumeMounts:
+ {{- if .Values.kubeconfig.enabled }}
+ - name: kubeconfig
+ mountPath: /opt/k8s/.kube/
+ readOnly: true
+ {{- end }}
+ {{- if .Values.volumeMounts }}
+{{ toYaml .Values.volumeMounts | indent 8 }}
+ {{- end }}
+ {{- end }}
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ {{- if .Values.image.sha }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}@sha256:{{ .Values.image.sha }}"
+ {{- else }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ {{- end }}
+ ports:
+ - containerPort: {{ .Values.service.port | default 8080}}
+ name: "http"
+ {{- if .Values.selfMonitor.enabled }}
+ - containerPort: {{ .Values.selfMonitor.telemetryPort | default 8081 }}
+ name: "metrics"
+ {{- end }}
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: {{ .Values.service.port | default 8080}}
+ initialDelaySeconds: 5
+ timeoutSeconds: 5
+ readinessProbe:
+ httpGet:
+ path: /
+ port: {{ .Values.service.port | default 8080}}
+ initialDelaySeconds: 5
+ timeoutSeconds: 5
+ {{- if .Values.resources }}
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
+{{- end }}
+{{- if .Values.containerSecurityContext }}
+ securityContext:
+{{ toYaml .Values.containerSecurityContext | indent 10 }}
+{{- end }}
+{{- if .Values.imagePullSecrets }}
+ imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 8 }}
+ {{- end }}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end }}
+ {{- if .Values.tolerations }}
+ tolerations:
+{{ toYaml .Values.tolerations | indent 8 }}
+ {{- end }}
+ {{- if .Values.topologySpreadConstraints }}
+ topologySpreadConstraints:
+{{ toYaml .Values.topologySpreadConstraints | indent 8 }}
+ {{- end }}
+ {{- if or (.Values.kubeconfig.enabled) (.Values.volumes) }}
+ volumes:
+ {{- if .Values.kubeconfig.enabled}}
+ - name: kubeconfig
+ secret:
+ secretName: {{ template "kube-state-metrics.fullname" . }}-kubeconfig
+ {{- end }}
+ {{- if .Values.volumes }}
+{{ toYaml .Values.volumes | indent 8 }}
+ {{- end }}
+ {{- end }}
diff --git a/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/kubeconfig-secret.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/kubeconfig-secret.yaml
new file mode 100644
index 0000000..6af0084
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/kubeconfig-secret.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.kubeconfig.enabled -}}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ template "kube-state-metrics.fullname" . }}-kubeconfig
+ namespace: {{ template "kube-state-metrics.namespace" . }}
+ labels:
+ {{- include "kube-state-metrics.labels" . | indent 4 }}
+type: Opaque
+data:
+ config: '{{ .Values.kubeconfig.secret }}'
+{{- end -}}
diff --git a/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/pdb.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/pdb.yaml
new file mode 100644
index 0000000..3771b51
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/pdb.yaml
@@ -0,0 +1,18 @@
+{{- if .Values.podDisruptionBudget -}}
+{{ if $.Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" -}}
+apiVersion: policy/v1
+{{- else -}}
+apiVersion: policy/v1beta1
+{{- end }}
+kind: PodDisruptionBudget
+metadata:
+ name: {{ template "kube-state-metrics.fullname" . }}
+ namespace: {{ template "kube-state-metrics.namespace" . }}
+ labels:
+ {{- include "kube-state-metrics.labels" . | indent 4 }}
+spec:
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
+{{ toYaml .Values.podDisruptionBudget | indent 2 }}
+{{- end -}}
diff --git a/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/podsecuritypolicy.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/podsecuritypolicy.yaml
new file mode 100644
index 0000000..8905e11
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/podsecuritypolicy.yaml
@@ -0,0 +1,39 @@
+{{- if and .Values.podSecurityPolicy.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ template "kube-state-metrics.fullname" . }}
+ labels:
+ {{- include "kube-state-metrics.labels" . | indent 4 }}
+{{- if .Values.podSecurityPolicy.annotations }}
+ annotations:
+{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }}
+{{- end }}
+spec:
+ privileged: false
+ volumes:
+ - 'secret'
+{{- if .Values.podSecurityPolicy.additionalVolumes }}
+{{ toYaml .Values.podSecurityPolicy.additionalVolumes | indent 4 }}
+{{- end }}
+ hostNetwork: false
+ hostIPC: false
+ hostPID: false
+ runAsUser:
+ rule: 'MustRunAsNonRoot'
+ seLinux:
+ rule: 'RunAsAny'
+ supplementalGroups:
+ rule: 'MustRunAs'
+ ranges:
+ # Forbid adding the root group.
+ - min: 1
+ max: 65535
+ fsGroup:
+ rule: 'MustRunAs'
+ ranges:
+ # Forbid adding the root group.
+ - min: 1
+ max: 65535
+ readOnlyRootFilesystem: false
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/psp-clusterrole.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/psp-clusterrole.yaml
new file mode 100644
index 0000000..654e4a3
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/psp-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- if and .Values.podSecurityPolicy.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ {{- include "kube-state-metrics.labels" . | indent 4 }}
+ name: psp-{{ template "kube-state-metrics.fullname" . }}
+rules:
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }}
+- apiGroups: ['policy']
+{{- else }}
+- apiGroups: ['extensions']
+{{- end }}
+ resources: ['podsecuritypolicies']
+ verbs: ['use']
+ resourceNames:
+ - {{ template "kube-state-metrics.fullname" . }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml
new file mode 100644
index 0000000..5b62a18
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml
@@ -0,0 +1,16 @@
+{{- if and .Values.podSecurityPolicy.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ {{- include "kube-state-metrics.labels" . | indent 4 }}
+ name: psp-{{ template "kube-state-metrics.fullname" . }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: psp-{{ template "kube-state-metrics.fullname" . }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ template "kube-state-metrics.serviceAccountName" . }}
+ namespace: {{ template "kube-state-metrics.namespace" . }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/role.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/role.yaml
new file mode 100644
index 0000000..6474914
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/role.yaml
@@ -0,0 +1,196 @@
+{{- if and (eq .Values.rbac.create true) (not .Values.rbac.useExistingRole) -}}
+{{- range (ternary (join "," .Values.namespaces | split "," ) (list "") (eq $.Values.rbac.useClusterRole false)) }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+{{- if eq $.Values.rbac.useClusterRole false }}
+kind: Role
+{{- else }}
+kind: ClusterRole
+{{- end }}
+metadata:
+ labels:
+ {{- include "kube-state-metrics.labels" $ | indent 4 }}
+ name: {{ template "kube-state-metrics.fullname" $ }}
+{{- if eq $.Values.rbac.useClusterRole false }}
+ namespace: {{ . }}
+{{- end }}
+rules:
+{{ if has "certificatesigningrequests" $.Values.collectors }}
+- apiGroups: ["certificates.k8s.io"]
+ resources:
+ - certificatesigningrequests
+ verbs: ["list", "watch"]
+{{ end -}}
+{{ if has "configmaps" $.Values.collectors }}
+- apiGroups: [""]
+ resources:
+ - configmaps
+ verbs: ["list", "watch"]
+{{ end -}}
+{{ if has "cronjobs" $.Values.collectors }}
+- apiGroups: ["batch"]
+ resources:
+ - cronjobs
+ verbs: ["list", "watch"]
+{{ end -}}
+{{ if has "daemonsets" $.Values.collectors }}
+- apiGroups: ["extensions", "apps"]
+ resources:
+ - daemonsets
+ verbs: ["list", "watch"]
+{{ end -}}
+{{ if has "deployments" $.Values.collectors }}
+- apiGroups: ["extensions", "apps"]
+ resources:
+ - deployments
+ verbs: ["list", "watch"]
+{{ end -}}
+{{ if has "endpoints" $.Values.collectors }}
+- apiGroups: [""]
+ resources:
+ - endpoints
+ verbs: ["list", "watch"]
+{{ end -}}
+{{ if has "horizontalpodautoscalers" $.Values.collectors }}
+- apiGroups: ["autoscaling"]
+ resources:
+ - horizontalpodautoscalers
+ verbs: ["list", "watch"]
+{{ end -}}
+{{ if has "ingresses" $.Values.collectors }}
+- apiGroups: ["extensions", "networking.k8s.io"]
+ resources:
+ - ingresses
+ verbs: ["list", "watch"]
+{{ end -}}
+{{ if has "jobs" $.Values.collectors }}
+- apiGroups: ["batch"]
+ resources:
+ - jobs
+ verbs: ["list", "watch"]
+{{ end -}}
+{{ if has "leases" $.Values.collectors }}
+- apiGroups: ["coordination.k8s.io"]
+ resources:
+ - leases
+ verbs: ["list", "watch"]
+{{ end -}}
+{{ if has "limitranges" $.Values.collectors }}
+- apiGroups: [""]
+ resources:
+ - limitranges
+ verbs: ["list", "watch"]
+{{ end -}}
+{{ if has "mutatingwebhookconfigurations" $.Values.collectors }}
+- apiGroups: ["admissionregistration.k8s.io"]
+ resources:
+ - mutatingwebhookconfigurations
+ verbs: ["list", "watch"]
+{{ end -}}
+{{ if has "namespaces" $.Values.collectors }}
+- apiGroups: [""]
+ resources:
+ - namespaces
+ verbs: ["list", "watch"]
+{{ end -}}
+{{ if has "networkpolicies" $.Values.collectors }}
+- apiGroups: ["networking.k8s.io"]
+ resources:
+ - networkpolicies
+ verbs: ["list", "watch"]
+{{ end -}}
+{{ if has "nodes" $.Values.collectors }}
+- apiGroups: [""]
+ resources:
+ - nodes
+ verbs: ["list", "watch"]
+{{ end -}}
+{{ if has "persistentvolumeclaims" $.Values.collectors }}
+- apiGroups: [""]
+ resources:
+ - persistentvolumeclaims
+ verbs: ["list", "watch"]
+{{ end -}}
+{{ if has "persistentvolumes" $.Values.collectors }}
+- apiGroups: [""]
+ resources:
+ - persistentvolumes
+ verbs: ["list", "watch"]
+{{ end -}}
+{{ if has "poddisruptionbudgets" $.Values.collectors }}
+- apiGroups: ["policy"]
+ resources:
+ - poddisruptionbudgets
+ verbs: ["list", "watch"]
+{{ end -}}
+{{ if has "pods" $.Values.collectors }}
+- apiGroups: [""]
+ resources:
+ - pods
+ verbs: ["list", "watch"]
+{{ end -}}
+{{ if has "replicasets" $.Values.collectors }}
+- apiGroups: ["extensions", "apps"]
+ resources:
+ - replicasets
+ verbs: ["list", "watch"]
+{{ end -}}
+{{ if has "replicationcontrollers" $.Values.collectors }}
+- apiGroups: [""]
+ resources:
+ - replicationcontrollers
+ verbs: ["list", "watch"]
+{{ end -}}
+{{ if has "resourcequotas" $.Values.collectors }}
+- apiGroups: [""]
+ resources:
+ - resourcequotas
+ verbs: ["list", "watch"]
+{{ end -}}
+{{ if has "secrets" $.Values.collectors }}
+- apiGroups: [""]
+ resources:
+ - secrets
+ verbs: ["list", "watch"]
+{{ end -}}
+{{ if has "services" $.Values.collectors }}
+- apiGroups: [""]
+ resources:
+ - services
+ verbs: ["list", "watch"]
+{{ end -}}
+{{ if has "statefulsets" $.Values.collectors }}
+- apiGroups: ["apps"]
+ resources:
+ - statefulsets
+ verbs: ["list", "watch"]
+{{ end -}}
+{{ if has "storageclasses" $.Values.collectors }}
+- apiGroups: ["storage.k8s.io"]
+ resources:
+ - storageclasses
+ verbs: ["list", "watch"]
+{{ end -}}
+{{ if has "validatingwebhookconfigurations" $.Values.collectors }}
+- apiGroups: ["admissionregistration.k8s.io"]
+ resources:
+ - validatingwebhookconfigurations
+ verbs: ["list", "watch"]
+{{ end -}}
+{{ if has "volumeattachments" $.Values.collectors }}
+- apiGroups: ["storage.k8s.io"]
+ resources:
+ - volumeattachments
+ verbs: ["list", "watch"]
+{{ end -}}
+{{ if has "verticalpodautoscalers" $.Values.collectors }}
+- apiGroups: ["autoscaling.k8s.io"]
+ resources:
+ - verticalpodautoscalers
+ verbs: ["list", "watch"]
+{{ end -}}
+{{ if $.Values.rbac.extraRules }}
+{{ toYaml $.Values.rbac.extraRules }}
+{{ end }}
+{{- end -}}
+{{- end -}}
diff --git a/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/rolebinding.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/rolebinding.yaml
new file mode 100644
index 0000000..330651b
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/rolebinding.yaml
@@ -0,0 +1,24 @@
+{{- if and (eq .Values.rbac.create true) (eq .Values.rbac.useClusterRole false) -}}
+{{- range (join "," $.Values.namespaces) | split "," }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ {{- include "kube-state-metrics.labels" $ | indent 4 }}
+ name: {{ template "kube-state-metrics.fullname" $ }}
+ namespace: {{ . }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+{{- if (not $.Values.rbac.useExistingRole) }}
+ name: {{ template "kube-state-metrics.fullname" $ }}
+{{- else }}
+ name: {{ $.Values.rbac.useExistingRole }}
+{{- end }}
+subjects:
+- kind: ServiceAccount
+ name: {{ template "kube-state-metrics.serviceAccountName" $ }}
+ namespace: {{ template "kube-state-metrics.namespace" $ }}
+{{- end -}}
+{{- end -}}
diff --git a/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/service.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/service.yaml
new file mode 100644
index 0000000..92c6d4f
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/service.yaml
@@ -0,0 +1,41 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "kube-state-metrics.fullname" . }}
+ namespace: {{ template "kube-state-metrics.namespace" . }}
+ labels:
+ {{- include "kube-state-metrics.labels" . | indent 4 }}
+ annotations:
+ {{- if .Values.prometheusScrape }}
+ prometheus.io/scrape: '{{ .Values.prometheusScrape }}'
+ {{- end }}
+ {{- if .Values.service.annotations }}
+ {{- toYaml .Values.service.annotations | nindent 4 }}
+ {{- end }}
+spec:
+ type: "{{ .Values.service.type }}"
+ ports:
+ - name: "http"
+ protocol: TCP
+ port: {{ .Values.service.port | default 8080}}
+ {{- if .Values.service.nodePort }}
+ nodePort: {{ .Values.service.nodePort }}
+ {{- end }}
+ targetPort: {{ .Values.service.port | default 8080}}
+ {{ if .Values.selfMonitor.enabled }}
+ - name: "metrics"
+ protocol: TCP
+ port: {{ .Values.selfMonitor.telemetryPort | default 8081 }}
+ targetPort: {{ .Values.selfMonitor.telemetryPort | default 8081 }}
+ {{- if .Values.selfMonitor.telemetryNodePort }}
+ nodePort: {{ .Values.selfMonitor.telemetryNodePort }}
+ {{- end }}
+ {{ end }}
+{{- if .Values.service.loadBalancerIP }}
+ loadBalancerIP: "{{ .Values.service.loadBalancerIP }}"
+{{- end }}
+{{- if .Values.service.clusterIP }}
+ clusterIP: "{{ .Values.service.clusterIP }}"
+{{- end }}
+ selector:
+ {{- include "kube-state-metrics.selectorLabels" . | indent 4 }}
diff --git a/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/serviceaccount.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/serviceaccount.yaml
new file mode 100644
index 0000000..e1229eb
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/serviceaccount.yaml
@@ -0,0 +1,15 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ {{- include "kube-state-metrics.labels" . | indent 4 }}
+ name: {{ template "kube-state-metrics.serviceAccountName" . }}
+ namespace: {{ template "kube-state-metrics.namespace" . }}
+{{- if .Values.serviceAccount.annotations }}
+ annotations:
+{{ toYaml .Values.serviceAccount.annotations | indent 4 }}
+{{- end }}
+imagePullSecrets:
+{{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }}
+{{- end -}}
diff --git a/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/servicemonitor.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/servicemonitor.yaml
new file mode 100644
index 0000000..e93df4c
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/servicemonitor.yaml
@@ -0,0 +1,81 @@
+{{- if .Values.prometheus.monitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ template "kube-state-metrics.fullname" . }}
+ namespace: {{ template "kube-state-metrics.namespace" . }}
+ labels:
+ {{- include "kube-state-metrics.labels" . | indent 4 }}
+ {{- with .Values.prometheus.monitor.additionalLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ jobLabel: {{ default "app.kubernetes.io/name" .Values.prometheus.monitor.jobLabel }}
+ {{- include "servicemonitor.scrapeLimits" .Values.prometheus.monitor | indent 2 }}
+ selector:
+ matchLabels:
+ {{- with .Values.prometheus.monitor.selectorOverride }}
+ {{- toYaml . | nindent 6 }}
+ {{- else }}
+ {{- include "kube-state-metrics.selectorLabels" . | indent 6 }}
+ {{- end }}
+ endpoints:
+ - port: http
+ {{- if .Values.prometheus.monitor.interval }}
+ interval: {{ .Values.prometheus.monitor.interval }}
+ {{- end }}
+ {{- if .Values.prometheus.monitor.scrapeTimeout }}
+ scrapeTimeout: {{ .Values.prometheus.monitor.scrapeTimeout }}
+ {{- end }}
+ {{- if .Values.prometheus.monitor.proxyUrl }}
+ proxyUrl: {{ .Values.prometheus.monitor.proxyUrl}}
+ {{- end }}
+ {{- if .Values.prometheus.monitor.honorLabels }}
+ honorLabels: true
+ {{- end }}
+ {{- if .Values.prometheus.monitor.metricRelabelings }}
+ metricRelabelings:
+ {{- toYaml .Values.prometheus.monitor.metricRelabelings | nindent 8 }}
+ {{- end }}
+ {{- if .Values.prometheus.monitor.relabelings }}
+ relabelings:
+ {{- toYaml .Values.prometheus.monitor.relabelings | nindent 8 }}
+ {{- end }}
+ {{- if .Values.prometheus.monitor.scheme }}
+ scheme: {{ .Values.prometheus.monitor.scheme }}
+ {{- end }}
+ {{- if .Values.prometheus.monitor.tlsConfig }}
+ tlsConfig:
+ {{- toYaml .Values.prometheus.monitor.tlsConfig | nindent 8 }}
+ {{- end }}
+ {{- if .Values.selfMonitor.enabled }}
+ - port: metrics
+ {{- if .Values.prometheus.monitor.interval }}
+ interval: {{ .Values.prometheus.monitor.interval }}
+ {{- end }}
+ {{- if .Values.prometheus.monitor.scrapeTimeout }}
+ scrapeTimeout: {{ .Values.prometheus.monitor.scrapeTimeout }}
+ {{- end }}
+ {{- if .Values.prometheus.monitor.proxyUrl }}
+ proxyUrl: {{ .Values.prometheus.monitor.proxyUrl}}
+ {{- end }}
+ {{- if .Values.prometheus.monitor.honorLabels }}
+ honorLabels: true
+ {{- end }}
+ {{- if .Values.prometheus.monitor.metricRelabelings }}
+ metricRelabelings:
+ {{- toYaml .Values.prometheus.monitor.metricRelabelings | nindent 8 }}
+ {{- end }}
+ {{- if .Values.prometheus.monitor.relabelings }}
+ relabelings:
+ {{- toYaml .Values.prometheus.monitor.relabelings | nindent 8 }}
+ {{- end }}
+ {{- if .Values.prometheus.monitor.scheme }}
+ scheme: {{ .Values.prometheus.monitor.scheme }}
+ {{- end }}
+ {{- if .Values.prometheus.monitor.tlsConfig }}
+ tlsConfig:
+ {{- toYaml .Values.prometheus.monitor.tlsConfig | nindent 8 }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/stsdiscovery-role.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/stsdiscovery-role.yaml
new file mode 100644
index 0000000..489de14
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/stsdiscovery-role.yaml
@@ -0,0 +1,26 @@
+{{- if and .Values.autosharding.enabled .Values.rbac.create -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }}
+ namespace: {{ template "kube-state-metrics.namespace" . }}
+ labels:
+ {{- include "kube-state-metrics.labels" . | indent 4 }}
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - get
+- apiGroups:
+ - apps
+ resourceNames:
+ - {{ template "kube-state-metrics.fullname" . }}
+ resources:
+ - statefulsets
+ verbs:
+ - get
+ - list
+ - watch
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml
new file mode 100644
index 0000000..73b37a4
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml
@@ -0,0 +1,17 @@
+{{- if and .Values.autosharding.enabled .Values.rbac.create -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }}
+ namespace: {{ template "kube-state-metrics.namespace" . }}
+ labels:
+ {{- include "kube-state-metrics.labels" . | indent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ template "kube-state-metrics.serviceAccountName" . }}
+ namespace: {{ template "kube-state-metrics.namespace" . }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/verticalpodautoscaler.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/verticalpodautoscaler.yaml
new file mode 100644
index 0000000..e825e5c
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/verticalpodautoscaler.yaml
@@ -0,0 +1,34 @@
+{{- if and (.Capabilities.APIVersions.Has "autoscaling.k8s.io/v1") (.Values.verticalPodAutoscaler.enabled) }}
+apiVersion: autoscaling.k8s.io/v1
+kind: VerticalPodAutoscaler
+metadata:
+ name: {{ template "kube-state-metrics.fullname" . }}
+ namespace: {{ template "kube-state-metrics.namespace" . }}
+ labels:
+ {{- include "kube-state-metrics.labels" . | indent 4 }}
+spec:
+ resourcePolicy:
+ containerPolicies:
+ - containerName: {{ template "kube-state-metrics.name" . }}
+ {{- if .Values.verticalPodAutoscaler.controlledResources }}
+ controlledResources: {{ .Values.verticalPodAutoscaler.controlledResources }}
+ {{- end }}
+ {{- if .Values.verticalPodAutoscaler.maxAllowed }}
+ maxAllowed:
+ {{ toYaml .Values.verticalPodAutoscaler.maxAllowed | nindent 8 }}
+ {{- end }}
+ {{- if .Values.verticalPodAutoscaler.minAllowed }}
+ minAllowed:
+ {{ toYaml .Values.verticalPodAutoscaler.minAllowed | nindent 8 }}
+ {{- end }}
+ targetRef:
+ apiVersion: apps/v1
+ kind: Deployment
+ name: {{ template "kube-state-metrics.fullname" . }}
+ {{- if .Values.verticalPodAutoscaler.updatePolicy }}
+ updatePolicy:
+ {{- if .Values.verticalPodAutoscaler.updatePolicy.updateMode }}
+ updateMode: {{ .Values.verticalPodAutoscaler.updatePolicy.updateMode }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/kube-state-metrics/values.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/values.yaml
new file mode 100644
index 0000000..67e8bca
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/values.yaml
@@ -0,0 +1,305 @@
+# Default values for kube-state-metrics.
+prometheusScrape: true
+image:
+ repository: registry.k8s.io/kube-state-metrics/kube-state-metrics
+ tag: v2.6.0
+ sha: ""
+ pullPolicy: IfNotPresent
+
+imagePullSecrets: []
+# - name: "image-pull-secret"
+
+# If set to true, this will deploy kube-state-metrics as a StatefulSet and the data
+# will be automatically sharded across <.Values.replicas> pods using the built-in
+# autodiscovery feature: https://github.com/kubernetes/kube-state-metrics#automated-sharding
+# This is an experimental feature and there are no stability guarantees.
+autosharding:
+ enabled: false
+
+replicas: 1
+
+# List of additional cli arguments to configure kube-state-metrics
+# for example: --enable-gzip-encoding, --log-file, etc.
+# all the possible args can be found here: https://github.com/kubernetes/kube-state-metrics/blob/master/docs/cli-arguments.md
+extraArgs: []
+
+service:
+ port: 8080
+ # Default to clusterIP for backward compatibility
+ type: ClusterIP
+ nodePort: 0
+ loadBalancerIP: ""
+ clusterIP: ""
+ annotations: {}
+
+## Additional labels to add to all resources
+customLabels: {}
+ # app: kube-state-metrics
+
+## set to true to add the release label so scraping of the servicemonitor with kube-prometheus-stack works out of the box
+releaseLabel: false
+
+hostNetwork: false
+
+rbac:
+ # If true, create & use RBAC resources
+ create: true
+
+ # Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to it, rolename set here.
+ # useExistingRole: your-existing-role
+
+ # If set to false - Run without Cluteradmin privs needed - ONLY works if namespace is also set (if useExistingRole is set this name is used as ClusterRole or Role to bind to)
+ useClusterRole: true
+
+ # Add permissions for CustomResources' apiGroups in Role/ClusterRole. Should be used in conjunction with Custom Resource State Metrics configuration
+ # Example:
+ # - apiGroups: ["monitoring.coreos.com"]
+ # resources: ["prometheuses"]
+ # verbs: ["list", "watch"]
+ extraRules: []
+
+serviceAccount:
+ # Specifies whether a ServiceAccount should be created, require rbac true
+ create: true
+ # The name of the ServiceAccount to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name:
+ # Reference to one or more secrets to be used when pulling images
+ # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ imagePullSecrets: []
+ # ServiceAccount annotations.
+ # Use case: AWS EKS IAM roles for service accounts
+ # ref: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html
+ annotations: {}
+
+prometheus:
+ monitor:
+ enabled: false
+ additionalLabels: {}
+ namespace: ""
+ jobLabel: ""
+ interval: ""
+ ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
+ ##
+ sampleLimit: 0
+
+ ## TargetLimit defines a limit on the number of scraped targets that will be accepted.
+ ##
+ targetLimit: 0
+
+ ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
+ ##
+ labelLimit: 0
+
+ ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
+ ##
+ labelNameLengthLimit: 0
+
+ ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
+ ##
+ labelValueLengthLimit: 0
+ scrapeTimeout: ""
+ proxyUrl: ""
+ selectorOverride: {}
+ honorLabels: false
+ metricRelabelings: []
+ relabelings: []
+ scheme: ""
+ tlsConfig: {}
+
+## Specify if a Pod Security Policy for kube-state-metrics must be created
+## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
+##
+podSecurityPolicy:
+ enabled: false
+ annotations: {}
+ ## Specify pod annotations
+ ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
+ ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
+ ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
+ ##
+ # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
+ # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
+ # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
+
+ additionalVolumes: []
+
+securityContext:
+ enabled: true
+ runAsGroup: 65534
+ runAsUser: 65534
+ fsGroup: 65534
+
+## Specify security settings for a Container
+## Allows overrides and additional options compared to (Pod) securityContext
+## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+containerSecurityContext: {}
+
+## Node labels for pod assignment
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+nodeSelector: {}
+
+## Affinity settings for pod assignment
+## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+affinity: {}
+
+## Tolerations for pod assignment
+## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+tolerations: []
+
+## Topology spread constraints for pod assignment
+## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+topologySpreadConstraints: []
+
+# Annotations to be added to the deployment/statefulset
+annotations: {}
+
+# Annotations to be added to the pod
+podAnnotations: {}
+
+## Assign a PriorityClassName to pods if set
+# priorityClassName: ""
+
+# Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
+podDisruptionBudget: {}
+
+# Comma-separated list of metrics to be exposed.
+# This list comprises of exact metric names and/or regex patterns.
+# The allowlist and denylist are mutually exclusive.
+metricAllowlist: []
+
+# Comma-separated list of metrics not to be enabled.
+# This list comprises of exact metric names and/or regex patterns.
+# The allowlist and denylist are mutually exclusive.
+metricDenylist: []
+
+# Comma-separated list of additional Kubernetes label keys that will be used in the resource's
+# labels metric. By default the metric contains only name and namespace labels.
+# To include additional labels, provide a list of resource names in their plural form and Kubernetes
+# label keys you would like to allow for them (Example: '=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)'.
+# A single '*' can be provided per resource instead to allow any labels, but that has
+# severe performance implications (Example: '=pods=[*]').
+metricLabelsAllowlist: []
+ # - namespaces=[k8s-label-1,k8s-label-n]
+
+# Comma-separated list of Kubernetes annotations keys that will be used in the resource'
+# labels metric. By default the metric contains only name and namespace labels.
+# To include additional annotations provide a list of resource names in their plural form and Kubernetes
+# annotation keys you would like to allow for them (Example: '=namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...)'.
+# A single '*' can be provided per resource instead to allow any annotations, but that has
+# severe performance implications (Example: '=pods=[*]').
+metricAnnotationsAllowList: []
+ # - pods=[k8s-annotation-1,k8s-annotation-n]
+
+# Available collectors for kube-state-metrics.
+# By default, all available resources are enabled, comment out to disable.
+collectors:
+ - certificatesigningrequests
+ - configmaps
+ - cronjobs
+ - daemonsets
+ - deployments
+ - endpoints
+ - horizontalpodautoscalers
+ - ingresses
+ - jobs
+ - leases
+ - limitranges
+ - mutatingwebhookconfigurations
+ - namespaces
+ - networkpolicies
+ - nodes
+ - persistentvolumeclaims
+ - persistentvolumes
+ - poddisruptionbudgets
+ - pods
+ - replicasets
+ - replicationcontrollers
+ - resourcequotas
+ - secrets
+ - services
+ - statefulsets
+ - storageclasses
+ - validatingwebhookconfigurations
+ - volumeattachments
+ # - verticalpodautoscalers # not a default resource, see also: https://github.com/kubernetes/kube-state-metrics#enabling-verticalpodautoscalers
+
+# Enabling kubeconfig will pass the --kubeconfig argument to the container
+kubeconfig:
+ enabled: false
+ # base64 encoded kube-config file
+ secret:
+
+# Enable only the release namespace for collecting resources. By default all namespaces are collected.
+# If releaseNamespace and namespaces are both set a merged list will be collected.
+releaseNamespace: false
+
+# Comma-separated list(string) or yaml list of namespaces to be enabled for collecting resources. By default all namespaces are collected.
+namespaces: ""
+
+# Comma-separated list of namespaces not to be enabled. If namespaces and namespaces-denylist are both set,
+# only namespaces that are excluded in namespaces-denylist will be used.
+namespacesDenylist: ""
+
+## Override the deployment namespace
+##
+namespaceOverride: ""
+
+resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # limits:
+ # cpu: 100m
+ # memory: 64Mi
+ # requests:
+ # cpu: 10m
+ # memory: 32Mi
+
+## Provide a k8s version to define apiGroups for podSecurityPolicy Cluster Role.
+## For example: kubeTargetVersionOverride: 1.14.9
+##
+kubeTargetVersionOverride: ""
+
+# Enable self metrics configuration for service and Service Monitor
+# Default values for telemetry configuration can be overridden
+# If you set telemetryNodePort, you must also set service.type to NodePort
+selfMonitor:
+ enabled: false
+ # telemetryHost: 0.0.0.0
+ # telemetryPort: 8081
+ # telemetryNodePort: 0
+
+# Enable vertical pod autoscaler support for kube-state-metrics
+verticalPodAutoscaler:
+ enabled: false
+ # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
+ controlledResources: []
+
+ # Define the max allowed resources for the pod
+ maxAllowed: {}
+ # cpu: 200m
+ # memory: 100Mi
+ # Define the min allowed resources for the pod
+ minAllowed: {}
+ # cpu: 200m
+ # memory: 100Mi
+
+ # updatePolicy:
+ # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates
+ # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto".
+ # updateMode: Auto
+
+# volumeMounts are used to add custom volume mounts to deployment.
+# See example below
+volumeMounts: []
+# - mountPath: /etc/config
+# name: config-volume
+
+# volumes are used to add custom volumes to deployment
+# See example below
+volumes: []
+# - configMap:
+# name: cm-for-volume
+# name: config-volume
diff --git a/charts/kube-prometheus-stack/charts/prometheus-node-exporter/.helmignore b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/.helmignore
new file mode 100644
index 0000000..f0c1319
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/charts/kube-prometheus-stack/charts/prometheus-node-exporter/Chart.yaml b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/Chart.yaml
new file mode 100644
index 0000000..29fee1b
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/Chart.yaml
@@ -0,0 +1,18 @@
+apiVersion: v2
+appVersion: 1.3.1
+description: A Helm chart for prometheus node-exporter
+home: https://github.com/prometheus/node_exporter/
+keywords:
+- node-exporter
+- prometheus
+- exporter
+maintainers:
+- email: gianrubio@gmail.com
+ name: gianrubio
+- email: zanhsieh@gmail.com
+ name: zanhsieh
+name: prometheus-node-exporter
+sources:
+- https://github.com/prometheus/node_exporter/
+type: application
+version: 4.4.2
diff --git a/charts/kube-prometheus-stack/charts/prometheus-node-exporter/README.md b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/README.md
new file mode 100644
index 0000000..02de7b1
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/README.md
@@ -0,0 +1,77 @@
+# Prometheus `Node Exporter`
+
+Prometheus exporter for hardware and OS metrics exposed by *NIX kernels, written in Go with pluggable metric collectors.
+
+This chart bootstraps a prometheus [`Node Exporter`](http://github.com/prometheus/node_exporter) daemonset on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Get Repository Info
+
+```console
+helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
+helm repo update
+```
+
+_See [`helm repo`](https://helm.sh/docs/helm/helm_repo/) for command documentation._
+
+## Install Chart
+
+```console
+helm install [RELEASE_NAME] prometheus-community/prometheus-node-exporter
+```
+
+_See [configuration](#configuring) below._
+
+_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
+
+## Uninstall Chart
+
+```console
+helm uninstall [RELEASE_NAME]
+```
+
+This removes all the Kubernetes components associated with the chart and deletes the release.
+
+_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
+
+## Upgrading Chart
+
+```console
+helm upgrade [RELEASE_NAME] [CHART] --install
+```
+
+_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
+
+### 3.x to 4.x
+
+Starting from version 4.0.0, the `node exporter` chart is using the [Kubernetes recommended labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/). Therefore you have to delete the daemonset before you upgrade.
+
+```console
+kubectl delete daemonset -l app=prometheus-node-exporter
+helm upgrade -i prometheus-node-exporter prometheus-community/prometheus-node-exporter
+```
+
+If you use your own custom [ServiceMonitor](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitor) or [PodMonitor](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#podmonitor), please ensure to upgrade their `selector` fields accordingly to the new labels.
+
+### From 2.x to 3.x
+
+Change the following:
+
+```yaml
+hostRootFsMount: true
+```
+
+to:
+
+```yaml
+hostRootFsMount:
+ enabled: true
+ mountPropagation: HostToContainer
+```
+
+## Configuring
+
+See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands:
+
+```console
+helm show values prometheus-community/prometheus-node-exporter
+```
diff --git a/charts/kube-prometheus-stack/charts/prometheus-node-exporter/ci/port-values.yaml b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/ci/port-values.yaml
new file mode 100644
index 0000000..dbfb4b6
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/ci/port-values.yaml
@@ -0,0 +1,3 @@
+service:
+ targetPort: 9102
+ port: 9102
diff --git a/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/NOTES.txt b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/NOTES.txt
new file mode 100644
index 0000000..df05e3f
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/NOTES.txt
@@ -0,0 +1,15 @@
+1. Get the application URL by running these commands:
+{{- if contains "NodePort" .Values.service.type }}
+ export NODE_PORT=$(kubectl get --namespace {{ template "prometheus-node-exporter.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus-node-exporter.fullname" . }})
+ export NODE_IP=$(kubectl get nodes --namespace {{ template "prometheus-node-exporter.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
+ echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ You can watch the status of by running 'kubectl get svc -w {{ template "prometheus-node-exporter.fullname" . }}'
+ export SERVICE_IP=$(kubectl get svc --namespace {{ template "prometheus-node-exporter.namespace" . }} {{ template "prometheus-node-exporter.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+ echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+ export POD_NAME=$(kubectl get pods --namespace {{ template "prometheus-node-exporter.namespace" . }} -l "app.kubernetes.io/name={{ template "prometheus-node-exporter.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+ echo "Visit http://127.0.0.1:9100 to use your application"
+ kubectl port-forward --namespace {{ template "prometheus-node-exporter.namespace" . }} $POD_NAME 9100
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/_helpers.tpl b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/_helpers.tpl
new file mode 100644
index 0000000..2103089
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/_helpers.tpl
@@ -0,0 +1,107 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "prometheus-node-exporter.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "prometheus-node-exporter.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Generate basic labels */}}
+{{- define "prometheus-node-exporter.labels" }}
+helm.sh/chart: {{ template "prometheus-node-exporter.chart" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/component: metrics
+app.kubernetes.io/part-of: {{ template "prometheus-node-exporter.name" . }}
+{{- include "prometheus-node-exporter.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+{{- if .Values.podLabels}}
+{{ toYaml .Values.podLabels }}
+{{- end }}
+{{- if .Values.releaseLabel }}
+release: {{ .Release.Name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "prometheus-node-exporter.selectorLabels" }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/name: {{ template "prometheus-node-exporter.name" . }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "prometheus-node-exporter.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "prometheus-node-exporter.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+ {{ default (include "prometheus-node-exporter.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+The image to use
+*/}}
+{{- define "prometheus-node-exporter.image" -}}
+{{- if .Values.image.sha -}}
+{{- printf "%s:%s@%s" .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) .Values.image.sha }}
+{{- else -}}
+{{- printf "%s:%s" .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) }}
+{{- end }}
+{{- end }}
+
+{{/*
+Allow the release namespace to be overridden for multi-namespace deployments in combined charts
+*/}}
+{{- define "prometheus-node-exporter.namespace" -}}
+ {{- if .Values.namespaceOverride -}}
+ {{- .Values.namespaceOverride -}}
+ {{- else -}}
+ {{- .Release.Namespace -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Create the namespace name of the service monitor
+*/}}
+{{- define "prometheus-node-exporter.monitor-namespace" -}}
+ {{- if .Values.namespaceOverride -}}
+ {{- .Values.namespaceOverride -}}
+ {{- else -}}
+ {{- if .Values.prometheus.monitor.namespace -}}
+ {{- .Values.prometheus.monitor.namespace -}}
+ {{- else -}}
+ {{- .Release.Namespace -}}
+ {{- end -}}
+ {{- end -}}
+{{- end -}}
diff --git a/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/daemonset.yaml b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/daemonset.yaml
new file mode 100644
index 0000000..a742f24
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/daemonset.yaml
@@ -0,0 +1,234 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: {{ template "prometheus-node-exporter.fullname" . }}
+ namespace: {{ template "prometheus-node-exporter.namespace" . }}
+ labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }}
+spec:
+ selector:
+ matchLabels:
+ {{- include "prometheus-node-exporter.selectorLabels" . | indent 6 }}
+ {{- if .Values.updateStrategy }}
+ updateStrategy:
+{{ toYaml .Values.updateStrategy | indent 4 }}
+ {{- end }}
+ template:
+ metadata:
+ labels: {{ include "prometheus-node-exporter.labels" . | indent 8 }}
+ {{- if .Values.podAnnotations }}
+ annotations:
+ {{- toYaml .Values.podAnnotations | nindent 8 }}
+ {{- end }}
+ spec:
+ automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
+ serviceAccountName: {{ template "prometheus-node-exporter.serviceAccountName" . }}
+{{- if .Values.securityContext }}
+ securityContext:
+{{ toYaml .Values.securityContext | indent 8 }}
+{{- end }}
+{{- if .Values.priorityClassName }}
+ priorityClassName: {{ .Values.priorityClassName }}
+{{- end }}
+ {{- if .Values.extraInitContainers }}
+ initContainers:
+ {{ toYaml .Values.extraInitContainers | nindent 6 }}
+ {{- end }}
+ containers:
+ - name: node-exporter
+ image: {{ include "prometheus-node-exporter.image" . }}
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ args:
+ - --path.procfs=/host/proc
+ - --path.sysfs=/host/sys
+ {{- if .Values.hostRootFsMount.enabled }}
+ - --path.rootfs=/host/root
+ {{- end }}
+ - --web.listen-address=[$(HOST_IP)]:{{ .Values.service.port }}
+{{- if .Values.extraArgs }}
+{{ toYaml .Values.extraArgs | indent 12 }}
+{{- end }}
+ {{- with .Values.containerSecurityContext }}
+ securityContext: {{ toYaml . | nindent 12 }}
+ {{- end }}
+ env:
+ - name: HOST_IP
+ {{- if .Values.service.listenOnAllInterfaces }}
+ value: 0.0.0.0
+ {{- else }}
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.hostIP
+ {{- end }}
+ {{- range $key, $value := .Values.env }}
+ - name: {{ $key }}
+ value: {{ $value | quote }}
+ {{- end }}
+ ports:
+ - name: {{ .Values.service.portName }}
+ containerPort: {{ .Values.service.port }}
+ protocol: TCP
+ livenessProbe:
+ failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
+ httpGet:
+ httpHeaders:
+ {{- range $_, $header := .Values.livenessProbe.httpGet.httpHeaders }}
+ - name: {{ $header.name }}
+ value: {{ $header.value }}
+ {{- end }}
+ path: /
+ port: {{ .Values.service.port }}
+ scheme: {{ upper .Values.livenessProbe.httpGet.scheme }}
+ initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+ successThreshold: {{ .Values.livenessProbe.successThreshold }}
+ timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+ readinessProbe:
+ failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
+ httpGet:
+ httpHeaders:
+ {{- range $_, $header := .Values.readinessProbe.httpGet.httpHeaders }}
+ - name: {{ $header.name }}
+ value: {{ $header.value }}
+ {{- end }}
+ path: /
+ port: {{ .Values.service.port }}
+ scheme: {{ upper .Values.readinessProbe.httpGet.scheme }}
+ initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
+ successThreshold: {{ .Values.readinessProbe.successThreshold }}
+ timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
+ resources:
+{{ toYaml .Values.resources | indent 12 }}
+ volumeMounts:
+ - name: proc
+ mountPath: /host/proc
+ readOnly: true
+ - name: sys
+ mountPath: /host/sys
+ readOnly: true
+ {{- if .Values.hostRootFsMount.enabled }}
+ - name: root
+ mountPath: /host/root
+ {{- with .Values.hostRootFsMount.mountPropagation }}
+ mountPropagation: {{ . }}
+ {{- end }}
+ readOnly: true
+ {{- end }}
+ {{- if .Values.extraHostVolumeMounts }}
+ {{- range $_, $mount := .Values.extraHostVolumeMounts }}
+ - name: {{ $mount.name }}
+ mountPath: {{ $mount.mountPath }}
+ readOnly: {{ $mount.readOnly }}
+ {{- if $mount.mountPropagation }}
+ mountPropagation: {{ $mount.mountPropagation }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.sidecarVolumeMount }}
+ {{- range $_, $mount := .Values.sidecarVolumeMount }}
+ - name: {{ $mount.name }}
+ mountPath: {{ $mount.mountPath }}
+ readOnly: true
+ {{- end }}
+ {{- end }}
+ {{- if .Values.configmaps }}
+ {{- range $_, $mount := .Values.configmaps }}
+ - name: {{ $mount.name }}
+ mountPath: {{ $mount.mountPath }}
+ {{- end }}
+ {{- if .Values.secrets }}
+ {{- range $_, $mount := .Values.secrets }}
+ - name: {{ .name }}
+ mountPath: {{ .mountPath }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+{{- if .Values.sidecars }}
+{{ toYaml .Values.sidecars | indent 8 }}
+ {{- if or .Values.sidecarVolumeMount .Values.sidecarHostVolumeMounts }}
+ volumeMounts:
+ {{- range $_, $mount := .Values.sidecarVolumeMount }}
+ - name: {{ $mount.name }}
+ mountPath: {{ $mount.mountPath }}
+ readOnly: {{ $mount.readOnly }}
+ {{- end }}
+ {{- range $_, $mount := .Values.sidecarHostVolumeMounts }}
+ - name: {{ $mount.name }}
+ mountPath: {{ $mount.mountPath }}
+ readOnly: {{ $mount.readOnly }}
+ {{- if $mount.mountPropagation }}
+ mountPropagation: {{ $mount.mountPropagation }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+{{- end }}
+{{- if .Values.imagePullSecrets }}
+ imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 8 }}
+ {{- end }}
+ hostNetwork: {{ .Values.hostNetwork }}
+ hostPID: {{ .Values.hostPID }}
+{{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+{{- end }}
+{{- with .Values.dnsConfig }}
+ dnsConfig:
+{{ toYaml . | indent 8 }}
+{{- end }}
+{{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ volumes:
+ - name: proc
+ hostPath:
+ path: /proc
+ - name: sys
+ hostPath:
+ path: /sys
+ {{- if .Values.hostRootFsMount.enabled }}
+ - name: root
+ hostPath:
+ path: /
+ {{- end }}
+ {{- if .Values.extraHostVolumeMounts }}
+ {{- range $_, $mount := .Values.extraHostVolumeMounts }}
+ - name: {{ $mount.name }}
+ hostPath:
+ path: {{ $mount.hostPath }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.sidecarVolumeMount }}
+ {{- range $_, $mount := .Values.sidecarVolumeMount }}
+ - name: {{ $mount.name }}
+ emptyDir:
+ medium: Memory
+ {{- end }}
+ {{- end }}
+ {{- if .Values.sidecarHostVolumeMounts }}
+ {{- range $_, $mount := .Values.sidecarHostVolumeMounts }}
+ - name: {{ $mount.name }}
+ hostPath:
+ path: {{ $mount.hostPath }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.configmaps }}
+ {{- range $_, $mount := .Values.configmaps }}
+ - name: {{ $mount.name }}
+ configMap:
+ name: {{ $mount.name }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.secrets }}
+ {{- range $_, $mount := .Values.secrets }}
+ - name: {{ $mount.name }}
+ secret:
+ secretName: {{ $mount.name }}
+ {{- end }}
+ {{- end }}
diff --git a/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/endpoints.yaml b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/endpoints.yaml
new file mode 100644
index 0000000..ef3e270
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/endpoints.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.endpoints }}
+apiVersion: v1
+kind: Endpoints
+metadata:
+ name: {{ template "prometheus-node-exporter.fullname" . }}
+ namespace: {{ template "prometheus-node-exporter.namespace" . }}
+ labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }}
+subsets:
+ - addresses:
+ {{- range .Values.endpoints }}
+ - ip: {{ . }}
+ {{- end }}
+ ports:
+ - name: {{ .Values.service.portName }}
+ port: 9100
+ protocol: TCP
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml
new file mode 100644
index 0000000..e2144cf
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml
@@ -0,0 +1,13 @@
+{{- if and .Values.rbac.create .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: psp-{{ template "prometheus-node-exporter.fullname" . }}
+ labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }}
+rules:
+- apiGroups: ['extensions']
+ resources: ['podsecuritypolicies']
+ verbs: ['use']
+ resourceNames:
+ - {{ template "prometheus-node-exporter.fullname" . }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml
new file mode 100644
index 0000000..49034b0
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml
@@ -0,0 +1,15 @@
+{{- if and .Values.rbac.create .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: psp-{{ template "prometheus-node-exporter.fullname" . }}
+ labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: psp-{{ template "prometheus-node-exporter.fullname" . }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ template "prometheus-node-exporter.fullname" . }}
+ namespace: {{ template "prometheus-node-exporter.namespace" . }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/psp.yaml b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/psp.yaml
new file mode 100644
index 0000000..b47d258
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/psp.yaml
@@ -0,0 +1,48 @@
+{{- if and .Values.rbac.create .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ template "prometheus-node-exporter.fullname" . }}
+ namespace: {{ template "prometheus-node-exporter.namespace" . }}
+ labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }}
+ {{- with .Values.rbac.pspAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end}}
+spec:
+ privileged: false
+ # Allow core volume types.
+ volumes:
+ - 'configMap'
+ - 'emptyDir'
+ - 'projected'
+ - 'secret'
+ - 'downwardAPI'
+ - 'persistentVolumeClaim'
+ - 'hostPath'
+ hostNetwork: true
+ hostIPC: false
+ hostPID: true
+ hostPorts:
+ - min: 0
+ max: 65535
+ runAsUser:
+ # Permits the container to run with root privileges as well.
+ rule: 'RunAsAny'
+ seLinux:
+ # This policy assumes the nodes are using AppArmor rather than SELinux.
+ rule: 'RunAsAny'
+ supplementalGroups:
+ rule: 'MustRunAs'
+ ranges:
+ # Allow adding the root group.
+ - min: 0
+ max: 65535
+ fsGroup:
+ rule: 'MustRunAs'
+ ranges:
+ # Allow adding the root group.
+ - min: 0
+ max: 65535
+ readOnlyRootFilesystem: false
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/service.yaml b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/service.yaml
new file mode 100644
index 0000000..fbed05c
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/service.yaml
@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "prometheus-node-exporter.fullname" . }}
+ namespace: {{ template "prometheus-node-exporter.namespace" . }}
+ labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }}
+{{- if .Values.service.annotations }}
+ annotations:
+{{ toYaml .Values.service.annotations | indent 4 }}
+{{- end }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.port }}
+ {{- if ( and (eq .Values.service.type "NodePort" ) (not (empty .Values.service.nodePort)) ) }}
+ nodePort: {{ .Values.service.nodePort }}
+ {{- end }}
+ targetPort: {{ .Values.service.targetPort }}
+ protocol: TCP
+ name: {{ .Values.service.portName }}
+ selector:
+ {{- include "prometheus-node-exporter.selectorLabels" . | indent 4 }}
diff --git a/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/serviceaccount.yaml b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/serviceaccount.yaml
new file mode 100644
index 0000000..dc3fee6
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.rbac.create -}}
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ template "prometheus-node-exporter.serviceAccountName" . }}
+ namespace: {{ template "prometheus-node-exporter.namespace" . }}
+ labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }}
+ annotations:
+{{ toYaml .Values.serviceAccount.annotations | indent 4 }}
+imagePullSecrets:
+{{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }}
+{{- end -}}
+{{- end -}}
diff --git a/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/servicemonitor.yaml b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/servicemonitor.yaml
new file mode 100644
index 0000000..898116e
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/servicemonitor.yaml
@@ -0,0 +1,51 @@
+{{- if .Values.prometheus.monitor.enabled }}
+apiVersion: {{ .Values.prometheus.monitor.apiVersion | default "monitoring.coreos.com/v1" }}
+kind: ServiceMonitor
+metadata:
+ name: {{ template "prometheus-node-exporter.fullname" . }}
+ namespace: {{ template "prometheus-node-exporter.monitor-namespace" . }}
+ labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }}
+ {{- if .Values.prometheus.monitor.additionalLabels }}
+ {{- toYaml .Values.prometheus.monitor.additionalLabels | nindent 4 }}
+ {{- end }}
+spec:
+ jobLabel: {{ default "app.kubernetes.io/name" .Values.prometheus.monitor.jobLabel }}
+ selector:
+ matchLabels:
+ {{- with .Values.prometheus.monitor.selectorOverride }}
+ {{- toYaml . | nindent 6 }}
+ {{- else }}
+ {{ include "prometheus-node-exporter.selectorLabels" . | indent 6 }}
+ {{- end }}
+ endpoints:
+ - port: {{ .Values.service.portName }}
+ scheme: {{ .Values.prometheus.monitor.scheme }}
+ {{- with .Values.prometheus.monitor.basicAuth }}
+ basicAuth:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.prometheus.monitor.bearerTokenFile }}
+ bearerTokenFile: {{ . }}
+ {{- end }}
+ {{- with .Values.prometheus.monitor.tlsConfig }}
+ tlsConfig:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.prometheus.monitor.proxyUrl }}
+ proxyUrl: {{ . }}
+ {{- end }}
+ {{- with .Values.prometheus.monitor.interval }}
+ interval: {{ . }}
+ {{- end }}
+ {{- with .Values.prometheus.monitor.scrapeTimeout }}
+ scrapeTimeout: {{ . }}
+ {{- end }}
+ {{- with .Values.prometheus.monitor.relabelings }}
+ relabelings:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.prometheus.monitor.metricRelabelings }}
+ metricRelabelings:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/verticalpodautoscaler.yaml b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/verticalpodautoscaler.yaml
new file mode 100644
index 0000000..918dc0b
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/verticalpodautoscaler.yaml
@@ -0,0 +1,33 @@
+{{- if and (.Capabilities.APIVersions.Has "autoscaling.k8s.io/v1") (.Values.verticalPodAutoscaler.enabled) }}
+apiVersion: autoscaling.k8s.io/v1
+kind: VerticalPodAutoscaler
+metadata:
+ name: {{ template "prometheus-node-exporter.fullname" . }}
+ namespace: {{ template "prometheus-node-exporter.namespace" . }}
+ labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }}
+spec:
+ resourcePolicy:
+ containerPolicies:
+ - containerName: {{ template "prometheus-node-exporter.name" . }}
+ {{- if .Values.verticalPodAutoscaler.controlledResources }}
+ controlledResources: {{ .Values.verticalPodAutoscaler.controlledResources }}
+ {{- end }}
+ {{- if .Values.verticalPodAutoscaler.maxAllowed }}
+ maxAllowed:
+ {{ toYaml .Values.verticalPodAutoscaler.maxAllowed | nindent 8 }}
+ {{- end }}
+ {{- if .Values.verticalPodAutoscaler.minAllowed }}
+ minAllowed:
+ {{ toYaml .Values.verticalPodAutoscaler.minAllowed | nindent 8 }}
+ {{- end }}
+ targetRef:
+ apiVersion: apps/v1
+ kind: DaemonSet
+ name: {{ template "prometheus-node-exporter.fullname" . }}
+ {{- if .Values.verticalPodAutoscaler.updatePolicy }}
+ updatePolicy:
+ {{- if .Values.verticalPodAutoscaler.updatePolicy.updateMode }}
+ updateMode: {{ .Values.verticalPodAutoscaler.updatePolicy.updateMode }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/charts/prometheus-node-exporter/values.yaml b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/values.yaml
new file mode 100644
index 0000000..3da0a2f
--- /dev/null
+++ b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/values.yaml
@@ -0,0 +1,268 @@
+# Default values for prometheus-node-exporter.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+image:
+ repository: quay.io/prometheus/node-exporter
+ # Overrides the image tag whose default is {{ printf "v%s" .Chart.AppVersion }}
+ tag: ""
+ pullPolicy: IfNotPresent
+ sha: ""
+
+imagePullSecrets: []
+# - name: "image-pull-secret"
+
+service:
+ type: ClusterIP
+ port: 9100
+ targetPort: 9100
+ nodePort:
+ portName: metrics
+ listenOnAllInterfaces: true
+ annotations:
+ prometheus.io/scrape: "true"
+
+# Additional environment variables that will be passed to the daemonset
+env: {}
+## env:
+## VARIABLE: value
+
+prometheus:
+ monitor:
+ enabled: false
+ additionalLabels: {}
+ namespace: ""
+
+ jobLabel: ""
+
+ scheme: http
+ basicAuth: {}
+ bearerTokenFile:
+ tlsConfig: {}
+
+ ## proxyUrl: URL of a proxy that should be used for scraping.
+ ##
+ proxyUrl: ""
+
+ ## Override serviceMonitor selector
+ ##
+ selectorOverride: {}
+
+ relabelings: []
+ metricRelabelings: []
+ interval: ""
+ scrapeTimeout: 10s
+ ## prometheus.monitor.apiVersion ApiVersion for the serviceMonitor Resource(defaults to "monitoring.coreos.com/v1")
+ apiVersion: ""
+
+## Customize the updateStrategy if set
+updateStrategy:
+ type: RollingUpdate
+ rollingUpdate:
+ maxUnavailable: 1
+
+resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # limits:
+ # cpu: 200m
+ # memory: 50Mi
+ # requests:
+ # cpu: 100m
+ # memory: 30Mi
+
+serviceAccount:
+ # Specifies whether a ServiceAccount should be created
+ create: true
+ # The name of the ServiceAccount to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name:
+ annotations: {}
+ imagePullSecrets: []
+ automountServiceAccountToken: false
+
+securityContext:
+ fsGroup: 65534
+ runAsGroup: 65534
+ runAsNonRoot: true
+ runAsUser: 65534
+
+containerSecurityContext: {}
+ # capabilities:
+ # add:
+ # - SYS_TIME
+
+rbac:
+ ## If true, create & use RBAC resources
+ ##
+ create: true
+ ## If true, create & use Pod Security Policy resources
+ ## https://kubernetes.io/docs/concepts/policy/pod-security-policy/
+ pspEnabled: true
+ pspAnnotations: {}
+
+# for deployments that have node_exporter deployed outside of the cluster, list
+# their addresses here
+endpoints: []
+
+# Expose the service to the host network
+hostNetwork: true
+
+# Share the host process ID namespace
+hostPID: true
+
+# Mount the node's root file system (/) at /host/root in the container
+hostRootFsMount:
+ enabled: true
+ # Defines how new mounts in existing mounts on the node or in the container
+ # are propagated to the container or node, respectively. Possible values are
+ # None, HostToContainer, and Bidirectional. If this field is omitted, then
+ # None is used. More information on:
+ # https://kubernetes.io/docs/concepts/storage/volumes/#mount-propagation
+ mountPropagation: HostToContainer
+
+## Assign a group of affinity scheduling rules
+##
+affinity: {}
+# nodeAffinity:
+# requiredDuringSchedulingIgnoredDuringExecution:
+# nodeSelectorTerms:
+# - matchFields:
+# - key: metadata.name
+# operator: In
+# values:
+# - target-host-name
+
+# Annotations to be added to node exporter pods
+podAnnotations:
+ # Fix for very slow GKE cluster upgrades
+ cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
+
+# Extra labels to be added to node exporter pods
+podLabels: {}
+
+## set to true to add the release label so scraping of the servicemonitor with kube-prometheus-stack works out of the box
+releaseLabel: false
+
+# Custom DNS configuration to be added to prometheus-node-exporter pods
+dnsConfig: {}
+# nameservers:
+# - 1.2.3.4
+# searches:
+# - ns1.svc.cluster-domain.example
+# - my.dns.search.suffix
+# options:
+# - name: ndots
+# value: "2"
+# - name: edns0
+
+## Assign a nodeSelector if operating a hybrid cluster
+##
+nodeSelector: {}
+# beta.kubernetes.io/arch: amd64
+# beta.kubernetes.io/os: linux
+
+tolerations:
+ - effect: NoSchedule
+ operator: Exists
+
+## Assign a PriorityClassName to pods if set
+# priorityClassName: ""
+
+## Additional container arguments
+##
+extraArgs: []
+# - --collector.diskstats.ignored-devices=^(ram|loop|fd|(h|s|v)d[a-z]|nvme\\d+n\\d+p)\\d+$
+# - --collector.textfile.directory=/run/prometheus
+
+## Additional mounts from the host to node-exporter container
+##
+extraHostVolumeMounts: []
+# - name: <mountName>
+# hostPath: <hostPath>
+# mountPath: <mountPath>
+# readOnly: true|false
+# mountPropagation: None|HostToContainer|Bidirectional
+
+## Additional configmaps to be mounted.
+##
+configmaps: []
+# - name: <configMapName>
+# mountPath: <mountPath>
+secrets: []
+# - name: <secretName>
+# mountPath: <mountPatch>
+## Override the deployment namespace
+##
+namespaceOverride: ""
+
+## Additional containers for export metrics to text file
+##
+sidecars: []
+## - name: nvidia-dcgm-exporter
+## image: nvidia/dcgm-exporter:1.4.3
+
+## Volume for sidecar containers
+##
+sidecarVolumeMount: []
+## - name: collector-textfiles
+## mountPath: /run/prometheus
+## readOnly: false
+
+## Additional mounts from the host to sidecar containers
+##
+sidecarHostVolumeMounts: []
+# - name: <mountName>
+# hostPath: <hostPath>
+# mountPath: <mountPath>
+# readOnly: true|false
+# mountPropagation: None|HostToContainer|Bidirectional
+
+## Additional InitContainers to initialize the pod
+##
+extraInitContainers: []
+
+## Liveness probe
+##
+livenessProbe:
+ failureThreshold: 3
+ httpGet:
+ httpHeaders: []
+ scheme: http
+ initialDelaySeconds: 0
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+
+## Readiness probe
+##
+readinessProbe:
+ failureThreshold: 3
+ httpGet:
+ httpHeaders: []
+ scheme: http
+ initialDelaySeconds: 0
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+
+# Enable vertical pod autoscaler support for prometheus-node-exporter
+verticalPodAutoscaler:
+ enabled: false
+ # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
+ controlledResources: []
+
+ # Define the max allowed resources for the pod
+ maxAllowed: {}
+ # cpu: 200m
+ # memory: 100Mi
+ # Define the min allowed resources for the pod
+ minAllowed: {}
+ # cpu: 200m
+ # memory: 100Mi
+
+ # updatePolicy:
+ # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates
+ # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto".
+ # updateMode: Auto
diff --git a/charts/kube-prometheus-stack/crds/crd-alertmanagerconfigs.yaml b/charts/kube-prometheus-stack/crds/crd-alertmanagerconfigs.yaml
new file mode 100644
index 0000000..744a9f9
--- /dev/null
+++ b/charts/kube-prometheus-stack/crds/crd-alertmanagerconfigs.yaml
@@ -0,0 +1,4475 @@
+# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.9.2
+ creationTimestamp: null
+ name: alertmanagerconfigs.monitoring.coreos.com
+spec:
+ group: monitoring.coreos.com
+ names:
+ categories:
+ - prometheus-operator
+ kind: AlertmanagerConfig
+ listKind: AlertmanagerConfigList
+ plural: alertmanagerconfigs
+ shortNames:
+ - amcfg
+ singular: alertmanagerconfig
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: AlertmanagerConfig defines a namespaced AlertmanagerConfig to
+ be aggregated across multiple namespaces configuring one Alertmanager cluster.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: AlertmanagerConfigSpec is a specification of the desired
+ behavior of the Alertmanager configuration. By definition, the Alertmanager
+ configuration only applies to alerts for which the `namespace` label
+ is equal to the namespace of the AlertmanagerConfig resource.
+ properties:
+ inhibitRules:
+ description: List of inhibition rules. The rules will only apply to
+ alerts matching the resource's namespace.
+ items:
+ description: InhibitRule defines an inhibition rule that allows
+ to mute alerts when other alerts are already firing. See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule
+ properties:
+ equal:
+ description: Labels that must have an equal value in the source
+ and target alert for the inhibition to take effect.
+ items:
+ type: string
+ type: array
+ sourceMatch:
+ description: Matchers for which one or more alerts have to exist
+ for the inhibition to take effect. The operator enforces that
+ the alert matches the resource's namespace.
+ items:
+ description: Matcher defines how to match on alert's labels.
+ properties:
+ matchType:
+ description: Match operation available with AlertManager
+ >= v0.22.0 and takes precedence over Regex (deprecated)
+ if non-empty.
+ enum:
+ - '!='
+ - =
+ - =~
+ - '!~'
+ type: string
+ name:
+ description: Label to match.
+ minLength: 1
+ type: string
+ regex:
+ description: Whether to match on equality (false) or regular-expression
+ (true). Deprecated as of AlertManager >= v0.22.0 where
+ a user should use MatchType instead.
+ type: boolean
+ value:
+ description: Label value to match.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ targetMatch:
+ description: Matchers that have to be fulfilled in the alerts
+ to be muted. The operator enforces that the alert matches
+ the resource's namespace.
+ items:
+ description: Matcher defines how to match on alert's labels.
+ properties:
+ matchType:
+ description: Match operation available with AlertManager
+ >= v0.22.0 and takes precedence over Regex (deprecated)
+ if non-empty.
+ enum:
+ - '!='
+ - =
+ - =~
+ - '!~'
+ type: string
+ name:
+ description: Label to match.
+ minLength: 1
+ type: string
+ regex:
+ description: Whether to match on equality (false) or regular-expression
+ (true). Deprecated as of AlertManager >= v0.22.0 where
+ a user should use MatchType instead.
+ type: boolean
+ value:
+ description: Label value to match.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ type: object
+ type: array
+ muteTimeIntervals:
+ description: List of MuteTimeInterval specifying when the routes should
+ be muted.
+ items:
+ description: MuteTimeInterval specifies the periods in time when
+ notifications will be muted
+ properties:
+ name:
+ description: Name of the time interval
+ type: string
+ timeIntervals:
+ description: TimeIntervals is a list of TimeInterval
+ items:
+ description: TimeInterval describes intervals of time
+ properties:
+ daysOfMonth:
+ description: DaysOfMonth is a list of DayOfMonthRange
+ items:
+ description: DayOfMonthRange is an inclusive range of
+ days of the month beginning at 1
+ properties:
+ end:
+ description: End of the inclusive range
+ maximum: 31
+ minimum: -31
+ type: integer
+ start:
+ description: Start of the inclusive range
+ maximum: 31
+ minimum: -31
+ type: integer
+ type: object
+ type: array
+ months:
+ description: Months is a list of MonthRange
+ items:
+ description: MonthRange is an inclusive range of months
+ of the year beginning in January Months can be specified
+ by name (e.g 'January') by numerical month (e.g '1')
+ or as an inclusive range (e.g 'January:March', '1:3',
+ '1:March')
+ pattern: ^((?i)january|february|march|april|may|june|july|august|september|october|november|december|[1-12])(?:((:((?i)january|february|march|april|may|june|july|august|september|october|november|december|[1-12]))$)|$)
+ type: string
+ type: array
+ times:
+ description: Times is a list of TimeRange
+ items:
+ description: TimeRange defines a start and end time
+ in 24hr format
+ properties:
+ endTime:
+ description: EndTime is the end time in 24hr format.
+ pattern: ^((([01][0-9])|(2[0-3])):[0-5][0-9])$|(^24:00$)
+ type: string
+ startTime:
+ description: StartTime is the start time in 24hr
+ format.
+ pattern: ^((([01][0-9])|(2[0-3])):[0-5][0-9])$|(^24:00$)
+ type: string
+ type: object
+ type: array
+ weekdays:
+ description: Weekdays is a list of WeekdayRange
+ items:
+ description: WeekdayRange is an inclusive range of days
+ of the week beginning on Sunday Days can be specified
+ by name (e.g 'Sunday') or as an inclusive range (e.g
+ 'Monday:Friday')
+ pattern: ^((?i)sun|mon|tues|wednes|thurs|fri|satur)day(?:((:(sun|mon|tues|wednes|thurs|fri|satur)day)$)|$)
+ type: string
+ type: array
+ years:
+ description: Years is a list of YearRange
+ items:
+ description: YearRange is an inclusive range of years
+ pattern: ^2\d{3}(?::2\d{3}|$)
+ type: string
+ type: array
+ type: object
+ type: array
+ type: object
+ type: array
+ receivers:
+ description: List of receivers.
+ items:
+ description: Receiver defines one or more notification integrations.
+ properties:
+ emailConfigs:
+ description: List of Email configurations.
+ items:
+ description: EmailConfig configures notifications via Email.
+ properties:
+ authIdentity:
+ description: The identity to use for authentication.
+ type: string
+ authPassword:
+ description: The secret's key that contains the password
+ to use for authentication. The secret needs to be in
+ the same namespace as the AlertmanagerConfig object
+ and accessible by the Prometheus Operator.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ authSecret:
+ description: The secret's key that contains the CRAM-MD5
+ secret. The secret needs to be in the same namespace
+ as the AlertmanagerConfig object and accessible by the
+ Prometheus Operator.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ authUsername:
+ description: The username to use for authentication.
+ type: string
+ from:
+ description: The sender address.
+ type: string
+ headers:
+ description: Further headers email header key/value pairs.
+ Overrides any headers previously set by the notification
+ implementation.
+ items:
+ description: KeyValue defines a (key, value) tuple.
+ properties:
+ key:
+ description: Key of the tuple.
+ minLength: 1
+ type: string
+ value:
+ description: Value of the tuple.
+ type: string
+ required:
+ - key
+ - value
+ type: object
+ type: array
+ hello:
+ description: The hostname to identify to the SMTP server.
+ type: string
+ html:
+ description: The HTML body of the email notification.
+ type: string
+ requireTLS:
+ description: The SMTP TLS requirement. Note that Go does
+ not support unencrypted connections to remote SMTP endpoints.
+ type: boolean
+ sendResolved:
+ description: Whether or not to notify about resolved alerts.
+ type: boolean
+ smarthost:
+ description: The SMTP host and port through which emails
+ are sent. E.g. example.com:25
+ type: string
+ text:
+ description: The text body of the email notification.
+ type: string
+ tlsConfig:
+ description: TLS configuration
+ properties:
+ ca:
+ description: Struct containing the CA cert to use
+ for the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use
+ for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for
+ the targets.
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ cert:
+ description: Struct containing the client cert file
+ for the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use
+ for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for
+ the targets.
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ insecureSkipVerify:
+ description: Disable target certificate validation.
+ type: boolean
+ keySecret:
+ description: Secret containing the client key file
+ for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ serverName:
+ description: Used to verify the hostname for the targets.
+ type: string
+ type: object
+ to:
+ description: The email address to send notifications to.
+ type: string
+ type: object
+ type: array
+ name:
+ description: Name of the receiver. Must be unique across all
+ items from the list.
+ minLength: 1
+ type: string
+ opsgenieConfigs:
+ description: List of OpsGenie configurations.
+ items:
+ description: OpsGenieConfig configures notifications via OpsGenie.
+ See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config
+ properties:
+ actions:
+ description: Comma separated list of actions that will
+ be available for the alert.
+ type: string
+ apiKey:
+ description: The secret's key that contains the OpsGenie
+ API key. The secret needs to be in the same namespace
+ as the AlertmanagerConfig object and accessible by the
+ Prometheus Operator.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ apiURL:
+ description: The URL to send OpsGenie API requests to.
+ type: string
+ description:
+ description: Description of the incident.
+ type: string
+ details:
+ description: A set of arbitrary key/value pairs that provide
+ further detail about the incident.
+ items:
+ description: KeyValue defines a (key, value) tuple.
+ properties:
+ key:
+ description: Key of the tuple.
+ minLength: 1
+ type: string
+ value:
+ description: Value of the tuple.
+ type: string
+ required:
+ - key
+ - value
+ type: object
+ type: array
+ entity:
+ description: Optional field that can be used to specify
+ which domain alert is related to.
+ type: string
+ httpConfig:
+ description: HTTP client configuration.
+ properties:
+ authorization:
+ description: Authorization header configuration for
+ the client. This is mutually exclusive with BasicAuth
+ and is only available starting from Alertmanager
+ v0.22+.
+ properties:
+ credentials:
+ description: The secret's key that contains the
+ credentials of the request
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type:
+ description: Set the authentication type. Defaults
+ to Bearer, Basic will cause an error
+ type: string
+ type: object
+ basicAuth:
+ description: BasicAuth for the client. This is mutually
+ exclusive with Authorization. If both are defined,
+ BasicAuth takes precedence.
+ properties:
+ password:
+ description: The secret in the service monitor
+ namespace that contains the password for authentication.
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ username:
+ description: The secret in the service monitor
+ namespace that contains the username for authentication.
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ bearerTokenSecret:
+ description: The secret's key that contains the bearer
+ token to be used by the client for authentication.
+ The secret needs to be in the same namespace as
+ the AlertmanagerConfig object and accessible by
+ the Prometheus Operator.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ followRedirects:
+ description: FollowRedirects specifies whether the
+ client should follow HTTP 3xx redirects.
+ type: boolean
+ oauth2:
+ description: OAuth2 client credentials used to fetch
+ a token for the targets.
+ properties:
+ clientId:
+ description: The secret or configmap containing
+ the OAuth2 client id
+ properties:
+ configMap:
+ description: ConfigMap containing data to
+ use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use
+ for the targets.
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ clientSecret:
+ description: The secret containing the OAuth2
+ client secret
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ endpointParams:
+ additionalProperties:
+ type: string
+ description: Parameters to append to the token
+ URL
+ type: object
+ scopes:
+ description: OAuth2 scopes used for the token
+ request
+ items:
+ type: string
+ type: array
+ tokenUrl:
+ description: The URL to fetch the token from
+ minLength: 1
+ type: string
+ required:
+ - clientId
+ - clientSecret
+ - tokenUrl
+ type: object
+ proxyURL:
+ description: Optional proxy URL.
+ type: string
+ tlsConfig:
+ description: TLS configuration for the client.
+ properties:
+ ca:
+ description: Struct containing the CA cert to
+ use for the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to
+ use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use
+ for the targets.
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ cert:
+ description: Struct containing the client cert
+ file for the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to
+ use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use
+ for the targets.
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ insecureSkipVerify:
+ description: Disable target certificate validation.
+ type: boolean
+ keySecret:
+ description: Secret containing the client key
+ file for the targets.
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ serverName:
+ description: Used to verify the hostname for the
+ targets.
+ type: string
+ type: object
+ type: object
+ message:
+ description: Alert text limited to 130 characters.
+ type: string
+ note:
+ description: Additional alert note.
+ type: string
+ priority:
+ description: Priority level of alert. Possible values
+ are P1, P2, P3, P4, and P5.
+ type: string
+ responders:
+ description: List of responders responsible for notifications.
+ items:
+ description: OpsGenieConfigResponder defines a responder
+ to an incident. One of `id`, `name` or `username`
+ has to be defined.
+ properties:
+ id:
+ description: ID of the responder.
+ type: string
+ name:
+ description: Name of the responder.
+ type: string
+ type:
+ description: Type of responder.
+ enum:
+ - team
+ - teams
+ - user
+ - escalation
+ - schedule
+ minLength: 1
+ type: string
+ username:
+ description: Username of the responder.
+ type: string
+ required:
+ - type
+ type: object
+ type: array
+ sendResolved:
+ description: Whether or not to notify about resolved alerts.
+ type: boolean
+ source:
+ description: Backlink to the sender of the notification.
+ type: string
+ tags:
+ description: Comma separated list of tags attached to
+ the notifications.
+ type: string
+ updateAlerts:
+ description: Whether to update message and description
+ of the alert in OpsGenie if it already exists By default,
+ the alert is never updated in OpsGenie, the new message
+ only appears in activity log.
+ type: boolean
+ type: object
+ type: array
+ pagerdutyConfigs:
+ description: List of PagerDuty configurations.
+ items:
+ description: PagerDutyConfig configures notifications via
+ PagerDuty. See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config
+ properties:
+ class:
+ description: The class/type of the event.
+ type: string
+ client:
+ description: Client identification.
+ type: string
+ clientURL:
+ description: Backlink to the sender of notification.
+ type: string
+ component:
+ description: The part or component of the affected system
+ that is broken.
+ type: string
+ description:
+ description: Description of the incident.
+ type: string
+ details:
+ description: Arbitrary key/value pairs that provide further
+ detail about the incident.
+ items:
+ description: KeyValue defines a (key, value) tuple.
+ properties:
+ key:
+ description: Key of the tuple.
+ minLength: 1
+ type: string
+ value:
+ description: Value of the tuple.
+ type: string
+ required:
+ - key
+ - value
+ type: object
+ type: array
+ group:
+ description: A cluster or grouping of sources.
+ type: string
+ httpConfig:
+ description: HTTP client configuration.
+ properties:
+ authorization:
+ description: Authorization header configuration for
+ the client. This is mutually exclusive with BasicAuth
+ and is only available starting from Alertmanager
+ v0.22+.
+ properties:
+ credentials:
+ description: The secret's key that contains the
+ credentials of the request
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type:
+ description: Set the authentication type. Defaults
+ to Bearer, Basic will cause an error
+ type: string
+ type: object
+ basicAuth:
+ description: BasicAuth for the client. This is mutually
+ exclusive with Authorization. If both are defined,
+ BasicAuth takes precedence.
+ properties:
+ password:
+ description: The secret in the service monitor
+ namespace that contains the password for authentication.
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ username:
+ description: The secret in the service monitor
+ namespace that contains the username for authentication.
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ bearerTokenSecret:
+ description: The secret's key that contains the bearer
+ token to be used by the client for authentication.
+ The secret needs to be in the same namespace as
+ the AlertmanagerConfig object and accessible by
+ the Prometheus Operator.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ followRedirects:
+ description: FollowRedirects specifies whether the
+ client should follow HTTP 3xx redirects.
+ type: boolean
+ oauth2:
+ description: OAuth2 client credentials used to fetch
+ a token for the targets.
+ properties:
+ clientId:
+ description: The secret or configmap containing
+ the OAuth2 client id
+ properties:
+ configMap:
+ description: ConfigMap containing data to
+ use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use
+ for the targets.
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ clientSecret:
+ description: The secret containing the OAuth2
+ client secret
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ endpointParams:
+ additionalProperties:
+ type: string
+ description: Parameters to append to the token
+ URL
+ type: object
+ scopes:
+ description: OAuth2 scopes used for the token
+ request
+ items:
+ type: string
+ type: array
+ tokenUrl:
+ description: The URL to fetch the token from
+ minLength: 1
+ type: string
+ required:
+ - clientId
+ - clientSecret
+ - tokenUrl
+ type: object
+ proxyURL:
+ description: Optional proxy URL.
+ type: string
+ tlsConfig:
+ description: TLS configuration for the client.
+ properties:
+ ca:
+ description: Struct containing the CA cert to
+ use for the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to
+ use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use
+ for the targets.
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ cert:
+ description: Struct containing the client cert
+ file for the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to
+ use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use
+ for the targets.
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ insecureSkipVerify:
+ description: Disable target certificate validation.
+ type: boolean
+ keySecret:
+ description: Secret containing the client key
+ file for the targets.
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ serverName:
+ description: Used to verify the hostname for the
+ targets.
+ type: string
+ type: object
+ type: object
+ pagerDutyImageConfigs:
+ description: A list of image details to attach that provide
+ further detail about an incident.
+ items:
+ description: PagerDutyImageConfig attaches images to
+ an incident
+ properties:
+ alt:
+ description: Alt is the optional alternative text
+ for the image.
+ type: string
+ href:
+ description: Optional URL; makes the image a clickable
+ link.
+ type: string
+ src:
+ description: Src of the image being attached to
+ the incident
+ type: string
+ type: object
+ type: array
+ pagerDutyLinkConfigs:
+ description: A list of link details to attach that provide
+ further detail about an incident.
+ items:
+ description: PagerDutyLinkConfig attaches text links
+ to an incident
+ properties:
+ alt:
+ description: Text that describes the purpose of
+ the link, and can be used as the link's text.
+ type: string
+ href:
+ description: Href is the URL of the link to be attached
+ type: string
+ type: object
+ type: array
+ routingKey:
+ description: The secret's key that contains the PagerDuty
+ integration key (when using Events API v2). Either this
+ field or `serviceKey` needs to be defined. The secret
+ needs to be in the same namespace as the AlertmanagerConfig
+ object and accessible by the Prometheus Operator.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ sendResolved:
+ description: Whether or not to notify about resolved alerts.
+ type: boolean
+ serviceKey:
+ description: The secret's key that contains the PagerDuty
+ service key (when using integration type "Prometheus").
+ Either this field or `routingKey` needs to be defined.
+ The secret needs to be in the same namespace as the
+ AlertmanagerConfig object and accessible by the Prometheus
+ Operator.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ severity:
+ description: Severity of the incident.
+ type: string
+ url:
+ description: The URL to send requests to.
+ type: string
+ type: object
+ type: array
+ pushoverConfigs:
+ description: List of Pushover configurations.
+ items:
+ description: PushoverConfig configures notifications via Pushover.
+ See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config
+ properties:
+ expire:
+ description: How long your notification will continue
+ to be retried for, unless the user acknowledges the
+ notification.
+ pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$
+ type: string
+ html:
+ description: Whether notification message is HTML or plain
+ text.
+ type: boolean
+ httpConfig:
+ description: HTTP client configuration.
+ properties:
+ authorization:
+ description: Authorization header configuration for
+ the client. This is mutually exclusive with BasicAuth
+ and is only available starting from Alertmanager
+ v0.22+.
+ properties:
+ credentials:
+ description: The secret's key that contains the
+ credentials of the request
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type:
+ description: Set the authentication type. Defaults
+ to Bearer, Basic will cause an error
+ type: string
+ type: object
+ basicAuth:
+ description: BasicAuth for the client. This is mutually
+ exclusive with Authorization. If both are defined,
+ BasicAuth takes precedence.
+ properties:
+ password:
+ description: The secret in the service monitor
+ namespace that contains the password for authentication.
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ username:
+ description: The secret in the service monitor
+ namespace that contains the username for authentication.
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ bearerTokenSecret:
+ description: The secret's key that contains the bearer
+ token to be used by the client for authentication.
+ The secret needs to be in the same namespace as
+ the AlertmanagerConfig object and accessible by
+ the Prometheus Operator.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ followRedirects:
+ description: FollowRedirects specifies whether the
+ client should follow HTTP 3xx redirects.
+ type: boolean
+ oauth2:
+ description: OAuth2 client credentials used to fetch
+ a token for the targets.
+ properties:
+ clientId:
+ description: The secret or configmap containing
+ the OAuth2 client id
+ properties:
+ configMap:
+ description: ConfigMap containing data to
+ use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use
+ for the targets.
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ clientSecret:
+ description: The secret containing the OAuth2
+ client secret
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ endpointParams:
+ additionalProperties:
+ type: string
+ description: Parameters to append to the token
+ URL
+ type: object
+ scopes:
+ description: OAuth2 scopes used for the token
+ request
+ items:
+ type: string
+ type: array
+ tokenUrl:
+ description: The URL to fetch the token from
+ minLength: 1
+ type: string
+ required:
+ - clientId
+ - clientSecret
+ - tokenUrl
+ type: object
+ proxyURL:
+ description: Optional proxy URL.
+ type: string
+ tlsConfig:
+ description: TLS configuration for the client.
+ properties:
+ ca:
+ description: Struct containing the CA cert to
+ use for the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to
+ use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use
+ for the targets.
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ cert:
+ description: Struct containing the client cert
+ file for the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to
+ use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use
+ for the targets.
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ insecureSkipVerify:
+ description: Disable target certificate validation.
+ type: boolean
+ keySecret:
+ description: Secret containing the client key
+ file for the targets.
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ serverName:
+ description: Used to verify the hostname for the
+ targets.
+ type: string
+ type: object
+ type: object
+ message:
+ description: Notification message.
+ type: string
+ priority:
+ description: Priority, see https://pushover.net/api#priority
+ type: string
+ retry:
+ description: How often the Pushover servers will send
+ the same notification to the user. Must be at least
+ 30 seconds.
+ pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$
+ type: string
+ sendResolved:
+ description: Whether or not to notify about resolved alerts.
+ type: boolean
+ sound:
+ description: The name of one of the sounds supported by
+ device clients to override the user's default sound
+ choice
+ type: string
+ title:
+ description: Notification title.
+ type: string
+ token:
+ description: The secret's key that contains the registered
+ application's API token, see https://pushover.net/apps.
+ The secret needs to be in the same namespace as the
+ AlertmanagerConfig object and accessible by the Prometheus
+ Operator.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ url:
+ description: A supplementary URL shown alongside the message.
+ type: string
+ urlTitle:
+ description: A title for supplementary URL, otherwise
+ just the URL is shown
+ type: string
+ userKey:
+ description: The secret's key that contains the recipient
+ user's user key. The secret needs to be in the same
+ namespace as the AlertmanagerConfig object and accessible
+ by the Prometheus Operator.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ type: array
+ slackConfigs:
+ description: List of Slack configurations.
+ items:
+ description: SlackConfig configures notifications via Slack.
+ See https://prometheus.io/docs/alerting/latest/configuration/#slack_config
+ properties:
+ actions:
+ description: A list of Slack actions that are sent with
+ each notification.
+ items:
+ description: SlackAction configures a single Slack action
+ that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields
+ and https://api.slack.com/docs/message-buttons for
+ more information.
+ properties:
+ confirm:
+ description: SlackConfirmationField protect users
+ from destructive actions or particularly distinguished
+ decisions by asking them to confirm their button
+ click one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields
+ for more information.
+ properties:
+ dismissText:
+ type: string
+ okText:
+ type: string
+ text:
+ minLength: 1
+ type: string
+ title:
+ type: string
+ required:
+ - text
+ type: object
+ name:
+ type: string
+ style:
+ type: string
+ text:
+ minLength: 1
+ type: string
+ type:
+ minLength: 1
+ type: string
+ url:
+ type: string
+ value:
+ type: string
+ required:
+ - text
+ - type
+ type: object
+ type: array
+ apiURL:
+ description: The secret's key that contains the Slack
+ webhook URL. The secret needs to be in the same namespace
+ as the AlertmanagerConfig object and accessible by the
+ Prometheus Operator.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ callbackId:
+ type: string
+ channel:
+ description: The channel or user to send notifications
+ to.
+ type: string
+ color:
+ type: string
+ fallback:
+ type: string
+ fields:
+ description: A list of Slack fields that are sent with
+ each notification.
+ items:
+ description: SlackField configures a single Slack field
+ that is sent with each notification. Each field must
+ contain a title, value, and optionally, a boolean
+ value to indicate if the field is short enough to
+ be displayed next to other fields designated as short.
+ See https://api.slack.com/docs/message-attachments#fields
+ for more information.
+ properties:
+ short:
+ type: boolean
+ title:
+ minLength: 1
+ type: string
+ value:
+ minLength: 1
+ type: string
+ required:
+ - title
+ - value
+ type: object
+ type: array
+ footer:
+ type: string
+ httpConfig:
+ description: HTTP client configuration.
+ properties:
+ authorization:
+ description: Authorization header configuration for
+ the client. This is mutually exclusive with BasicAuth
+ and is only available starting from Alertmanager
+ v0.22+.
+ properties:
+ credentials:
+ description: The secret's key that contains the
+ credentials of the request
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type:
+ description: Set the authentication type. Defaults
+ to Bearer, Basic will cause an error
+ type: string
+ type: object
+ basicAuth:
+ description: BasicAuth for the client. This is mutually
+ exclusive with Authorization. If both are defined,
+ BasicAuth takes precedence.
+ properties:
+ password:
+ description: The secret in the service monitor
+ namespace that contains the password for authentication.
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ username:
+ description: The secret in the service monitor
+ namespace that contains the username for authentication.
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ bearerTokenSecret:
+ description: The secret's key that contains the bearer
+ token to be used by the client for authentication.
+ The secret needs to be in the same namespace as
+ the AlertmanagerConfig object and accessible by
+ the Prometheus Operator.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ followRedirects:
+ description: FollowRedirects specifies whether the
+ client should follow HTTP 3xx redirects.
+ type: boolean
+ oauth2:
+ description: OAuth2 client credentials used to fetch
+ a token for the targets.
+ properties:
+ clientId:
+ description: The secret or configmap containing
+ the OAuth2 client id
+ properties:
+ configMap:
+ description: ConfigMap containing data to
+ use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use
+ for the targets.
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ clientSecret:
+ description: The secret containing the OAuth2
+ client secret
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ endpointParams:
+ additionalProperties:
+ type: string
+ description: Parameters to append to the token
+ URL
+ type: object
+ scopes:
+ description: OAuth2 scopes used for the token
+ request
+ items:
+ type: string
+ type: array
+ tokenUrl:
+ description: The URL to fetch the token from
+ minLength: 1
+ type: string
+ required:
+ - clientId
+ - clientSecret
+ - tokenUrl
+ type: object
+ proxyURL:
+ description: Optional proxy URL.
+ type: string
+ tlsConfig:
+ description: TLS configuration for the client.
+ properties:
+ ca:
+ description: Struct containing the CA cert to
+ use for the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to
+ use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use
+ for the targets.
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ cert:
+ description: Struct containing the client cert
+ file for the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to
+ use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use
+ for the targets.
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ insecureSkipVerify:
+ description: Disable target certificate validation.
+ type: boolean
+ keySecret:
+ description: Secret containing the client key
+ file for the targets.
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ serverName:
+ description: Used to verify the hostname for the
+ targets.
+ type: string
+ type: object
+ type: object
+ iconEmoji:
+ type: string
+ iconURL:
+ type: string
+ imageURL:
+ type: string
+ linkNames:
+ type: boolean
+ mrkdwnIn:
+ items:
+ type: string
+ type: array
+ pretext:
+ type: string
+ sendResolved:
+ description: Whether or not to notify about resolved alerts.
+ type: boolean
+ shortFields:
+ type: boolean
+ text:
+ type: string
+ thumbURL:
+ type: string
+ title:
+ type: string
+ titleLink:
+ type: string
+ username:
+ type: string
+ type: object
+ type: array
+ snsConfigs:
+ description: List of SNS configurations
+ items:
+ description: SNSConfig configures notifications via AWS SNS.
+ See https://prometheus.io/docs/alerting/latest/configuration/#sns_configs
+ properties:
+ apiURL:
+ description: The SNS API URL i.e. https://sns.us-east-2.amazonaws.com.
+ If not specified, the SNS API URL from the SNS SDK will
+ be used.
+ type: string
+ attributes:
+ additionalProperties:
+ type: string
+ description: SNS message attributes.
+ type: object
+ httpConfig:
+ description: HTTP client configuration.
+ properties:
+ authorization:
+ description: Authorization header configuration for
+ the client. This is mutually exclusive with BasicAuth
+ and is only available starting from Alertmanager
+ v0.22+.
+ properties:
+ credentials:
+ description: The secret's key that contains the
+ credentials of the request
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type:
+ description: Set the authentication type. Defaults
+ to Bearer, Basic will cause an error
+ type: string
+ type: object
+ basicAuth:
+ description: BasicAuth for the client. This is mutually
+ exclusive with Authorization. If both are defined,
+ BasicAuth takes precedence.
+ properties:
+ password:
+ description: The secret in the service monitor
+ namespace that contains the password for authentication.
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ username:
+ description: The secret in the service monitor
+ namespace that contains the username for authentication.
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ bearerTokenSecret:
+ description: The secret's key that contains the bearer
+ token to be used by the client for authentication.
+ The secret needs to be in the same namespace as
+ the AlertmanagerConfig object and accessible by
+ the Prometheus Operator.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ followRedirects:
+ description: FollowRedirects specifies whether the
+ client should follow HTTP 3xx redirects.
+ type: boolean
+ oauth2:
+ description: OAuth2 client credentials used to fetch
+ a token for the targets.
+ properties:
+ clientId:
+ description: The secret or configmap containing
+ the OAuth2 client id
+ properties:
+ configMap:
+ description: ConfigMap containing data to
+ use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use
+ for the targets.
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ clientSecret:
+ description: The secret containing the OAuth2
+ client secret
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ endpointParams:
+ additionalProperties:
+ type: string
+ description: Parameters to append to the token
+ URL
+ type: object
+ scopes:
+ description: OAuth2 scopes used for the token
+ request
+ items:
+ type: string
+ type: array
+ tokenUrl:
+ description: The URL to fetch the token from
+ minLength: 1
+ type: string
+ required:
+ - clientId
+ - clientSecret
+ - tokenUrl
+ type: object
+ proxyURL:
+ description: Optional proxy URL.
+ type: string
+ tlsConfig:
+ description: TLS configuration for the client.
+ properties:
+ ca:
+ description: Struct containing the CA cert to
+ use for the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to
+ use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use
+ for the targets.
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ cert:
+ description: Struct containing the client cert
+ file for the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to
+ use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use
+ for the targets.
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ insecureSkipVerify:
+ description: Disable target certificate validation.
+ type: boolean
+ keySecret:
+ description: Secret containing the client key
+ file for the targets.
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ serverName:
+ description: Used to verify the hostname for the
+ targets.
+ type: string
+ type: object
+ type: object
+ message:
+ description: The message content of the SNS notification.
+ type: string
+ phoneNumber:
+ description: Phone number if message is delivered via
+ SMS in E.164 format. If you don't specify this value,
+ you must specify a value for the TopicARN or TargetARN.
+ type: string
+ sendResolved:
+ description: Whether or not to notify about resolved alerts.
+ type: boolean
+ sigv4:
+ description: Configures AWS's Signature Verification 4
+ signing process to sign requests.
+ properties:
+ accessKey:
+ description: AccessKey is the AWS API key. If blank,
+ the environment variable `AWS_ACCESS_KEY_ID` is
+ used.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ profile:
+ description: Profile is the named AWS profile used
+ to authenticate.
+ type: string
+ region:
+ description: Region is the AWS region. If blank, the
+ region from the default credentials chain used.
+ type: string
+ roleArn:
+ description: RoleArn is the named AWS profile used
+ to authenticate.
+ type: string
+ secretKey:
+ description: SecretKey is the AWS API secret. If blank,
+ the environment variable `AWS_SECRET_ACCESS_KEY`
+ is used.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ subject:
+ description: Subject line when the message is delivered
+ to email endpoints.
+ type: string
+ targetARN:
+ description: The mobile platform endpoint ARN if message
+ is delivered via mobile notifications. If you don't
+ specify this value, you must specify a value for the
+ topic_arn or PhoneNumber.
+ type: string
+ topicARN:
+ description: SNS topic ARN, i.e. arn:aws:sns:us-east-2:698519295917:My-Topic
+ If you don't specify this value, you must specify a
+ value for the PhoneNumber or TargetARN.
+ type: string
+ type: object
+ type: array
+ telegramConfigs:
+ description: List of Telegram configurations.
+ items:
+ description: TelegramConfig configures notifications via Telegram.
+ See https://prometheus.io/docs/alerting/latest/configuration/#telegram_config
+ properties:
+ apiURL:
+ description: The Telegram API URL i.e. https://api.telegram.org.
+ If not specified, default API URL will be used.
+ type: string
+ botToken:
+ description: Telegram bot token The secret needs to be
+ in the same namespace as the AlertmanagerConfig object
+ and accessible by the Prometheus Operator.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ chatID:
+ description: The Telegram chat ID.
+ format: int64
+ type: integer
+ disableNotifications:
+ description: Disable telegram notifications
+ type: boolean
+ httpConfig:
+ description: HTTP client configuration.
+ properties:
+ authorization:
+ description: Authorization header configuration for
+ the client. This is mutually exclusive with BasicAuth
+ and is only available starting from Alertmanager
+ v0.22+.
+ properties:
+ credentials:
+ description: The secret's key that contains the
+ credentials of the request
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type:
+ description: Set the authentication type. Defaults
+ to Bearer, Basic will cause an error
+ type: string
+ type: object
+ basicAuth:
+ description: BasicAuth for the client. This is mutually
+ exclusive with Authorization. If both are defined,
+ BasicAuth takes precedence.
+ properties:
+ password:
+ description: The secret in the service monitor
+ namespace that contains the password for authentication.
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ username:
+ description: The secret in the service monitor
+ namespace that contains the username for authentication.
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ bearerTokenSecret:
+ description: The secret's key that contains the bearer
+ token to be used by the client for authentication.
+ The secret needs to be in the same namespace as
+ the AlertmanagerConfig object and accessible by
+ the Prometheus Operator.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ followRedirects:
+ description: FollowRedirects specifies whether the
+ client should follow HTTP 3xx redirects.
+ type: boolean
+ oauth2:
+ description: OAuth2 client credentials used to fetch
+ a token for the targets.
+ properties:
+ clientId:
+ description: The secret or configmap containing
+ the OAuth2 client id
+ properties:
+ configMap:
+ description: ConfigMap containing data to
+ use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use
+ for the targets.
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ clientSecret:
+ description: The secret containing the OAuth2
+ client secret
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ endpointParams:
+ additionalProperties:
+ type: string
+ description: Parameters to append to the token
+ URL
+ type: object
+ scopes:
+ description: OAuth2 scopes used for the token
+ request
+ items:
+ type: string
+ type: array
+ tokenUrl:
+ description: The URL to fetch the token from
+ minLength: 1
+ type: string
+ required:
+ - clientId
+ - clientSecret
+ - tokenUrl
+ type: object
+ proxyURL:
+ description: Optional proxy URL.
+ type: string
+ tlsConfig:
+ description: TLS configuration for the client.
+ properties:
+ ca:
+ description: Struct containing the CA cert to
+ use for the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to
+ use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use
+ for the targets.
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ cert:
+ description: Struct containing the client cert
+ file for the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to
+ use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use
+ for the targets.
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ insecureSkipVerify:
+ description: Disable target certificate validation.
+ type: boolean
+ keySecret:
+ description: Secret containing the client key
+ file for the targets.
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ serverName:
+ description: Used to verify the hostname for the
+ targets.
+ type: string
+ type: object
+ type: object
+ message:
+ description: Message template
+ type: string
+ parseMode:
+ description: Parse mode for telegram message
+ enum:
+ - MarkdownV2
+ - Markdown
+ - HTML
+ type: string
+ sendResolved:
+ description: Whether to notify about resolved alerts.
+ type: boolean
+ type: object
+ type: array
+ victoropsConfigs:
+ description: List of VictorOps configurations.
+ items:
+ description: VictorOpsConfig configures notifications via
+ VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config
+ properties:
+ apiKey:
+ description: The secret's key that contains the API key
+ to use when talking to the VictorOps API. The secret
+ needs to be in the same namespace as the AlertmanagerConfig
+ object and accessible by the Prometheus Operator.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ apiUrl:
+ description: The VictorOps API URL.
+ type: string
+ customFields:
+ description: Additional custom fields for notification.
+ items:
+ description: KeyValue defines a (key, value) tuple.
+ properties:
+ key:
+ description: Key of the tuple.
+ minLength: 1
+ type: string
+ value:
+ description: Value of the tuple.
+ type: string
+ required:
+ - key
+ - value
+ type: object
+ type: array
+ entityDisplayName:
+ description: Contains summary of the alerted problem.
+ type: string
+ httpConfig:
+ description: The HTTP client's configuration.
+ properties:
+ authorization:
+ description: Authorization header configuration for
+ the client. This is mutually exclusive with BasicAuth
+ and is only available starting from Alertmanager
+ v0.22+.
+ properties:
+ credentials:
+ description: The secret's key that contains the
+ credentials of the request
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type:
+ description: Set the authentication type. Defaults
+ to Bearer, Basic will cause an error
+ type: string
+ type: object
+ basicAuth:
+ description: BasicAuth for the client. This is mutually
+ exclusive with Authorization. If both are defined,
+ BasicAuth takes precedence.
+ properties:
+ password:
+ description: The secret in the service monitor
+ namespace that contains the password for authentication.
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ username:
+ description: The secret in the service monitor
+ namespace that contains the username for authentication.
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ bearerTokenSecret:
+ description: The secret's key that contains the bearer
+ token to be used by the client for authentication.
+ The secret needs to be in the same namespace as
+ the AlertmanagerConfig object and accessible by
+ the Prometheus Operator.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ followRedirects:
+ description: FollowRedirects specifies whether the
+ client should follow HTTP 3xx redirects.
+ type: boolean
+ oauth2:
+ description: OAuth2 client credentials used to fetch
+ a token for the targets.
+ properties:
+ clientId:
+ description: The secret or configmap containing
+ the OAuth2 client id
+ properties:
+ configMap:
+ description: ConfigMap containing data to
+ use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use
+ for the targets.
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ clientSecret:
+ description: The secret containing the OAuth2
+ client secret
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ endpointParams:
+ additionalProperties:
+ type: string
+ description: Parameters to append to the token
+ URL
+ type: object
+ scopes:
+ description: OAuth2 scopes used for the token
+ request
+ items:
+ type: string
+ type: array
+ tokenUrl:
+ description: The URL to fetch the token from
+ minLength: 1
+ type: string
+ required:
+ - clientId
+ - clientSecret
+ - tokenUrl
+ type: object
+ proxyURL:
+ description: Optional proxy URL.
+ type: string
+ tlsConfig:
+ description: TLS configuration for the client.
+ properties:
+ ca:
+ description: Struct containing the CA cert to
+ use for the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to
+ use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use
+ for the targets.
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ cert:
+ description: Struct containing the client cert
+ file for the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to
+ use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use
+ for the targets.
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ insecureSkipVerify:
+ description: Disable target certificate validation.
+ type: boolean
+ keySecret:
+ description: Secret containing the client key
+ file for the targets.
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ serverName:
+ description: Used to verify the hostname for the
+ targets.
+ type: string
+ type: object
+ type: object
+ messageType:
+ description: Describes the behavior of the alert (CRITICAL,
+ WARNING, INFO).
+ type: string
+ monitoringTool:
+ description: The monitoring tool the state message is
+ from.
+ type: string
+ routingKey:
+ description: A key used to map the alert to a team.
+ type: string
+ sendResolved:
+ description: Whether or not to notify about resolved alerts.
+ type: boolean
+ stateMessage:
+ description: Contains long explanation of the alerted
+ problem.
+ type: string
+ type: object
+ type: array
+ webhookConfigs:
+ description: List of webhook configurations.
+ items:
+ description: WebhookConfig configures notifications via a
+ generic receiver supporting the webhook payload. See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config
+ properties:
+ httpConfig:
+ description: HTTP client configuration.
+ properties:
+ authorization:
+ description: Authorization header configuration for
+ the client. This is mutually exclusive with BasicAuth
+ and is only available starting from Alertmanager
+ v0.22+.
+ properties:
+ credentials:
+ description: The secret's key that contains the
+ credentials of the request
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type:
+ description: Set the authentication type. Defaults
+ to Bearer, Basic will cause an error
+ type: string
+ type: object
+ basicAuth:
+ description: BasicAuth for the client. This is mutually
+ exclusive with Authorization. If both are defined,
+ BasicAuth takes precedence.
+ properties:
+ password:
+ description: The secret in the service monitor
+ namespace that contains the password for authentication.
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ username:
+ description: The secret in the service monitor
+ namespace that contains the username for authentication.
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ bearerTokenSecret:
+ description: The secret's key that contains the bearer
+ token to be used by the client for authentication.
+ The secret needs to be in the same namespace as
+ the AlertmanagerConfig object and accessible by
+ the Prometheus Operator.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ followRedirects:
+ description: FollowRedirects specifies whether the
+ client should follow HTTP 3xx redirects.
+ type: boolean
+ oauth2:
+ description: OAuth2 client credentials used to fetch
+ a token for the targets.
+ properties:
+ clientId:
+ description: The secret or configmap containing
+ the OAuth2 client id
+ properties:
+ configMap:
+ description: ConfigMap containing data to
+ use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use
+ for the targets.
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ clientSecret:
+ description: The secret containing the OAuth2
+ client secret
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ endpointParams:
+ additionalProperties:
+ type: string
+ description: Parameters to append to the token
+ URL
+ type: object
+ scopes:
+ description: OAuth2 scopes used for the token
+ request
+ items:
+ type: string
+ type: array
+ tokenUrl:
+ description: The URL to fetch the token from
+ minLength: 1
+ type: string
+ required:
+ - clientId
+ - clientSecret
+ - tokenUrl
+ type: object
+ proxyURL:
+ description: Optional proxy URL.
+ type: string
+ tlsConfig:
+ description: TLS configuration for the client.
+ properties:
+ ca:
+ description: Struct containing the CA cert to
+ use for the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to
+ use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use
+ for the targets.
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ cert:
+ description: Struct containing the client cert
+ file for the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to
+ use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use
+ for the targets.
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ insecureSkipVerify:
+ description: Disable target certificate validation.
+ type: boolean
+ keySecret:
+ description: Secret containing the client key
+ file for the targets.
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ serverName:
+ description: Used to verify the hostname for the
+ targets.
+ type: string
+ type: object
+ type: object
+ maxAlerts:
+ description: Maximum number of alerts to be sent per webhook
+ message. When 0, all alerts are included.
+ format: int32
+ minimum: 0
+ type: integer
+ sendResolved:
+ description: Whether or not to notify about resolved alerts.
+ type: boolean
+ url:
+ description: The URL to send HTTP POST requests to. `urlSecret`
+ takes precedence over `url`. One of `urlSecret` and
+ `url` should be defined.
+ type: string
+ urlSecret:
+ description: The secret's key that contains the webhook
+ URL to send HTTP requests to. `urlSecret` takes precedence
+ over `url`. One of `urlSecret` and `url` should be defined.
+ The secret needs to be in the same namespace as the
+ AlertmanagerConfig object and accessible by the Prometheus
+ Operator.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ type: array
+ wechatConfigs:
+ description: List of WeChat configurations.
+ items:
+ description: WeChatConfig configures notifications via WeChat.
+ See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config
+ properties:
+ agentID:
+ type: string
+ apiSecret:
+ description: The secret's key that contains the WeChat
+ API key. The secret needs to be in the same namespace
+ as the AlertmanagerConfig object and accessible by the
+ Prometheus Operator.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ apiURL:
+ description: The WeChat API URL.
+ type: string
+ corpID:
+ description: The corp id for authentication.
+ type: string
+ httpConfig:
+ description: HTTP client configuration.
+ properties:
+ authorization:
+ description: Authorization header configuration for
+ the client. This is mutually exclusive with BasicAuth
+ and is only available starting from Alertmanager
+ v0.22+.
+ properties:
+ credentials:
+ description: The secret's key that contains the
+ credentials of the request
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type:
+ description: Set the authentication type. Defaults
+ to Bearer, Basic will cause an error
+ type: string
+ type: object
+ basicAuth:
+ description: BasicAuth for the client. This is mutually
+ exclusive with Authorization. If both are defined,
+ BasicAuth takes precedence.
+ properties:
+ password:
+ description: The secret in the service monitor
+ namespace that contains the password for authentication.
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ username:
+ description: The secret in the service monitor
+ namespace that contains the username for authentication.
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ bearerTokenSecret:
+ description: The secret's key that contains the bearer
+ token to be used by the client for authentication.
+ The secret needs to be in the same namespace as
+ the AlertmanagerConfig object and accessible by
+ the Prometheus Operator.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ followRedirects:
+ description: FollowRedirects specifies whether the
+ client should follow HTTP 3xx redirects.
+ type: boolean
+ oauth2:
+ description: OAuth2 client credentials used to fetch
+ a token for the targets.
+ properties:
+ clientId:
+ description: The secret or configmap containing
+ the OAuth2 client id
+ properties:
+ configMap:
+ description: ConfigMap containing data to
+ use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use
+ for the targets.
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ clientSecret:
+ description: The secret containing the OAuth2
+ client secret
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ endpointParams:
+ additionalProperties:
+ type: string
+ description: Parameters to append to the token
+ URL
+ type: object
+ scopes:
+ description: OAuth2 scopes used for the token
+ request
+ items:
+ type: string
+ type: array
+ tokenUrl:
+ description: The URL to fetch the token from
+ minLength: 1
+ type: string
+ required:
+ - clientId
+ - clientSecret
+ - tokenUrl
+ type: object
+ proxyURL:
+ description: Optional proxy URL.
+ type: string
+ tlsConfig:
+ description: TLS configuration for the client.
+ properties:
+ ca:
+ description: Struct containing the CA cert to
+ use for the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to
+ use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use
+ for the targets.
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ cert:
+ description: Struct containing the client cert
+ file for the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to
+ use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use
+ for the targets.
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ insecureSkipVerify:
+ description: Disable target certificate validation.
+ type: boolean
+ keySecret:
+ description: Secret containing the client key
+ file for the targets.
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ serverName:
+ description: Used to verify the hostname for the
+ targets.
+ type: string
+ type: object
+ type: object
+ message:
+ description: API request data as defined by the WeChat
+ API.
+ type: string
+ messageType:
+ type: string
+ sendResolved:
+ description: Whether or not to notify about resolved alerts.
+ type: boolean
+ toParty:
+ type: string
+ toTag:
+ type: string
+ toUser:
+ type: string
+ type: object
+ type: array
+ required:
+ - name
+ type: object
+ type: array
+ route:
+ description: The Alertmanager route definition for alerts matching
+ the resource's namespace. If present, it will be added to the generated
+ Alertmanager configuration as a first-level route.
+ properties:
+ continue:
+ description: Boolean indicating whether an alert should continue
+ matching subsequent sibling nodes. It will always be overridden
+ to true for the first-level route by the Prometheus operator.
+ type: boolean
+ groupBy:
+ description: List of labels to group by. Labels must not be repeated
+ (unique list). Special label "..." (aggregate by all possible
+ labels), if provided, must be the only element in the list.
+ items:
+ type: string
+ type: array
+ groupInterval:
+ description: 'How long to wait before sending an updated notification.
+ Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$`
+ Example: "5m"'
+ type: string
+ groupWait:
+ description: 'How long to wait before sending the initial notification.
+ Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$`
+ Example: "30s"'
+ type: string
+ matchers:
+ description: 'List of matchers that the alert''s labels should
+ match. For the first level route, the operator removes any existing
+ equality and regexp matcher on the `namespace` label and adds
+ a `namespace: <object namespace>` matcher.'
+ items:
+ description: Matcher defines how to match on alert's labels.
+ properties:
+ matchType:
+ description: Match operation available with AlertManager
+ >= v0.22.0 and takes precedence over Regex (deprecated)
+ if non-empty.
+ enum:
+ - '!='
+ - =
+ - =~
+ - '!~'
+ type: string
+ name:
+ description: Label to match.
+ minLength: 1
+ type: string
+ regex:
+ description: Whether to match on equality (false) or regular-expression
+ (true). Deprecated as of AlertManager >= v0.22.0 where
+ a user should use MatchType instead.
+ type: boolean
+ value:
+ description: Label value to match.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ muteTimeIntervals:
+ description: 'Note: this comment applies to the field definition
+ above but appears below otherwise it gets included in the generated
+ manifest. CRD schema doesn''t support self-referential types
+ for now (see https://github.com/kubernetes/kubernetes/issues/62872).
+ We have to use an alternative type to circumvent the limitation.
+ The downside is that the Kube API can''t validate the data beyond
+ the fact that it is a valid JSON representation. MuteTimeIntervals
+ is a list of MuteTimeInterval names that will mute this route
+ when matched,'
+ items:
+ type: string
+ type: array
+ receiver:
+ description: Name of the receiver for this route. If not empty,
+ it should be listed in the `receivers` field.
+ type: string
+ repeatInterval:
+ description: 'How long to wait before repeating the last notification.
+ Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$`
+ Example: "4h"'
+ type: string
+ routes:
+ description: Child routes.
+ items:
+ x-kubernetes-preserve-unknown-fields: true
+ type: array
+ type: object
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
diff --git a/charts/kube-prometheus-stack/crds/crd-alertmanagers.yaml b/charts/kube-prometheus-stack/crds/crd-alertmanagers.yaml
new file mode 100644
index 0000000..06457f0
--- /dev/null
+++ b/charts/kube-prometheus-stack/crds/crd-alertmanagers.yaml
@@ -0,0 +1,6834 @@
+# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.9.2
+ creationTimestamp: null
+ name: alertmanagers.monitoring.coreos.com
+spec:
+ group: monitoring.coreos.com
+ names:
+ categories:
+ - prometheus-operator
+ kind: Alertmanager
+ listKind: AlertmanagerList
+ plural: alertmanagers
+ shortNames:
+ - am
+ singular: alertmanager
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: The version of Alertmanager
+ jsonPath: .spec.version
+ name: Version
+ type: string
+ - description: The number of desired replicas
+ jsonPath: .spec.replicas
+ name: Replicas
+ type: integer
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - description: Whether the resource reconciliation is paused or not
+ jsonPath: .status.paused
+ name: Paused
+ priority: 1
+ type: boolean
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: Alertmanager describes an Alertmanager cluster.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: 'Specification of the desired behavior of the Alertmanager
+ cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+ properties:
+ additionalPeers:
+ description: AdditionalPeers allows injecting a set of additional
+ Alertmanagers to peer with to form a highly available cluster.
+ items:
+ type: string
+ type: array
+ affinity:
+ description: If specified, the pod's scheduling constraints.
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for the
+ pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the affinity expressions specified by
+ this field, but it may choose a node that violates one or
+ more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node matches
+ the corresponding matchExpressions; the node(s) with the
+ highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term matches
+ all objects with implicit weight 0 (i.e. it's a no-op).
+ A null preferred scheduling term matches no objects (i.e.
+ is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with the
+ corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching the corresponding
+ nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this
+ field are not met at scheduling time, the pod will not be
+ scheduled onto the node. If the affinity requirements specified
+ by this field cease to be met at some point during pod execution
+ (e.g. due to an update), the system may or may not try to
+ eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: A null or empty node selector term matches
+ no objects. The requirements of them are ANDed. The
+ TopologySelectorTerm type implements a subset of the
+ NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g. co-locate
+ this pod in the same node, zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the affinity expressions specified by
+ this field, but it may choose a node that violates one or
+ more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node has
+ pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding
+ podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this
+ field are not met at scheduling time, the pod will not be
+ scheduled onto the node. If the affinity requirements specified
+ by this field cease to be met at some point during pod execution
+ (e.g. due to a pod label update), the system may or may
+ not try to eventually evict the pod from its node. When
+ there are multiple elements, the lists of nodes corresponding
+ to each podAffinityTerm are intersected, i.e. all terms
+ must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not co-located
+ (anti-affinity) with, where co-located is defined as running
+ on a node whose value of the label with key <topologyKey>
+ matches that of any node on which a pod of the set of
+ pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied to the
+ union of the namespaces selected by this field and
+ the ones listed in the namespaces field. null selector
+ and null or empty namespaces list means "this pod's
+ namespace". An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list of namespace
+ names that the term applies to. The term is applied
+ to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector. null or
+ empty namespaces list and null namespaceSelector means
+ "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where
+ co-located is defined as running on a node whose value
+ of the label with key topologyKey matches that of
+ any node on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules (e.g.
+ avoid putting this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the anti-affinity expressions specified
+ by this field, but it may choose a node that violates one
+ or more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node has
+ pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding
+ podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the anti-affinity requirements
+ specified by this field cease to be met at some point during
+ pod execution (e.g. due to a pod label update), the system
+ may or may not try to eventually evict the pod from its
+ node. When there are multiple elements, the lists of nodes
+ corresponding to each podAffinityTerm are intersected, i.e.
+ all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not co-located
+ (anti-affinity) with, where co-located is defined as running
+ on a node whose value of the label with key <topologyKey>
+ matches that of any node on which a pod of the set of
+ pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied to the
+ union of the namespaces selected by this field and
+ the ones listed in the namespaces field. null selector
+ and null or empty namespaces list means "this pod's
+ namespace". An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list of namespace
+ names that the term applies to. The term is applied
+ to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector. null or
+ empty namespaces list and null namespaceSelector means
+ "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where
+ co-located is defined as running on a node whose value
+ of the label with key topologyKey matches that of
+ any node on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ alertmanagerConfigNamespaceSelector:
+ description: Namespaces to be selected for AlertmanagerConfig discovery.
+ If nil, only check own namespace.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ alertmanagerConfigSelector:
+ description: AlertmanagerConfigs to be selected for to merge and configure
+ Alertmanager with.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ alertmanagerConfiguration:
+ description: 'EXPERIMENTAL: alertmanagerConfiguration specifies the
+ configuration of Alertmanager. If defined, it takes precedence over
+ the `configSecret` field. This field may change in future releases.'
+ properties:
+ global:
+ description: Defines the global parameters of the Alertmanager
+ configuration.
+ properties:
+ httpConfig:
+ description: HTTP client configuration.
+ properties:
+ authorization:
+ description: Authorization header configuration for the
+ client. This is mutually exclusive with BasicAuth and
+ is only available starting from Alertmanager v0.22+.
+ properties:
+ credentials:
+ description: The secret's key that contains the credentials
+ of the request
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type:
+ description: Set the authentication type. Defaults
+ to Bearer, Basic will cause an error
+ type: string
+ type: object
+ basicAuth:
+ description: BasicAuth for the client. This is mutually
+ exclusive with Authorization. If both are defined, BasicAuth
+ takes precedence.
+ properties:
+ password:
+ description: The secret in the service monitor namespace
+ that contains the password for authentication.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ username:
+ description: The secret in the service monitor namespace
+ that contains the username for authentication.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ bearerTokenSecret:
+ description: The secret's key that contains the bearer
+ token to be used by the client for authentication. The
+ secret needs to be in the same namespace as the Alertmanager
+ object and accessible by the Prometheus Operator.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ followRedirects:
+ description: FollowRedirects specifies whether the client
+ should follow HTTP 3xx redirects.
+ type: boolean
+ oauth2:
+ description: OAuth2 client credentials used to fetch a
+ token for the targets.
+ properties:
+ clientId:
+ description: The secret or configmap containing the
+ OAuth2 client id
+ properties:
+ configMap:
+ description: ConfigMap containing data to use
+ for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for
+ the targets.
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ clientSecret:
+ description: The secret containing the OAuth2 client
+ secret
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ endpointParams:
+ additionalProperties:
+ type: string
+ description: Parameters to append to the token URL
+ type: object
+ scopes:
+ description: OAuth2 scopes used for the token request
+ items:
+ type: string
+ type: array
+ tokenUrl:
+ description: The URL to fetch the token from
+ minLength: 1
+ type: string
+ required:
+ - clientId
+ - clientSecret
+ - tokenUrl
+ type: object
+ proxyURL:
+ description: Optional proxy URL.
+ type: string
+ tlsConfig:
+ description: TLS configuration for the client.
+ properties:
+ ca:
+ description: Struct containing the CA cert to use
+ for the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use
+ for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for
+ the targets.
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ cert:
+ description: Struct containing the client cert file
+ for the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use
+ for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for
+ the targets.
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ insecureSkipVerify:
+ description: Disable target certificate validation.
+ type: boolean
+ keySecret:
+ description: Secret containing the client key file
+ for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ serverName:
+ description: Used to verify the hostname for the targets.
+ type: string
+ type: object
+ type: object
+ resolveTimeout:
+ description: ResolveTimeout is the default value used by alertmanager
+ if the alert does not include EndsAt, after this time passes
+ it can declare the alert as resolved if it has not been
+ updated. This has no impact on alerts from Prometheus, as
+ they always include EndsAt.
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
+ type: string
+ type: object
+ name:
+ description: The name of the AlertmanagerConfig resource which
+ is used to generate the Alertmanager configuration. It must
+ be defined in the same namespace as the Alertmanager object.
+ The operator will not enforce a `namespace` label for routes
+ and inhibition rules.
+ minLength: 1
+ type: string
+ templates:
+ description: Custom notification templates.
+ items:
+ description: SecretOrConfigMap allows to specify data as a Secret
+ or ConfigMap. Fields are mutually exclusive.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ type: object
+ baseImage:
+ description: 'Base image that is used to deploy pods, without tag.
+ Deprecated: use ''image'' instead'
+ type: string
+ clusterAdvertiseAddress:
+ description: 'ClusterAdvertiseAddress is the explicit address to advertise
+ in cluster. Needs to be provided for non RFC1918 [1] (public) addresses.
+ [1] RFC1918: https://tools.ietf.org/html/rfc1918'
+ type: string
+ clusterGossipInterval:
+ description: Interval between gossip attempts.
+ pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
+ type: string
+ clusterPeerTimeout:
+ description: Timeout for cluster peering.
+ pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
+ type: string
+ clusterPushpullInterval:
+ description: Interval between pushpull attempts.
+ pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
+ type: string
+ configMaps:
+ description: ConfigMaps is a list of ConfigMaps in the same namespace
+ as the Alertmanager object, which shall be mounted into the Alertmanager
+ Pods. Each ConfigMap is added to the StatefulSet definition as a
+ volume named `configmap-<configmap-name>`. The ConfigMaps are mounted
+ into `/etc/alertmanager/configmaps/<configmap-name>` in the 'alertmanager'
+ container.
+ items:
+ type: string
+ type: array
+ configSecret:
+ description: "ConfigSecret is the name of a Kubernetes Secret in the
+ same namespace as the Alertmanager object, which contains the configuration
+ for this Alertmanager instance. If empty, it defaults to `alertmanager-<alertmanager-name>`.
+ \n The Alertmanager configuration should be available under the
+ `alertmanager.yaml` key. Additional keys from the original secret
+ are copied to the generated secret. \n If either the secret or the
+ `alertmanager.yaml` key is missing, the operator provisions an Alertmanager
+ configuration with one empty receiver (effectively dropping alert
+ notifications)."
+ type: string
+ containers:
+ description: 'Containers allows injecting additional containers. This
+ is meant to allow adding an authentication proxy to an Alertmanager
+ pod. Containers described here modify an operator generated container
+ if they share the same name and modifications are done via a strategic
+ merge patch. The current container names are: `alertmanager` and
+ `config-reloader`. Overriding containers is entirely outside the
+ scope of what the maintainers will support and by doing so, you
+ accept that this behaviour may break at any time without notice.'
+ items:
+ description: A single application container that you want to run
+ within a pod.
+ properties:
+ args:
+ description: 'Arguments to the entrypoint. The container image''s
+ CMD is used if this is not provided. Variable references $(VAR_NAME)
+ are expanded using the container''s environment. If a variable
+ cannot be resolved, the reference in the input string will
+ be unchanged. Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references
+ will never be expanded, regardless of whether the variable
+ exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ command:
+ description: 'Entrypoint array. Not executed within a shell.
+ The container image''s ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container''s
+ environment. If a variable cannot be resolved, the reference
+ in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax:
+ i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether
+ the variable exists or not. Cannot be updated. More info:
+ https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be
+ a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in
+ the container and any service environment variables.
+ If a variable cannot be resolved, the reference in the
+ input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists
+ or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: 'Selects a field of the pod: supports
+ metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
+ `metadata.annotations[''<KEY>'']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: List of sources to populate environment variables
+ in the container. The keys defined within a source must be
+ a C_IDENTIFIER. All invalid keys will be reported as an event
+ when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take
+ precedence. Values defined by an Env with a duplicate key
+ will take precedence. Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of a set
+ of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must be
+ defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend to each
+ key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management
+ to default or override container images in workload controllers
+ like Deployments and StatefulSets.'
+ type: string
+ imagePullPolicy:
+ description: 'Image pull policy. One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent
+ otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
+ type: string
+ lifecycle:
+ description: Actions that the management system should take
+ in response to container lifecycle events. Cannot be updated.
+ properties:
+ postStart:
+ description: 'PostStart is called immediately after a container
+ is created. If the handler fails, the container is terminated
+ and restarted according to its restart policy. Other management
+ of the container blocks until the hook completes. More
+ info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: 'PreStop is called immediately before a container
+ is terminated due to an API request or management event
+ such as liveness/startup probe failure, preemption, resource
+ contention, etc. The handler is not called if the container
+ crashes or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the container
+ will eventually terminate within the Pod''s termination
+ grace period (unless delayed by finalizers). Other management
+ of the container blocks until the hook completes or until
+ the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: 'Periodic probe of container liveness. Container
+ will be restarted if the probe fails. Cannot be updated. More
+ info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: List of ports to expose from the container. Not
+ specifying a port here DOES NOT prevent that port from being
+ exposed. Any port which is listening on the default "0.0.0.0"
+ address inside a container will be accessible from the network.
+ Modifying this array with strategic merge patch may corrupt
+ the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network port in a
+ single container.
+ properties:
+ containerPort:
+ description: Number of port to expose on the pod's IP
+ address. This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external port to.
+ type: string
+ hostPort:
+ description: Number of port to expose on the host. If
+ specified, this must be a valid port number, 0 < x <
+ 65536. If HostNetwork is specified, this must match
+ ContainerPort. Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: If specified, this must be an IANA_SVC_NAME
+ and unique within the pod. Each named port in a pod
+ must have a unique name. Name for the port that can
+ be referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: 'Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe
+ fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: 'Compute Resources required by this container.
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: 'SecurityContext defines the security options the
+ container should be run with. If set, the fields of SecurityContext
+ override the equivalent fields of PodSecurityContext. More
+ info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether
+ a process can gain more privileges than its parent process.
+ This bool directly controls if the no_new_privs flag will
+ be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by
+ the container runtime. Note that this field cannot be
+ set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent to
+ root on the host. Defaults to false. Note that this field
+ cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to
+ use for the containers. The default is DefaultProcMount
+ which uses the container runtime defaults for readonly
+ paths and masked paths. This requires the ProcMountType
+ feature flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root
+ filesystem. Default is false. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a
+ non-root user. If true, the Kubelet will validate the
+ image at runtime to ensure that it does not run as UID
+ 0 (root) and fail to start the container if it does. If
+ unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata
+ if unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a
+ random SELinux context for each container. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container.
+ If seccomp options are provided at both the pod & container
+ level, the container options override the pod options.
+ Note that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile
+ must be preconfigured on the node to work. Must be
+ a descending path, relative to the kubelet's configured
+ seccomp profile location. Must only be set if type
+ is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost -
+ a profile defined in a file on the node should be
+ used. RuntimeDefault - the container runtime default
+ profile should be used. Unconfined - no profile should
+ be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options from the PodSecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. This field is
+ alpha-level and will only be honored by components
+ that enable the WindowsHostProcessContainers feature
+ flag. Setting this field without the feature flag
+ will result in errors when validating the Pod. All
+ of a Pod's containers must have the same effective
+ HostProcess value (it is not allowed to have a mix
+ of HostProcess containers and non-HostProcess containers). In
+ addition, if HostProcess is true then HostNetwork
+ must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: 'StartupProbe indicates that the Pod has successfully
+ initialized. If specified, no other probes are executed until
+ this completes successfully. If this probe fails, the Pod
+ will be restarted, just as if the livenessProbe failed. This
+ can be used to provide different probe parameters at the beginning
+ of a Pod''s lifecycle, when it might take a long time to load
+ data or warm a cache, than during steady-state operation.
+ This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: Whether this container should allocate a buffer
+ for stdin in the container runtime. If this is not set, reads
+ from stdin in the container will always result in EOF. Default
+ is false.
+ type: boolean
+ stdinOnce:
+ description: Whether the container runtime should close the
+ stdin channel after it has been opened by a single attach.
+ When stdin is true the stdin stream will remain open across
+ multiple attach sessions. If stdinOnce is set to true, stdin
+ is opened on container start, is empty until the first client
+ attaches to stdin, and then remains open and accepts data
+ until the client disconnects, at which time stdin is closed
+ and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin
+ will never receive an EOF. Default is false
+ type: boolean
+ terminationMessagePath:
+ description: 'Optional: Path at which the file to which the
+ container''s termination message will be written is mounted
+ into the container''s filesystem. Message written is intended
+ to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes.
+ The total message length across all containers will be limited
+ to 12kb. Defaults to /dev/termination-log. Cannot be updated.'
+ type: string
+ terminationMessagePolicy:
+ description: Indicate how the termination message should be
+ populated. File will use the contents of terminationMessagePath
+ to populate the container status message on both success and
+ failure. FallbackToLogsOnError will use the last chunk of
+ container log output if the termination message file is empty
+ and the container exited with an error. The log output is
+ limited to 2048 bytes or 80 lines, whichever is smaller. Defaults
+ to File. Cannot be updated.
+ type: string
+ tty:
+ description: Whether this container should allocate a TTY for
+ itself, also requires 'stdin' to be true. Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices to be
+ used by the container.
+ items:
+ description: volumeDevice describes a mapping of a raw block
+ device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside of the container
+ that the device will be mapped to.
+ type: string
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a Volume
+ within a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume
+ should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are
+ propagated from the host to container and the other
+ way around. When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves similarly
+ to SubPath but environment variable references $(VAR_NAME)
+ are expanded using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath are mutually
+ exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: Container's working directory. If not specified,
+ the container runtime's default will be used, which might
+ be configured in the container image. Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ externalUrl:
+ description: The external URL the Alertmanager instances will be available
+ under. This is necessary to generate correct URLs. This is necessary
+ if Alertmanager is not served from root of a DNS name.
+ type: string
+ forceEnableClusterMode:
+ description: ForceEnableClusterMode ensures Alertmanager does not
+ deactivate the cluster mode when running with a single replica.
+ Use case is e.g. spanning an Alertmanager cluster across Kubernetes
+ clusters with a single replica in each.
+ type: boolean
+ hostAliases:
+ description: Pods' hostAliases configuration
+ items:
+ description: HostAlias holds the mapping between IP and hostnames
+ that will be injected as an entry in the pod's hosts file.
+ properties:
+ hostnames:
+ description: Hostnames for the above IP address.
+ items:
+ type: string
+ type: array
+ ip:
+ description: IP address of the host file entry.
+ type: string
+ required:
+ - hostnames
+ - ip
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - ip
+ x-kubernetes-list-type: map
+ image:
+ description: Image if specified has precedence over baseImage, tag
+ and sha combinations. Specifying the version is still necessary
+ to ensure the Prometheus Operator knows what version of Alertmanager
+ is being configured.
+ type: string
+ imagePullSecrets:
+ description: An optional list of references to secrets in the same
+ namespace to use for pulling prometheus and alertmanager images
+ from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod
+ items:
+ description: LocalObjectReference contains enough information to
+ let you locate the referenced object inside the same namespace.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ initContainers:
+ description: 'InitContainers allows adding initContainers to the pod
+ definition. Those can be used to e.g. fetch secrets for injection
+ into the Alertmanager configuration from external sources. Any errors
+ during the execution of an initContainer will lead to a restart
+ of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+ Using initContainers for any use case other then secret fetching
+ is entirely outside the scope of what the maintainers will support
+ and by doing so, you accept that this behaviour may break at any
+ time without notice.'
+ items:
+ description: A single application container that you want to run
+ within a pod.
+ properties:
+ args:
+ description: 'Arguments to the entrypoint. The container image''s
+ CMD is used if this is not provided. Variable references $(VAR_NAME)
+ are expanded using the container''s environment. If a variable
+ cannot be resolved, the reference in the input string will
+ be unchanged. Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references
+ will never be expanded, regardless of whether the variable
+ exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ command:
+ description: 'Entrypoint array. Not executed within a shell.
+ The container image''s ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container''s
+ environment. If a variable cannot be resolved, the reference
+ in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax:
+ i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether
+ the variable exists or not. Cannot be updated. More info:
+ https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be
+ a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in
+ the container and any service environment variables.
+ If a variable cannot be resolved, the reference in the
+ input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists
+ or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: 'Selects a field of the pod: supports
+ metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
+ `metadata.annotations[''<KEY>'']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: List of sources to populate environment variables
+ in the container. The keys defined within a source must be
+ a C_IDENTIFIER. All invalid keys will be reported as an event
+ when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take
+ precedence. Values defined by an Env with a duplicate key
+ will take precedence. Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of a set
+ of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must be
+ defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend to each
+ key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management
+ to default or override container images in workload controllers
+ like Deployments and StatefulSets.'
+ type: string
+ imagePullPolicy:
+ description: 'Image pull policy. One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent
+ otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
+ type: string
+ lifecycle:
+ description: Actions that the management system should take
+ in response to container lifecycle events. Cannot be updated.
+ properties:
+ postStart:
+ description: 'PostStart is called immediately after a container
+ is created. If the handler fails, the container is terminated
+ and restarted according to its restart policy. Other management
+ of the container blocks until the hook completes. More
+ info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: 'PreStop is called immediately before a container
+ is terminated due to an API request or management event
+ such as liveness/startup probe failure, preemption, resource
+ contention, etc. The handler is not called if the container
+ crashes or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the container
+ will eventually terminate within the Pod''s termination
+ grace period (unless delayed by finalizers). Other management
+ of the container blocks until the hook completes or until
+ the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: 'Periodic probe of container liveness. Container
+ will be restarted if the probe fails. Cannot be updated. More
+ info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: List of ports to expose from the container. Not
+ specifying a port here DOES NOT prevent that port from being
+ exposed. Any port which is listening on the default "0.0.0.0"
+ address inside a container will be accessible from the network.
+ Modifying this array with strategic merge patch may corrupt
+ the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network port in a
+ single container.
+ properties:
+ containerPort:
+ description: Number of port to expose on the pod's IP
+ address. This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external port to.
+ type: string
+ hostPort:
+ description: Number of port to expose on the host. If
+ specified, this must be a valid port number, 0 < x <
+ 65536. If HostNetwork is specified, this must match
+ ContainerPort. Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: If specified, this must be an IANA_SVC_NAME
+ and unique within the pod. Each named port in a pod
+ must have a unique name. Name for the port that can
+ be referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: 'Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe
+ fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: 'Compute Resources required by this container.
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: 'SecurityContext defines the security options the
+ container should be run with. If set, the fields of SecurityContext
+ override the equivalent fields of PodSecurityContext. More
+ info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether
+ a process can gain more privileges than its parent process.
+ This bool directly controls if the no_new_privs flag will
+ be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by
+ the container runtime. Note that this field cannot be
+ set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent to
+ root on the host. Defaults to false. Note that this field
+ cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to
+ use for the containers. The default is DefaultProcMount
+ which uses the container runtime defaults for readonly
+ paths and masked paths. This requires the ProcMountType
+ feature flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root
+ filesystem. Default is false. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a
+ non-root user. If true, the Kubelet will validate the
+ image at runtime to ensure that it does not run as UID
+ 0 (root) and fail to start the container if it does. If
+ unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata
+ if unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a
+ random SELinux context for each container. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container.
+ If seccomp options are provided at both the pod & container
+ level, the container options override the pod options.
+ Note that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile
+ must be preconfigured on the node to work. Must be
+ a descending path, relative to the kubelet's configured
+ seccomp profile location. Must only be set if type
+ is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost -
+ a profile defined in a file on the node should be
+ used. RuntimeDefault - the container runtime default
+ profile should be used. Unconfined - no profile should
+ be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options from the PodSecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. This field is
+ alpha-level and will only be honored by components
+ that enable the WindowsHostProcessContainers feature
+ flag. Setting this field without the feature flag
+ will result in errors when validating the Pod. All
+ of a Pod's containers must have the same effective
+ HostProcess value (it is not allowed to have a mix
+ of HostProcess containers and non-HostProcess containers). In
+ addition, if HostProcess is true then HostNetwork
+ must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: 'StartupProbe indicates that the Pod has successfully
+ initialized. If specified, no other probes are executed until
+ this completes successfully. If this probe fails, the Pod
+ will be restarted, just as if the livenessProbe failed. This
+ can be used to provide different probe parameters at the beginning
+ of a Pod''s lifecycle, when it might take a long time to load
+ data or warm a cache, than during steady-state operation.
+ This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: Whether this container should allocate a buffer
+ for stdin in the container runtime. If this is not set, reads
+ from stdin in the container will always result in EOF. Default
+ is false.
+ type: boolean
+ stdinOnce:
+ description: Whether the container runtime should close the
+ stdin channel after it has been opened by a single attach.
+ When stdin is true the stdin stream will remain open across
+ multiple attach sessions. If stdinOnce is set to true, stdin
+ is opened on container start, is empty until the first client
+ attaches to stdin, and then remains open and accepts data
+ until the client disconnects, at which time stdin is closed
+ and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin
+ will never receive an EOF. Default is false
+ type: boolean
+ terminationMessagePath:
+ description: 'Optional: Path at which the file to which the
+ container''s termination message will be written is mounted
+ into the container''s filesystem. Message written is intended
+ to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes.
+ The total message length across all containers will be limited
+ to 12kb. Defaults to /dev/termination-log. Cannot be updated.'
+ type: string
+ terminationMessagePolicy:
+ description: Indicate how the termination message should be
+ populated. File will use the contents of terminationMessagePath
+ to populate the container status message on both success and
+ failure. FallbackToLogsOnError will use the last chunk of
+ container log output if the termination message file is empty
+ and the container exited with an error. The log output is
+ limited to 2048 bytes or 80 lines, whichever is smaller. Defaults
+ to File. Cannot be updated.
+ type: string
+ tty:
+ description: Whether this container should allocate a TTY for
+ itself, also requires 'stdin' to be true. Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices to be
+ used by the container.
+ items:
+ description: volumeDevice describes a mapping of a raw block
+ device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside of the container
+ that the device will be mapped to.
+ type: string
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a Volume
+ within a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume
+ should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are
+ propagated from the host to container and the other
+ way around. When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves similarly
+ to SubPath but environment variable references $(VAR_NAME)
+ are expanded using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath are mutually
+ exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: Container's working directory. If not specified,
+ the container runtime's default will be used, which might
+ be configured in the container image. Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ listenLocal:
+ description: ListenLocal makes the Alertmanager server listen on loopback,
+ so that it does not bind against the Pod IP. Note this is only for
+ the Alertmanager UI, not the gossip communication.
+ type: boolean
+ logFormat:
+ description: Log format for Alertmanager to be configured with.
+ enum:
+ - ""
+ - logfmt
+ - json
+ type: string
+ logLevel:
+ description: Log level for Alertmanager to be configured with.
+ enum:
+ - ""
+ - debug
+ - info
+ - warn
+ - error
+ type: string
+ minReadySeconds:
+ description: Minimum number of seconds for which a newly created pod
+ should be ready without any of its container crashing for it to
+ be considered available. Defaults to 0 (pod will be considered available
+ as soon as it is ready) This is an alpha field and requires enabling
+ StatefulSetMinReadySeconds feature gate.
+ format: int32
+ type: integer
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: Define which Nodes the Pods are scheduled on.
+ type: object
+ paused:
+ description: If set to true all actions on the underlying managed
+ objects are not goint to be performed, except for delete actions.
+ type: boolean
+ podMetadata:
+ description: PodMetadata configures Labels and Annotations which are
+ propagated to the alertmanager pods.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'Annotations is an unstructured key value map stored
+ with a resource that may be set by external tools to store and
+ retrieve arbitrary metadata. They are not queryable and should
+ be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations'
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: 'Map of string keys and values that can be used to
+ organize and categorize (scope and select) objects. May match
+ selectors of replication controllers and services. More info:
+ http://kubernetes.io/docs/user-guide/labels'
+ type: object
+ name:
+ description: 'Name must be unique within a namespace. Is required
+ when creating resources, although some resources may allow a
+ client to request the generation of an appropriate name automatically.
+ Name is primarily intended for creation idempotence and configuration
+ definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names'
+ type: string
+ type: object
+ portName:
+ description: Port name used for the pods and governing service. This
+ defaults to web
+ type: string
+ priorityClassName:
+ description: Priority class assigned to the Pods
+ type: string
+ replicas:
+ description: Size is the expected size of the alertmanager cluster.
+ The controller will eventually make the size of the running cluster
+ equal to the expected size.
+ format: int32
+ type: integer
+ resources:
+ description: Define resources requests and limits for single Pods.
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute resources
+ allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ retention:
+ default: 120h
+ description: Time duration Alertmanager shall retain data for. Default
+ is '120h', and must match the regular expression `[0-9]+(ms|s|m|h)`
+ (milliseconds seconds minutes hours).
+ pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
+ type: string
+ routePrefix:
+ description: The route prefix Alertmanager registers HTTP handlers
+ for. This is useful, if using ExternalURL and a proxy is rewriting
+ HTTP routes of a request, and the actual ExternalURL is still true,
+ but the server serves requests under a different route prefix. For
+ example for use with `kubectl proxy`.
+ type: string
+ secrets:
+ description: Secrets is a list of Secrets in the same namespace as
+ the Alertmanager object, which shall be mounted into the Alertmanager
+ Pods. Each Secret is added to the StatefulSet definition as a volume
+ named `secret-<secret-name>`. The Secrets are mounted into `/etc/alertmanager/secrets/<secret-name>`
+ in the 'alertmanager' container.
+ items:
+ type: string
+ type: array
+ securityContext:
+ description: SecurityContext holds pod-level security attributes and
+ common container settings. This defaults to the default PodSecurityContext.
+ properties:
+ fsGroup:
+ description: "A special supplemental group that applies to all
+ containers in a pod. Some volume types allow the Kubelet to
+ change the ownership of that volume to be owned by the pod:
+ \n 1. The owning GID will be the FSGroup 2. The setgid bit is
+ set (new files created in the volume will be owned by FSGroup)
+ 3. The permission bits are OR'd with rw-rw---- \n If unset,
+ the Kubelet will not modify the ownership and permissions of
+ any volume. Note that this field cannot be set when spec.os.name
+ is windows."
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: 'fsGroupChangePolicy defines behavior of changing
+ ownership and permission of the volume before being exposed
+ inside Pod. This field will only apply to volume types which
+ support fsGroup based ownership(and permissions). It will have
+ no effect on ephemeral volume types such as: secret, configmaps
+ and emptydir. Valid values are "OnRootMismatch" and "Always".
+ If not specified, "Always" is used. Note that this field cannot
+ be set when spec.os.name is windows.'
+ type: string
+ runAsGroup:
+ description: The GID to run the entrypoint of the container process.
+ Uses runtime default if unset. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root
+ user. If true, the Kubelet will validate the image at runtime
+ to ensure that it does not run as UID 0 (root) and fail to start
+ the container if it does. If unset or false, no such validation
+ will be performed. May also be set in SecurityContext. If set
+ in both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in SecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container. Note that this field cannot
+ be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to all containers.
+ If unspecified, the container runtime will allocate a random
+ SELinux context for each container. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to
+ the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to
+ the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to
+ the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to
+ the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by the containers in this
+ pod. Note that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile must be
+ preconfigured on the node to work. Must be a descending
+ path, relative to the kubelet's configured seccomp profile
+ location. Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost - a profile
+ defined in a file on the node should be used. RuntimeDefault
+ - the container runtime default profile should be used.
+ Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: A list of groups applied to the first process run
+ in each container, in addition to the container's primary GID. If
+ unspecified, no groups will be added to any container. Note
+ that this field cannot be set when spec.os.name is windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ description: Sysctls hold a list of namespaced sysctls used for
+ the pod. Pods with unsupported sysctls (by the container runtime)
+ might fail to launch. Note that this field cannot be set when
+ spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ description: The Windows specific settings applied to all containers.
+ If unspecified, the options within a container's SecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named by
+ the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA
+ credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. This field is alpha-level
+ and will only be honored by components that enable the WindowsHostProcessContainers
+ feature flag. Setting this field without the feature flag
+ will result in errors when validating the Pod. All of a
+ Pod's containers must have the same effective HostProcess
+ value (it is not allowed to have a mix of HostProcess containers
+ and non-HostProcess containers). In addition, if HostProcess
+ is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set in PodSecurityContext.
+ If set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ serviceAccountName:
+ description: ServiceAccountName is the name of the ServiceAccount
+ to use to run the Prometheus Pods.
+ type: string
+ sha:
+ description: 'SHA of Alertmanager container image to be deployed.
+ Defaults to the value of `version`. Similar to a tag, but the SHA
+ explicitly deploys an immutable container image. Version and Tag
+ are ignored if SHA is set. Deprecated: use ''image'' instead. The
+ image digest can be specified as part of the image URL.'
+ type: string
+ storage:
+ description: Storage is the definition of how storage will be used
+ by the Alertmanager instances.
+ properties:
+ disableMountSubPath:
+ description: 'Deprecated: subPath usage will be disabled by default
+ in a future release, this option will become unnecessary. DisableMountSubPath
+ allows to remove any subPath usage in volume mounts.'
+ type: boolean
+ emptyDir:
+ description: 'EmptyDirVolumeSource to be used by the Prometheus
+ StatefulSets. If specified, used in place of any volumeClaimTemplate.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir'
+ properties:
+ medium:
+ description: 'medium represents what type of storage medium
+ should back this directory. The default is "" which means
+ to use the node''s default medium. Must be an empty string
+ (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'sizeLimit is the total amount of local storage
+ required for this EmptyDir volume. The size limit is also
+ applicable for memory medium. The maximum usage on memory
+ medium EmptyDir would be the minimum value between the SizeLimit
+ specified here and the sum of memory limits of all containers
+ in a pod. The default is nil which means that the limit
+ is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: 'EphemeralVolumeSource to be used by the Prometheus
+ StatefulSets. This is a beta field in k8s 1.21, for lower versions,
+ starting with k8s 1.19, it requires enabling the GenericEphemeralVolume
+ feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes'
+ properties:
+ volumeClaimTemplate:
+ description: "Will be used to create a stand-alone PVC to
+ provision the volume. The pod in which this EphemeralVolumeSource
+ is embedded will be the owner of the PVC, i.e. the PVC will
+ be deleted together with the pod. The name of the PVC will
+ be `<pod name>-<volume name>` where `<volume name>` is the
+ name from the `PodSpec.Volumes` array entry. Pod validation
+ will reject the pod if the concatenated name is not valid
+ for a PVC (for example, too long). \n An existing PVC with
+ that name that is not owned by the pod will *not* be used
+ for the pod to avoid using an unrelated volume by mistake.
+ Starting the pod is then blocked until the unrelated PVC
+ is removed. If such a pre-created PVC is meant to be used
+ by the pod, the PVC has to updated with an owner reference
+ to the pod once the pod exists. Normally this should not
+ be necessary, but it may be useful when manually reconstructing
+ a broken cluster. \n This field is read-only and no changes
+ will be made by Kubernetes to the PVC after it has been
+ created. \n Required, must not be nil."
+ properties:
+ metadata:
+ description: May contain labels and annotations that will
+ be copied into the PVC when creating it. No other fields
+ are allowed and will be rejected during validation.
+ type: object
+ spec:
+ description: The specification for the PersistentVolumeClaim.
+ The entire content is copied unchanged into the PVC
+ that gets created from this template. The same fields
+ as in a PersistentVolumeClaim are also valid here.
+ properties:
+ accessModes:
+ description: 'accessModes contains the desired access
+ modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'dataSource field can be used to specify
+ either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim) If the
+ provisioner or an external controller can support
+ the specified data source, it will create a new
+ volume based on the contents of the specified data
+ source. If the AnyVolumeDataSource feature gate
+ is enabled, this field will always have the same
+ contents as the DataSourceRef field.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is
+ required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: 'dataSourceRef specifies the object from
+ which to populate the volume with data, if a non-empty
+ volume is desired. This may be any local object
+ from a non-empty API group (non core object) or
+ a PersistentVolumeClaim object. When this field
+ is specified, volume binding will only succeed if
+ the type of the specified object matches some installed
+ volume populator or dynamic provisioner. This field
+ will replace the functionality of the DataSource
+ field and as such if both fields are non-empty,
+ they must have the same value. For backwards compatibility,
+ both fields (DataSource and DataSourceRef) will
+ be set to the same value automatically if one of
+ them is empty and the other is non-empty. There
+ are two important differences between DataSource
+ and DataSourceRef: * While DataSource only allows
+ two specific types of objects, DataSourceRef allows
+ any non-core object, as well as PersistentVolumeClaim
+ objects. * While DataSource ignores disallowed values
+ (dropping them), DataSourceRef preserves all values,
+ and generates an error if a disallowed value is
+ specified. (Beta) Using this field requires the
+ AnyVolumeDataSource feature gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is
+ required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ resources:
+ description: 'resources represents the minimum resources
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than previous
+ value but must still be higher than capacity recorded
+ in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount
+ of compute resources required. If Requests is
+ omitted for a container, it defaults to Limits
+ if that is explicitly specified, otherwise to
+ an implementation-defined value. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes
+ to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement is
+ a selector that contains values, a key, and
+ an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If
+ the operator is Exists or DoesNotExist,
+ the values array must be empty. This array
+ is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: 'storageClassName is the name of the
+ StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of volume
+ is required by the claim. Value of Filesystem is
+ implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference to
+ the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ volumeClaimTemplate:
+ description: A PVC spec to be used by the Prometheus StatefulSets.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this
+ representation of an object. Servers should convert recognized
+ schemas to the latest internal value, and may reject unrecognized
+ values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST
+ resource this object represents. Servers may infer this
+ from the endpoint the client submits requests to. Cannot
+ be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ description: EmbeddedMetadata contains metadata relevant to
+ an EmbeddedResource.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'Annotations is an unstructured key value
+ map stored with a resource that may be set by external
+ tools to store and retrieve arbitrary metadata. They
+ are not queryable and should be preserved when modifying
+ objects. More info: http://kubernetes.io/docs/user-guide/annotations'
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: 'Map of string keys and values that can be
+ used to organize and categorize (scope and select) objects.
+ May match selectors of replication controllers and services.
+ More info: http://kubernetes.io/docs/user-guide/labels'
+ type: object
+ name:
+ description: 'Name must be unique within a namespace.
+ Is required when creating resources, although some resources
+ may allow a client to request the generation of an appropriate
+ name automatically. Name is primarily intended for creation
+ idempotence and configuration definition. Cannot be
+ updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names'
+ type: string
+ type: object
+ spec:
+ description: 'Spec defines the desired characteristics of
+ a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ accessModes:
+ description: 'accessModes contains the desired access
+ modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'dataSource field can be used to specify
+ either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim) If the provisioner
+ or an external controller can support the specified
+ data source, it will create a new volume based on the
+ contents of the specified data source. If the AnyVolumeDataSource
+ feature gate is enabled, this field will always have
+ the same contents as the DataSourceRef field.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: 'dataSourceRef specifies the object from
+ which to populate the volume with data, if a non-empty
+ volume is desired. This may be any local object from
+ a non-empty API group (non core object) or a PersistentVolumeClaim
+ object. When this field is specified, volume binding
+ will only succeed if the type of the specified object
+ matches some installed volume populator or dynamic provisioner.
+ This field will replace the functionality of the DataSource
+ field and as such if both fields are non-empty, they
+ must have the same value. For backwards compatibility,
+ both fields (DataSource and DataSourceRef) will be set
+ to the same value automatically if one of them is empty
+ and the other is non-empty. There are two important
+ differences between DataSource and DataSourceRef: *
+ While DataSource only allows two specific types of objects,
+ DataSourceRef allows any non-core object, as well as
+ PersistentVolumeClaim objects. * While DataSource ignores
+ disallowed values (dropping them), DataSourceRef preserves
+ all values, and generates an error if a disallowed value
+ is specified. (Beta) Using this field requires the AnyVolumeDataSource
+ feature gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ resources:
+ description: 'resources represents the minimum resources
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify resource
+ requirements that are lower than previous value but
+ must still be higher than capacity recorded in the status
+ field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount
+ of compute resources required. If Requests is omitted
+ for a container, it defaults to Limits if that is
+ explicitly specified, otherwise to an implementation-defined
+ value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes to
+ consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In,
+ NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values
+ array must be non-empty. If the operator is
+ Exists or DoesNotExist, the values array must
+ be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field
+ is "key", the operator is "In", and the values array
+ contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: 'storageClassName is the name of the StorageClass
+ required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of volume is
+ required by the claim. Value of Filesystem is implied
+ when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference to the
+ PersistentVolume backing this claim.
+ type: string
+ type: object
+ status:
+ description: 'Status represents the current information/status
+ of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ accessModes:
+ description: 'accessModes contains the actual access modes
+ the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ allocatedResources:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: allocatedResources is the storage resource
+ within AllocatedResources tracks the capacity allocated
+ to a PVC. It may be larger than the actual capacity
+ when a volume expansion operation is requested. For
+ storage quota, the larger value from allocatedResources
+ and PVC.spec.resources is used. If allocatedResources
+ is not set, PVC.spec.resources alone is used for quota
+ calculation. If a volume expansion capacity request
+ is lowered, allocatedResources is only lowered if there
+ are no expansion operations in progress and if the actual
+ volume capacity is equal or lower than the requested
+ capacity. This is an alpha field and requires enabling
+ RecoverVolumeExpansionFailure feature.
+ type: object
+ capacity:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: capacity represents the actual resources
+ of the underlying volume.
+ type: object
+ conditions:
+ description: conditions is the current Condition of persistent
+ volume claim. If underlying persistent volume is being
+ resized then the Condition will be set to 'ResizeStarted'.
+ items:
+ description: PersistentVolumeClaimCondition contails
+ details about state of pvc
+ properties:
+ lastProbeTime:
+ description: lastProbeTime is the time we probed
+ the condition.
+ format: date-time
+ type: string
+ lastTransitionTime:
+ description: lastTransitionTime is the time the
+ condition transitioned from one status to another.
+ format: date-time
+ type: string
+ message:
+ description: message is the human-readable message
+ indicating details about last transition.
+ type: string
+ reason:
+ description: reason is a unique, this should be
+ a short, machine understandable string that gives
+ the reason for condition's last transition. If
+ it reports "ResizeStarted" that means the underlying
+ persistent volume is being resized.
+ type: string
+ status:
+ type: string
+ type:
+ description: PersistentVolumeClaimConditionType
+ is a valid value of PersistentVolumeClaimCondition.Type
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ phase:
+ description: phase represents the current phase of PersistentVolumeClaim.
+ type: string
+ resizeStatus:
+ description: resizeStatus stores status of resize operation.
+ ResizeStatus is not set by default but when expansion
+ is complete resizeStatus is set to empty string by resize
+ controller or kubelet. This is an alpha field and requires
+ enabling RecoverVolumeExpansionFailure feature.
+ type: string
+ type: object
+ type: object
+ type: object
+ tag:
+ description: 'Tag of Alertmanager container image to be deployed.
+ Defaults to the value of `version`. Version is ignored if Tag is
+ set. Deprecated: use ''image'' instead. The image tag can be specified
+ as part of the image URL.'
+ type: string
+ tolerations:
+ description: If specified, the pod's tolerations.
+ items:
+ description: The pod this Toleration is attached to tolerates any
+ taint that matches the triple <key,value,effect> using the matching
+ operator <operator>.
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match. Empty
+ means match all taint effects. When specified, allowed values
+ are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration applies
+ to. Empty means match all taint keys. If the key is empty,
+ operator must be Exists; this combination means to match all
+ values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship to the
+ value. Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod
+ can tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of time
+ the toleration (which must be of effect NoExecute, otherwise
+ this field is ignored) tolerates the taint. By default, it
+ is not set, which means tolerate the taint forever (do not
+ evict). Zero and negative values will be treated as 0 (evict
+ immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration matches
+ to. If the operator is Exists, the value should be empty,
+ otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ topologySpreadConstraints:
+ description: If specified, the pod's topology spread constraints.
+ items:
+ description: TopologySpreadConstraint specifies how to spread matching
+ pods among the given topology.
+ properties:
+ labelSelector:
+ description: LabelSelector is used to find matching pods. Pods
+ that match this label selector are counted to determine the
+ number of pods in their corresponding topology domain.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: MatchLabelKeys is a set of pod label keys to select
+ the pods over which spreading will be calculated. The keys
+ are used to lookup values from the incoming pod labels, those
+ key-value labels are ANDed with labelSelector to select the
+ group of existing pods over which spreading will be calculated
+ for the incoming pod. Keys that don't exist in the incoming
+ pod labels will be ignored. A null or empty list means only
+ match against labelSelector.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ maxSkew:
+ description: 'MaxSkew describes the degree to which pods may
+ be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
+ it is the maximum permitted difference between the number
+ of matching pods in the target topology and the global minimum.
+ The global minimum is the minimum number of matching pods
+ in an eligible domain or zero if the number of eligible domains
+ is less than MinDomains. For example, in a 3-zone cluster,
+ MaxSkew is set to 1, and pods with the same labelSelector
+ spread as 2/2/1: In this case, the global minimum is 1. |
+ zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew
+ is 1, incoming pod can only be scheduled to zone3 to become
+ 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1)
+ on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming
+ pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+ it is used to give higher precedence to topologies that satisfy
+ it. It''s a required field. Default value is 1 and 0 is not
+ allowed.'
+ format: int32
+ type: integer
+ minDomains:
+ description: "MinDomains indicates a minimum number of eligible
+ domains. When the number of eligible domains with matching
+ topology keys is less than minDomains, Pod Topology Spread
+ treats \"global minimum\" as 0, and then the calculation of
+ Skew is performed. And when the number of eligible domains
+ with matching topology keys equals or greater than minDomains,
+ this value has no effect on scheduling. As a result, when
+ the number of eligible domains is less than minDomains, scheduler
+ won't schedule more than maxSkew Pods to those domains. If
+ value is nil, the constraint behaves as if MinDomains is equal
+ to 1. Valid values are integers greater than 0. When value
+ is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For
+ example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains
+ is set to 5 and pods with the same labelSelector spread as
+ 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P |
+ The number of domains is less than 5(MinDomains), so \"global
+ minimum\" is treated as 0. In this situation, new pod with
+ the same labelSelector cannot be scheduled, because computed
+ skew will be 3(3 - 0) if new Pod is scheduled to any of the
+ three zones, it will violate MaxSkew. \n This is a beta field
+ and requires the MinDomainsInPodTopologySpread feature gate
+ to be enabled (enabled by default)."
+ format: int32
+ type: integer
+ nodeAffinityPolicy:
+ description: "NodeAffinityPolicy indicates how we will treat
+ Pod's nodeAffinity/nodeSelector when calculating pod topology
+ spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector
+ are included in the calculations. - Ignore: nodeAffinity/nodeSelector
+ are ignored. All nodes are included in the calculations. \n
+ If this value is nil, the behavior is equivalent to the Honor
+ policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread
+ feature flag."
+ type: string
+ nodeTaintsPolicy:
+ description: "NodeTaintsPolicy indicates how we will treat node
+ taints when calculating pod topology spread skew. Options
+ are: - Honor: nodes without taints, along with tainted nodes
+ for which the incoming pod has a toleration, are included.
+ - Ignore: node taints are ignored. All nodes are included.
+ \n If this value is nil, the behavior is equivalent to the
+ Ignore policy. This is a alpha-level feature enabled by the
+ NodeInclusionPolicyInPodTopologySpread feature flag."
+ type: string
+ topologyKey:
+ description: TopologyKey is the key of node labels. Nodes that
+ have a label with this key and identical values are considered
+ to be in the same topology. We consider each <key, value>
+ as a "bucket", and try to put balanced number of pods into
+ each bucket. We define a domain as a particular instance of
+ a topology. Also, we define an eligible domain as a domain
+ whose nodes meet the requirements of nodeAffinityPolicy and
+ nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname",
+ each Node is a domain of that topology. And, if TopologyKey
+ is "topology.kubernetes.io/zone", each zone is a domain of
+ that topology. It's a required field.
+ type: string
+ whenUnsatisfiable:
+ description: 'WhenUnsatisfiable indicates how to deal with a
+ pod if it doesn''t satisfy the spread constraint. - DoNotSchedule
+ (default) tells the scheduler not to schedule it. - ScheduleAnyway
+ tells the scheduler to schedule the pod in any location, but
+ giving higher precedence to topologies that would help reduce
+ the skew. A constraint is considered "Unsatisfiable" for an
+ incoming pod if and only if every possible node assignment
+ for that pod would violate "MaxSkew" on some topology. For
+ example, in a 3-zone cluster, MaxSkew is set to 1, and pods
+ with the same labelSelector spread as 3/1/1: | zone1 | zone2
+ | zone3 | | P P P | P | P | If WhenUnsatisfiable is
+ set to DoNotSchedule, incoming pod can only be scheduled to
+ zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on
+ zone2(zone3) satisfies MaxSkew(1). In other words, the cluster
+ can still be imbalanced, but scheduler won''t make it *more*
+ imbalanced. It''s a required field.'
+ type: string
+ required:
+ - maxSkew
+ - topologyKey
+ - whenUnsatisfiable
+ type: object
+ type: array
+ version:
+ description: Version the cluster should be on.
+ type: string
+ volumeMounts:
+ description: VolumeMounts allows configuration of additional VolumeMounts
+ on the output StatefulSet definition. VolumeMounts specified will
+ be appended to other VolumeMounts in the alertmanager container,
+ that are generated as a result of StorageSpec objects.
+ items:
+ description: VolumeMount describes a mounting of a Volume within
+ a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume should
+ be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are propagated
+ from the host to container and the other way around. When
+ not set, MountPropagationNone is used. This field is beta
+ in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which the
+ container's volume should be mounted. Behaves similarly to
+ SubPath but environment variable references $(VAR_NAME) are
+ expanded using the container's environment. Defaults to ""
+ (volume's root). SubPathExpr and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ volumes:
+ description: Volumes allows configuration of additional volumes on
+ the output StatefulSet definition. Volumes specified will be appended
+ to other volumes that are generated as a result of StorageSpec objects.
+ items:
+ description: Volume represents a named volume in a pod that may
+ be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'awsElasticBlockStore represents an AWS Disk resource
+ that is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the volume that
+ you want to mount. If omitted, the default is to mount
+ by volume name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly value true will force the readOnly
+ setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'volumeID is unique ID of the persistent disk
+ resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: azureDisk represents an Azure Data Disk mount on
+ the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'cachingMode is the Host Caching mode: None,
+ Read Only, Read Write.'
+ type: string
+ diskName:
+ description: diskName is the Name of the data disk in the
+ blob storage
+ type: string
+ diskURI:
+ description: diskURI is the URI of data disk in the blob
+ storage
+ type: string
+ fsType:
+ description: fsType is Filesystem type to mount. Must be
+ a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ kind:
+ description: 'kind expected values are Shared: multiple
+ blob disks per storage account Dedicated: single blob
+ disk per storage account Managed: azure managed data
+ disk (only in managed availability set). defaults to shared'
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: azureFile represents an Azure File Service mount
+ on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: secretName is the name of secret that contains
+ Azure Storage Account Name and Key
+ type: string
+ shareName:
+ description: shareName is the azure share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: cephFS represents a Ceph FS mount on the host that
+ shares a pod's lifetime
+ properties:
+ monitors:
+ description: 'monitors is Required: Monitors is a collection
+ of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ path:
+ description: 'path is Optional: Used as the mounted root,
+ rather than the full Ceph tree, default is /'
+ type: string
+ readOnly:
+ description: 'readOnly is Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'secretFile is Optional: SecretFile is the
+ path to key ring for User, default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'secretRef is Optional: SecretRef is reference
+ to the authentication secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: 'user is optional: User is the rados user name,
+ default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'cinder represents a cinder volume attached and
+ mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to
+ be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'secretRef is optional: points to a secret
+ object containing parameters used to connect to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeID:
+ description: 'volumeID used to identify the volume in cinder.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: configMap represents a configMap that should populate
+ this volume
+ properties:
+ defaultMode:
+ description: 'defaultMode is optional: mode bits used to
+ set permissions on created files by default. Must be an
+ octal value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items if unspecified, each key-value pair in
+ the Data field of the referenced ConfigMap will be projected
+ into the volume as a file whose name is the key and content
+ is the value. If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in
+ the ConfigMap, the volume setup will error unless it is
+ marked optional. Paths must be relative and may not contain
+ the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits used to
+ set permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. If not
+ specified, the volume defaultMode will be used.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of the file
+ to map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap or its
+ keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ csi:
+ description: csi (Container Storage Interface) represents ephemeral
+ storage that is handled by certain external CSI drivers (Beta
+ feature).
+ properties:
+ driver:
+ description: driver is the name of the CSI driver that handles
+ this volume. Consult with your admin for the correct name
+ as registered in the cluster.
+ type: string
+ fsType:
+ description: fsType to mount. Ex. "ext4", "xfs", "ntfs".
+ If not provided, the empty value is passed to the associated
+ CSI driver which will determine the default filesystem
+ to apply.
+ type: string
+ nodePublishSecretRef:
+ description: nodePublishSecretRef is a reference to the
+ secret object containing sensitive information to pass
+ to the CSI driver to complete the CSI NodePublishVolume
+ and NodeUnpublishVolume calls. This field is optional,
+ and may be empty if no secret is required. If the secret
+ object contains more than one secret, all secret references
+ are passed.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ readOnly:
+ description: readOnly specifies a read-only configuration
+ for the volume. Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: volumeAttributes stores driver-specific properties
+ that are passed to the CSI driver. Consult your driver's
+ documentation for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: downwardAPI represents downward API about the pod
+ that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on created files
+ by default. Must be a Optional: mode bits used to set
+ permissions on created files by default. Must be an octal
+ value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API volume file
+ items:
+ description: DownwardAPIVolumeFile represents information
+ to create the file containing the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of the pod:
+ only annotations, labels, name and namespace are
+ supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: 'Optional: mode bits used to set permissions
+ on this file, must be an octal value between 0000
+ and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires
+ decimal values for mode bits. If not specified,
+ the volume defaultMode will be used. This might
+ be in conflict with other options that affect the
+ file mode, like fsGroup, and the result can be other
+ mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative path
+ name of the file to be created. Must not be absolute
+ or contain the ''..'' path. Must be utf-8 encoded.
+ The first item of the relative path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'emptyDir represents a temporary directory that
+ shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'medium represents what type of storage medium
+ should back this directory. The default is "" which means
+ to use the node''s default medium. Must be an empty string
+ (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'sizeLimit is the total amount of local storage
+ required for this EmptyDir volume. The size limit is also
+ applicable for memory medium. The maximum usage on memory
+ medium EmptyDir would be the minimum value between the
+ SizeLimit specified here and the sum of memory limits
+ of all containers in a pod. The default is nil which means
+ that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: "ephemeral represents a volume that is handled
+ by a cluster storage driver. The volume's lifecycle is tied
+ to the pod that defines it - it will be created before the
+ pod starts, and deleted when the pod is removed. \n Use this
+ if: a) the volume is only needed while the pod runs, b) features
+ of normal volumes like restoring from snapshot or capacity
+ tracking are needed, c) the storage driver is specified through
+ a storage class, and d) the storage driver supports dynamic
+ volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource
+ for more information on the connection between this volume
+ type and PersistentVolumeClaim). \n Use PersistentVolumeClaim
+ or one of the vendor-specific APIs for volumes that persist
+ for longer than the lifecycle of an individual pod. \n Use
+ CSI for light-weight local ephemeral volumes if the CSI driver
+ is meant to be used that way - see the documentation of the
+ driver for more information. \n A pod can use both types of
+ ephemeral volumes and persistent volumes at the same time."
+ properties:
+ volumeClaimTemplate:
+ description: "Will be used to create a stand-alone PVC to
+ provision the volume. The pod in which this EphemeralVolumeSource
+ is embedded will be the owner of the PVC, i.e. the PVC
+ will be deleted together with the pod. The name of the
+ PVC will be `<pod name>-<volume name>` where `<volume
+ name>` is the name from the `PodSpec.Volumes` array entry.
+ Pod validation will reject the pod if the concatenated
+ name is not valid for a PVC (for example, too long). \n
+ An existing PVC with that name that is not owned by the
+ pod will *not* be used for the pod to avoid using an unrelated
+ volume by mistake. Starting the pod is then blocked until
+ the unrelated PVC is removed. If such a pre-created PVC
+ is meant to be used by the pod, the PVC has to updated
+ with an owner reference to the pod once the pod exists.
+ Normally this should not be necessary, but it may be useful
+ when manually reconstructing a broken cluster. \n This
+ field is read-only and no changes will be made by Kubernetes
+ to the PVC after it has been created. \n Required, must
+ not be nil."
+ properties:
+ metadata:
+ description: May contain labels and annotations that
+ will be copied into the PVC when creating it. No other
+ fields are allowed and will be rejected during validation.
+ type: object
+ spec:
+ description: The specification for the PersistentVolumeClaim.
+ The entire content is copied unchanged into the PVC
+ that gets created from this template. The same fields
+ as in a PersistentVolumeClaim are also valid here.
+ properties:
+ accessModes:
+ description: 'accessModes contains the desired access
+ modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'dataSource field can be used to specify
+ either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim) If the
+ provisioner or an external controller can support
+ the specified data source, it will create a new
+ volume based on the contents of the specified
+ data source. If the AnyVolumeDataSource feature
+ gate is enabled, this field will always have the
+ same contents as the DataSourceRef field.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API
+ group. For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: 'dataSourceRef specifies the object
+ from which to populate the volume with data, if
+ a non-empty volume is desired. This may be any
+ local object from a non-empty API group (non core
+ object) or a PersistentVolumeClaim object. When
+ this field is specified, volume binding will only
+ succeed if the type of the specified object matches
+ some installed volume populator or dynamic provisioner.
+ This field will replace the functionality of the
+ DataSource field and as such if both fields are
+ non-empty, they must have the same value. For
+ backwards compatibility, both fields (DataSource
+ and DataSourceRef) will be set to the same value
+ automatically if one of them is empty and the
+ other is non-empty. There are two important differences
+ between DataSource and DataSourceRef: * While
+ DataSource only allows two specific types of objects,
+ DataSourceRef allows any non-core object, as well
+ as PersistentVolumeClaim objects. * While DataSource
+ ignores disallowed values (dropping them), DataSourceRef
+ preserves all values, and generates an error if
+ a disallowed value is specified. (Beta) Using
+ this field requires the AnyVolumeDataSource feature
+ gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API
+ group. For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ resources:
+ description: 'resources represents the minimum resources
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than previous
+ value but must still be higher than capacity recorded
+ in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum
+ amount of compute resources required. If Requests
+ is omitted for a container, it defaults to
+ Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes
+ to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: 'storageClassName is the name of the
+ StorageClass required by the claim. More info:
+ https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of volume
+ is required by the claim. Value of Filesystem
+ is implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference
+ to the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: fc represents a Fibre Channel resource that is
+ attached to a kubelet's host machine and then exposed to the
+ pod.
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. TODO: how do we prevent errors in the
+ filesystem from compromising the machine'
+ type: string
+ lun:
+ description: 'lun is Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly is Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'targetWWNs is Optional: FC target worldwide
+ names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'wwids Optional: FC volume world wide identifiers
+ (wwids) Either wwids or combination of targetWWNs and
+ lun must be set, but not both simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: flexVolume represents a generic volume resource
+ that is provisioned/attached using an exec based plugin.
+ properties:
+ driver:
+ description: driver is the name of the driver to use for
+ this volume.
+ type: string
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". The default filesystem depends
+ on FlexVolume script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'options is Optional: this field holds extra
+ command options if any.'
+ type: object
+ readOnly:
+ description: 'readOnly is Optional: defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'secretRef is Optional: secretRef is reference
+ to the secret object containing sensitive information
+ to pass to the plugin scripts. This may be empty if no
+ secret object is specified. If the secret object contains
+ more than one secret, all secrets are passed to the plugin
+ scripts.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - driver
+ type: object
+ flocker:
+ description: flocker represents a Flocker volume attached to
+ a kubelet's host machine. This depends on the Flocker control
+ service being running
+ properties:
+ datasetName:
+ description: datasetName is Name of the dataset stored as
+ metadata -> name on the dataset for Flocker should be
+ considered as deprecated
+ type: string
+ datasetUUID:
+ description: datasetUUID is the UUID of the dataset. This
+ is unique identifier of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: 'gcePersistentDisk represents a GCE Disk resource
+ that is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'fsType is filesystem type of the volume that
+ you want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the volume that
+ you want to mount. If omitted, the default is to mount
+ by volume name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property empty).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'pdName is unique name of the PD resource in
+ GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'gitRepo represents a git repository at a particular
+ revision. DEPRECATED: GitRepo is deprecated. To provision
+ a container with a git repo, mount an EmptyDir into an InitContainer
+ that clones the repo using git, then mount the EmptyDir into
+ the Pod''s container.'
+ properties:
+ directory:
+ description: directory is the target directory name. Must
+ not contain or start with '..'. If '.' is supplied, the
+ volume directory will be the git repository. Otherwise,
+ if specified, the volume will contain the git repository
+ in the subdirectory with the given name.
+ type: string
+ repository:
+ description: repository is the URL
+ type: string
+ revision:
+ description: revision is the commit hash for the specified
+ revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'glusterfs represents a Glusterfs mount on the
+ host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'endpoints is the endpoint name that details
+ Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'path is the Glusterfs volume path. More info:
+ https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the Glusterfs volume
+ to be mounted with read-only permissions. Defaults to
+ false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'hostPath represents a pre-existing file or directory
+ on the host machine that is directly exposed to the container.
+ This is generally used for system agents or other privileged
+ things that are allowed to see the host machine. Most containers
+ will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ --- TODO(jonesdl) We need to restrict who can use host directory
+ mounts and who can/can not mount host directories as read/write.'
+ properties:
+ path:
+ description: 'path of the directory on the host. If the
+ path is a symlink, it will follow the link to the real
+ path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'type for HostPath Volume Defaults to "" More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'iscsi represents an ISCSI Disk resource that is
+ attached to a kubelet''s host machine and then exposed to
+ the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: chapAuthDiscovery defines whether support iSCSI
+ Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: chapAuthSession defines whether support iSCSI
+ Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ initiatorName:
+ description: initiatorName is the custom iSCSI Initiator
+ Name. If initiatorName is specified with iscsiInterface
+ simultaneously, new iSCSI interface <target portal>:<volume
+ name> will be created for the connection.
+ type: string
+ iqn:
+ description: iqn is the target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ description: iscsiInterface is the interface Name that uses
+ an iSCSI transport. Defaults to 'default' (tcp).
+ type: string
+ lun:
+ description: lun represents iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: portals is the iSCSI Target Portal List. The
+ portal is either an IP or ip_addr:port if the port is
+ other than default (typically TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false.
+ type: boolean
+ secretRef:
+ description: secretRef is the CHAP Secret for iSCSI target
+ and initiator authentication
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ targetPortal:
+ description: targetPortal is iSCSI Target Portal. The Portal
+ is either an IP or ip_addr:port if the port is other than
+ default (typically TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'name of the volume. Must be a DNS_LABEL and unique
+ within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'nfs represents an NFS mount on the host that shares
+ a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'path that is exported by the NFS server. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the NFS export to
+ be mounted with read-only permissions. Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'server is the hostname or IP address of the
+ NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'persistentVolumeClaimVolumeSource represents a
+ reference to a PersistentVolumeClaim in the same namespace.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'claimName is the name of a PersistentVolumeClaim
+ in the same namespace as the pod using this volume. More
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: readOnly Will force the ReadOnly setting in
+ VolumeMounts. Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: photonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ pdID:
+ description: pdID is the ID that identifies Photon Controller
+ persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: portworxVolume represents a portworx volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fSType represents the filesystem type to mount
+ Must be a filesystem type supported by the host operating
+ system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: volumeID uniquely identifies a Portworx volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: projected items for all in one resources secrets,
+ configmaps, and downward API
+ properties:
+ defaultMode:
+ description: defaultMode are the mode bits used to set permissions
+ on created files by default. Must be an octal value between
+ 0000 and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires decimal
+ values for mode bits. Directories within the path are
+ not affected by this setting. This might be in conflict
+ with other options that affect the file mode, like fsGroup,
+ and the result can be other mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: sources is the list of volume projections
+ items:
+ description: Projection that may be projected along with
+ other supported volume types
+ properties:
+ configMap:
+ description: configMap information about the configMap
+ data to project
+ properties:
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced ConfigMap
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified which
+ is not present in the ConfigMap, the volume
+ setup will error unless it is marked optional.
+ Paths must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and
+ 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for
+ mode bits. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of
+ the file to map the key to. May not be
+ an absolute path. May not contain the
+ path element '..'. May not start with
+ the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ downwardAPI:
+ description: downwardAPI information about the downwardAPI
+ data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field
+ of the pod: only annotations, labels,
+ name and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: 'Optional: mode bits used to
+ set permissions on this file, must be
+ an octal value between 0000 and 0777 or
+ a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values,
+ JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict
+ with other options that affect the file
+ mode, like fsGroup, and the result can
+ be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must
+ not be absolute or contain the ''..''
+ path. Must be utf-8 encoded. The first
+ item of the relative path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the
+ container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu
+ and requests.memory) are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults
+ to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: secret information about the secret data
+ to project
+ properties:
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced Secret
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified which
+ is not present in the Secret, the volume setup
+ will error unless it is marked optional. Paths
+ must be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and
+ 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for
+ mode bits. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of
+ the file to map the key to. May not be
+ an absolute path. May not contain the
+ path element '..'. May not start with
+ the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: optional field specify whether the
+ Secret or its key must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ serviceAccountToken:
+ description: serviceAccountToken is information about
+ the serviceAccountToken data to project
+ properties:
+ audience:
+ description: audience is the intended audience
+ of the token. A recipient of a token must identify
+ itself with an identifier specified in the audience
+ of the token, and otherwise should reject the
+ token. The audience defaults to the identifier
+ of the apiserver.
+ type: string
+ expirationSeconds:
+ description: expirationSeconds is the requested
+ duration of validity of the service account
+ token. As the token approaches expiration, the
+ kubelet volume plugin will proactively rotate
+ the service account token. The kubelet will
+ start trying to rotate the token if the token
+ is older than 80 percent of its time to live
+ or if the token is older than 24 hours.Defaults
+ to 1 hour and must be at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: path is the path relative to the
+ mount point of the file to project the token
+ into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: quobyte represents a Quobyte mount on the host
+ that shares a pod's lifetime
+ properties:
+ group:
+ description: group to map volume access to Default is no
+ group
+ type: string
+ readOnly:
+ description: readOnly here will force the Quobyte volume
+ to be mounted with read-only permissions. Defaults to
+ false.
+ type: boolean
+ registry:
+ description: registry represents a single or multiple Quobyte
+ Registry services specified as a string as host:port pair
+ (multiple entries are separated with commas) which acts
+ as the central registry for volumes
+ type: string
+ tenant:
+ description: tenant owning the given Quobyte volume in the
+ Backend Used with dynamically provisioned Quobyte volumes,
+ value is set by the plugin
+ type: string
+ user:
+ description: user to map volume access to Defaults to serivceaccount
+ user
+ type: string
+ volume:
+ description: volume is a string that references an already
+ created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'rbd represents a Rados Block Device mount on the
+ host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ image:
+ description: 'image is the rados image name. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'monitors is a collection of Ceph monitors.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ pool:
+ description: 'pool is the rados pool name. Default is rbd.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'secretRef is name of the authentication secret
+ for RBDUser. If provided overrides keyring. Default is
+ nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: 'user is the rados user name. Default is admin.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: scaleIO represents a ScaleIO persistent volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Default is "xfs".
+ type: string
+ gateway:
+ description: gateway is the host address of the ScaleIO
+ API Gateway.
+ type: string
+ protectionDomain:
+ description: protectionDomain is the name of the ScaleIO
+ Protection Domain for the configured storage.
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef references to the secret for ScaleIO
+ user and other sensitive information. If this is not provided,
+ Login operation will fail.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ sslEnabled:
+ description: sslEnabled Flag enable/disable SSL communication
+ with Gateway, default false
+ type: boolean
+ storageMode:
+ description: storageMode indicates whether the storage for
+ a volume should be ThickProvisioned or ThinProvisioned.
+ Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: storagePool is the ScaleIO Storage Pool associated
+ with the protection domain.
+ type: string
+ system:
+ description: system is the name of the storage system as
+ configured in ScaleIO.
+ type: string
+ volumeName:
+ description: volumeName is the name of a volume already
+ created in the ScaleIO system that is associated with
+ this volume source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'secret represents a secret that should populate
+ this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'defaultMode is Optional: mode bits used to
+ set permissions on created files by default. Must be an
+ octal value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items If unspecified, each key-value pair in
+ the Data field of the referenced Secret will be projected
+ into the volume as a file whose name is the key and content
+ is the value. If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in
+ the Secret, the volume setup will error unless it is marked
+ optional. Paths must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits used to
+ set permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. If not
+ specified, the volume defaultMode will be used.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of the file
+ to map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: optional field specify whether the Secret or
+ its keys must be defined
+ type: boolean
+ secretName:
+ description: 'secretName is the name of the secret in the
+ pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: storageOS represents a StorageOS volume attached
+ and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef specifies the secret to use for obtaining
+ the StorageOS API credentials. If not specified, default
+ values will be attempted.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeName:
+ description: volumeName is the human-readable name of the
+ StorageOS volume. Volume names are only unique within
+ a namespace.
+ type: string
+ volumeNamespace:
+ description: volumeNamespace specifies the scope of the
+ volume within StorageOS. If no namespace is specified
+ then the Pod's namespace will be used. This allows the
+ Kubernetes name scoping to be mirrored within StorageOS
+ for tighter integration. Set VolumeName to any name to
+ override the default behaviour. Set to "default" if you
+ are not using namespaces within StorageOS. Namespaces
+ that do not pre-exist within StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: vsphereVolume represents a vSphere volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is filesystem type to mount. Must be
+ a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ storagePolicyID:
+ description: storagePolicyID is the storage Policy Based
+ Management (SPBM) profile ID associated with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: storagePolicyName is the storage Policy Based
+ Management (SPBM) profile name.
+ type: string
+ volumePath:
+ description: volumePath is the path that identifies vSphere
+ volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ web:
+ description: Defines the web command line flags when starting Alertmanager.
+ properties:
+ httpConfig:
+ description: Defines HTTP parameters for web server.
+ properties:
+ headers:
+ description: List of headers that can be added to HTTP responses.
+ properties:
+ contentSecurityPolicy:
+ description: Set the Content-Security-Policy header to
+ HTTP responses. Unset if blank.
+ type: string
+ strictTransportSecurity:
+ description: Set the Strict-Transport-Security header
+ to HTTP responses. Unset if blank. Please make sure
+ that you use this with care as this header might force
+ browsers to load Prometheus and the other applications
+ hosted on the same domain and subdomains over HTTPS.
+ https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
+ type: string
+ xContentTypeOptions:
+ description: Set the X-Content-Type-Options header to
+ HTTP responses. Unset if blank. Accepted value is nosniff.
+ https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
+ enum:
+ - ""
+ - NoSniff
+ type: string
+ xFrameOptions:
+ description: Set the X-Frame-Options header to HTTP responses.
+ Unset if blank. Accepted values are deny and sameorigin.
+ https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+ enum:
+ - ""
+ - Deny
+ - SameOrigin
+ type: string
+ xXSSProtection:
+ description: Set the X-XSS-Protection header to all responses.
+ Unset if blank. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
+ type: string
+ type: object
+ http2:
+ description: Enable HTTP/2 support. Note that HTTP/2 is only
+ supported with TLS. When TLSConfig is not configured, HTTP/2
+ will be disabled. Whenever the value of the field changes,
+ a rolling update will be triggered.
+ type: boolean
+ type: object
+ tlsConfig:
+ description: Defines the TLS parameters for HTTPS.
+ properties:
+ cert:
+ description: Contains the TLS certificate for the server.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the
+ targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ cipherSuites:
+ description: 'List of supported cipher suites for TLS versions
+ up to TLS 1.2. If empty, Go default cipher suites are used.
+ Available cipher suites are documented in the go documentation:
+ https://golang.org/pkg/crypto/tls/#pkg-constants'
+ items:
+ type: string
+ type: array
+ client_ca:
+ description: Contains the CA certificate for client certificate
+ authentication to the server.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the
+ targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ clientAuthType:
+ description: 'Server policy for client authentication. Maps
+ to ClientAuth Policies. For more detail on clientAuth options:
+ https://golang.org/pkg/crypto/tls/#ClientAuthType'
+ type: string
+ curvePreferences:
+ description: 'Elliptic curves that will be used in an ECDHE
+ handshake, in preference order. Available curves are documented
+ in the go documentation: https://golang.org/pkg/crypto/tls/#CurveID'
+ items:
+ type: string
+ type: array
+ keySecret:
+ description: Secret containing the TLS key for the server.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ maxVersion:
+ description: Maximum TLS version that is acceptable. Defaults
+ to TLS13.
+ type: string
+ minVersion:
+ description: Minimum TLS version that is acceptable. Defaults
+ to TLS12.
+ type: string
+ preferServerCipherSuites:
+ description: Controls whether the server selects the client's
+ most preferred cipher suite, or the server's most preferred
+ cipher suite. If true then the server's preference, as expressed
+ in the order of elements in cipherSuites, is used.
+ type: boolean
+ required:
+ - cert
+ - keySecret
+ type: object
+ type: object
+ type: object
+ status:
+ description: 'Most recent observed status of the Alertmanager cluster.
+ Read-only. Not included when requesting from the apiserver, only from
+ the Prometheus Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+ properties:
+ availableReplicas:
+ description: Total number of available pods (ready for at least minReadySeconds)
+ targeted by this Alertmanager cluster.
+ format: int32
+ type: integer
+ paused:
+ description: Represents whether any actions on the underlying managed
+ objects are being performed. Only delete actions will be performed.
+ type: boolean
+ replicas:
+ description: Total number of non-terminated pods targeted by this
+ Alertmanager cluster (their labels match the selector).
+ format: int32
+ type: integer
+ unavailableReplicas:
+ description: Total number of unavailable pods targeted by this Alertmanager
+ cluster.
+ format: int32
+ type: integer
+ updatedReplicas:
+ description: Total number of non-terminated pods targeted by this
+ Alertmanager cluster that have the desired version spec.
+ format: int32
+ type: integer
+ required:
+ - availableReplicas
+ - paused
+ - replicas
+ - unavailableReplicas
+ - updatedReplicas
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources: {}
diff --git a/charts/kube-prometheus-stack/crds/crd-podmonitors.yaml b/charts/kube-prometheus-stack/crds/crd-podmonitors.yaml
new file mode 100644
index 0000000..a507478
--- /dev/null
+++ b/charts/kube-prometheus-stack/crds/crd-podmonitors.yaml
@@ -0,0 +1,667 @@
+# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.9.2
+ creationTimestamp: null
+ name: podmonitors.monitoring.coreos.com
+spec:
+ group: monitoring.coreos.com
+ names:
+ categories:
+ - prometheus-operator
+ kind: PodMonitor
+ listKind: PodMonitorList
+ plural: podmonitors
+ shortNames:
+ - pmon
+ singular: podmonitor
+ scope: Namespaced
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: PodMonitor defines monitoring for a set of pods.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Specification of desired Pod selection for target discovery
+ by Prometheus.
+ properties:
+ attachMetadata:
+ description: 'Attaches node metadata to discovered targets. Only valid
+ for role: pod. Only valid in Prometheus versions 2.35.0 and newer.'
+ properties:
+ node:
+ description: When set to true, Prometheus must have permissions
+ to get Nodes.
+ type: boolean
+ type: object
+ jobLabel:
+ description: The label to use to retrieve the job name from.
+ type: string
+ labelLimit:
+ description: Per-scrape limit on number of labels that will be accepted
+ for a sample. Only valid in Prometheus versions 2.27.0 and newer.
+ format: int64
+ type: integer
+ labelNameLengthLimit:
+ description: Per-scrape limit on length of labels name that will be
+ accepted for a sample. Only valid in Prometheus versions 2.27.0
+ and newer.
+ format: int64
+ type: integer
+ labelValueLengthLimit:
+ description: Per-scrape limit on length of labels value that will
+ be accepted for a sample. Only valid in Prometheus versions 2.27.0
+ and newer.
+ format: int64
+ type: integer
+ namespaceSelector:
+ description: Selector to select which namespaces the Endpoints objects
+ are discovered from.
+ properties:
+ any:
+ description: Boolean describing whether all namespaces are selected
+ in contrast to a list restricting them.
+ type: boolean
+ matchNames:
+ description: List of namespace names to select from.
+ items:
+ type: string
+ type: array
+ type: object
+ podMetricsEndpoints:
+ description: A list of endpoints allowed as part of this PodMonitor.
+ items:
+ description: PodMetricsEndpoint defines a scrapeable endpoint of
+ a Kubernetes Pod serving Prometheus metrics.
+ properties:
+ authorization:
+ description: Authorization section for this endpoint
+ properties:
+ credentials:
+ description: The secret's key that contains the credentials
+ of the request
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type:
+ description: Set the authentication type. Defaults to Bearer,
+ Basic will cause an error
+ type: string
+ type: object
+ basicAuth:
+ description: 'BasicAuth allow an endpoint to authenticate over
+ basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint'
+ properties:
+ password:
+ description: The secret in the service monitor namespace
+ that contains the password for authentication.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ username:
+ description: The secret in the service monitor namespace
+ that contains the username for authentication.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ bearerTokenSecret:
+ description: Secret to mount to read bearer token for scraping
+ targets. The secret needs to be in the same namespace as the
+ pod monitor and accessible by the Prometheus Operator.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ enableHttp2:
+ description: Whether to enable HTTP2.
+ type: boolean
+ filterRunning:
+ description: 'Drop pods that are not running. (Failed, Succeeded).
+ Enabled by default. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase'
+ type: boolean
+ followRedirects:
+ description: FollowRedirects configures whether scrape requests
+ follow HTTP 3xx redirects.
+ type: boolean
+ honorLabels:
+ description: HonorLabels chooses the metric's labels on collisions
+ with target labels.
+ type: boolean
+ honorTimestamps:
+ description: HonorTimestamps controls whether Prometheus respects
+ the timestamps present in scraped data.
+ type: boolean
+ interval:
+ description: Interval at which metrics should be scraped If
+ not specified Prometheus' global scrape interval is used.
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
+ type: string
+ metricRelabelings:
+ description: MetricRelabelConfigs to apply to samples before
+ ingestion.
+ items:
+ description: 'RelabelConfig allows dynamic rewriting of the
+ label set, being applied to samples before ingestion. It
+ defines `<metric_relabel_configs>`-section of Prometheus
+ configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
+ properties:
+ action:
+ default: replace
+ description: Action to perform based on regex matching.
+ Default is 'replace'. uppercase and lowercase actions
+ require Prometheus >= 2.36.
+ enum:
+ - replace
+ - Replace
+ - keep
+ - Keep
+ - drop
+ - Drop
+ - hashmod
+ - HashMod
+ - labelmap
+ - LabelMap
+ - labeldrop
+ - LabelDrop
+ - labelkeep
+ - LabelKeep
+ - lowercase
+ - Lowercase
+ - uppercase
+ - Uppercase
+ type: string
+ modulus:
+ description: Modulus to take of the hash of the source
+ label values.
+ format: int64
+ type: integer
+ regex:
+ description: Regular expression against which the extracted
+ value is matched. Default is '(.*)'
+ type: string
+ replacement:
+ description: Replacement value against which a regex replace
+ is performed if the regular expression matches. Regex
+ capture groups are available. Default is '$1'
+ type: string
+ separator:
+ description: Separator placed between concatenated source
+ label values. default is ';'.
+ type: string
+ sourceLabels:
+ description: The source labels select values from existing
+ labels. Their content is concatenated using the configured
+ separator and matched against the configured regular
+ expression for the replace, keep, and drop actions.
+ items:
+ description: LabelName is a valid Prometheus label name
+ which may only contain ASCII letters, numbers, as
+ well as underscores.
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
+ type: string
+ type: array
+ targetLabel:
+ description: Label to which the resulting value is written
+ in a replace action. It is mandatory for replace actions.
+ Regex capture groups are available.
+ type: string
+ type: object
+ type: array
+ oauth2:
+ description: OAuth2 for the URL. Only valid in Prometheus versions
+ 2.27.0 and newer.
+ properties:
+ clientId:
+ description: The secret or configmap containing the OAuth2
+ client id
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the
+ targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ clientSecret:
+ description: The secret containing the OAuth2 client secret
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ endpointParams:
+ additionalProperties:
+ type: string
+ description: Parameters to append to the token URL
+ type: object
+ scopes:
+ description: OAuth2 scopes used for the token request
+ items:
+ type: string
+ type: array
+ tokenUrl:
+ description: The URL to fetch the token from
+ minLength: 1
+ type: string
+ required:
+ - clientId
+ - clientSecret
+ - tokenUrl
+ type: object
+ params:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Optional HTTP URL parameters
+ type: object
+ path:
+ description: HTTP path to scrape for metrics. If empty, Prometheus
+ uses the default value (e.g. `/metrics`).
+ type: string
+ port:
+ description: Name of the pod port this endpoint refers to. Mutually
+ exclusive with targetPort.
+ type: string
+ proxyUrl:
+ description: ProxyURL eg http://proxyserver:2195 Directs scrapes
+ to proxy through this endpoint.
+ type: string
+ relabelings:
+ description: 'RelabelConfigs to apply to samples before scraping.
+ Prometheus Operator automatically adds relabelings for a few
+ standard Kubernetes fields. The original scrape job''s name
+ is available via the `__tmp_prometheus_job_name` label. More
+ info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
+ items:
+ description: 'RelabelConfig allows dynamic rewriting of the
+ label set, being applied to samples before ingestion. It
+ defines `<metric_relabel_configs>`-section of Prometheus
+ configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
+ properties:
+ action:
+ default: replace
+ description: Action to perform based on regex matching.
+ Default is 'replace'. uppercase and lowercase actions
+ require Prometheus >= 2.36.
+ enum:
+ - replace
+ - Replace
+ - keep
+ - Keep
+ - drop
+ - Drop
+ - hashmod
+ - HashMod
+ - labelmap
+ - LabelMap
+ - labeldrop
+ - LabelDrop
+ - labelkeep
+ - LabelKeep
+ - lowercase
+ - Lowercase
+ - uppercase
+ - Uppercase
+ type: string
+ modulus:
+ description: Modulus to take of the hash of the source
+ label values.
+ format: int64
+ type: integer
+ regex:
+ description: Regular expression against which the extracted
+ value is matched. Default is '(.*)'
+ type: string
+ replacement:
+ description: Replacement value against which a regex replace
+ is performed if the regular expression matches. Regex
+ capture groups are available. Default is '$1'
+ type: string
+ separator:
+ description: Separator placed between concatenated source
+ label values. default is ';'.
+ type: string
+ sourceLabels:
+ description: The source labels select values from existing
+ labels. Their content is concatenated using the configured
+ separator and matched against the configured regular
+ expression for the replace, keep, and drop actions.
+ items:
+ description: LabelName is a valid Prometheus label name
+ which may only contain ASCII letters, numbers, as
+ well as underscores.
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
+ type: string
+ type: array
+ targetLabel:
+ description: Label to which the resulting value is written
+ in a replace action. It is mandatory for replace actions.
+ Regex capture groups are available.
+ type: string
+ type: object
+ type: array
+ scheme:
+ description: HTTP scheme to use for scraping.
+ type: string
+ scrapeTimeout:
+ description: Timeout after which the scrape is ended If not
+ specified, the Prometheus global scrape interval is used.
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Deprecated: Use ''port'' instead.'
+ x-kubernetes-int-or-string: true
+ tlsConfig:
+ description: TLS configuration to use when scraping the endpoint.
+ properties:
+ ca:
+ description: Struct containing the CA cert to use for the
+ targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the
+ targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ cert:
+ description: Struct containing the client cert file for
+ the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the
+ targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ insecureSkipVerify:
+ description: Disable target certificate validation.
+ type: boolean
+ keySecret:
+ description: Secret containing the client key file for the
+ targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ serverName:
+ description: Used to verify the hostname for the targets.
+ type: string
+ type: object
+ type: object
+ type: array
+ podTargetLabels:
+ description: PodTargetLabels transfers labels on the Kubernetes Pod
+ onto the target.
+ items:
+ type: string
+ type: array
+ sampleLimit:
+ description: SampleLimit defines per-scrape limit on number of scraped
+ samples that will be accepted.
+ format: int64
+ type: integer
+ selector:
+ description: Selector to select Pod objects.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ targetLimit:
+ description: TargetLimit defines a limit on the number of scraped
+ targets that will be accepted.
+ format: int64
+ type: integer
+ required:
+ - podMetricsEndpoints
+ - selector
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
diff --git a/charts/kube-prometheus-stack/crds/crd-probes.yaml b/charts/kube-prometheus-stack/crds/crd-probes.yaml
new file mode 100644
index 0000000..8960962
--- /dev/null
+++ b/charts/kube-prometheus-stack/crds/crd-probes.yaml
@@ -0,0 +1,704 @@
+# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.9.2
+ creationTimestamp: null
+ name: probes.monitoring.coreos.com
+spec:
+ group: monitoring.coreos.com
+ names:
+ categories:
+ - prometheus-operator
+ kind: Probe
+ listKind: ProbeList
+ plural: probes
+ shortNames:
+ - prb
+ singular: probe
+ scope: Namespaced
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: Probe defines monitoring for a set of static targets or ingresses.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Specification of desired Ingress selection for target discovery
+ by Prometheus.
+ properties:
+ authorization:
+ description: Authorization section for this endpoint
+ properties:
+ credentials:
+ description: The secret's key that contains the credentials of
+ the request
+ properties:
+ key:
+ description: The key of the secret to select from. Must be
+ a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be
+ defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type:
+ description: Set the authentication type. Defaults to Bearer,
+ Basic will cause an error
+ type: string
+ type: object
+ basicAuth:
+ description: 'BasicAuth allow an endpoint to authenticate over basic
+ authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint'
+ properties:
+ password:
+ description: The secret in the service monitor namespace that
+ contains the password for authentication.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be
+ a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be
+ defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ username:
+ description: The secret in the service monitor namespace that
+ contains the username for authentication.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be
+ a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be
+ defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ bearerTokenSecret:
+ description: Secret to mount to read bearer token for scraping targets.
+ The secret needs to be in the same namespace as the probe and accessible
+ by the Prometheus Operator.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a
+ valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ interval:
+ description: Interval at which targets are probed using the configured
+ prober. If not specified Prometheus' global scrape interval is used.
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
+ type: string
+ jobName:
+ description: The job name assigned to scraped metrics by default.
+ type: string
+ labelLimit:
+ description: Per-scrape limit on number of labels that will be accepted
+ for a sample. Only valid in Prometheus versions 2.27.0 and newer.
+ format: int64
+ type: integer
+ labelNameLengthLimit:
+ description: Per-scrape limit on length of labels name that will be
+ accepted for a sample. Only valid in Prometheus versions 2.27.0
+ and newer.
+ format: int64
+ type: integer
+ labelValueLengthLimit:
+ description: Per-scrape limit on length of labels value that will
+ be accepted for a sample. Only valid in Prometheus versions 2.27.0
+ and newer.
+ format: int64
+ type: integer
+ metricRelabelings:
+ description: MetricRelabelConfigs to apply to samples before ingestion.
+ items:
+ description: 'RelabelConfig allows dynamic rewriting of the label
+ set, being applied to samples before ingestion. It defines `<metric_relabel_configs>`-section
+ of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
+ properties:
+ action:
+ default: replace
+ description: Action to perform based on regex matching. Default
+ is 'replace'. uppercase and lowercase actions require Prometheus
+ >= 2.36.
+ enum:
+ - replace
+ - Replace
+ - keep
+ - Keep
+ - drop
+ - Drop
+ - hashmod
+ - HashMod
+ - labelmap
+ - LabelMap
+ - labeldrop
+ - LabelDrop
+ - labelkeep
+ - LabelKeep
+ - lowercase
+ - Lowercase
+ - uppercase
+ - Uppercase
+ type: string
+ modulus:
+ description: Modulus to take of the hash of the source label
+ values.
+ format: int64
+ type: integer
+ regex:
+ description: Regular expression against which the extracted
+ value is matched. Default is '(.*)'
+ type: string
+ replacement:
+ description: Replacement value against which a regex replace
+ is performed if the regular expression matches. Regex capture
+ groups are available. Default is '$1'
+ type: string
+ separator:
+ description: Separator placed between concatenated source label
+ values. default is ';'.
+ type: string
+ sourceLabels:
+ description: The source labels select values from existing labels.
+ Their content is concatenated using the configured separator
+ and matched against the configured regular expression for
+ the replace, keep, and drop actions.
+ items:
+ description: LabelName is a valid Prometheus label name which
+ may only contain ASCII letters, numbers, as well as underscores.
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
+ type: string
+ type: array
+ targetLabel:
+ description: Label to which the resulting value is written in
+ a replace action. It is mandatory for replace actions. Regex
+ capture groups are available.
+ type: string
+ type: object
+ type: array
+ module:
+ description: 'The module to use for probing specifying how to probe
+ the target. Example module configuring in the blackbox exporter:
+ https://github.com/prometheus/blackbox_exporter/blob/master/example.yml'
+ type: string
+ oauth2:
+ description: OAuth2 for the URL. Only valid in Prometheus versions
+ 2.27.0 and newer.
+ properties:
+ clientId:
+ description: The secret or configmap containing the OAuth2 client
+ id
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ clientSecret:
+ description: The secret containing the OAuth2 client secret
+ properties:
+ key:
+ description: The key of the secret to select from. Must be
+ a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be
+ defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ endpointParams:
+ additionalProperties:
+ type: string
+ description: Parameters to append to the token URL
+ type: object
+ scopes:
+ description: OAuth2 scopes used for the token request
+ items:
+ type: string
+ type: array
+ tokenUrl:
+ description: The URL to fetch the token from
+ minLength: 1
+ type: string
+ required:
+ - clientId
+ - clientSecret
+ - tokenUrl
+ type: object
+ prober:
+ description: Specification for the prober to use for probing targets.
+ The prober.URL parameter is required. Targets cannot be probed if
+ left empty.
+ properties:
+ path:
+ default: /probe
+ description: Path to collect metrics from. Defaults to `/probe`.
+ type: string
+ proxyUrl:
+ description: Optional ProxyURL.
+ type: string
+ scheme:
+ description: HTTP scheme to use for scraping. Defaults to `http`.
+ type: string
+ url:
+ description: Mandatory URL of the prober.
+ type: string
+ required:
+ - url
+ type: object
+ sampleLimit:
+ description: SampleLimit defines per-scrape limit on number of scraped
+ samples that will be accepted.
+ format: int64
+ type: integer
+ scrapeTimeout:
+ description: Timeout for scraping metrics from the Prometheus exporter.
+ If not specified, the Prometheus global scrape interval is used.
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
+ type: string
+ targetLimit:
+ description: TargetLimit defines a limit on the number of scraped
+ targets that will be accepted.
+ format: int64
+ type: integer
+ targets:
+ description: Targets defines a set of static or dynamically discovered
+ targets to probe.
+ properties:
+ ingress:
+ description: ingress defines the Ingress objects to probe and
+ the relabeling configuration. If `staticConfig` is also defined,
+ `staticConfig` takes precedence.
+ properties:
+ namespaceSelector:
+ description: From which namespaces to select Ingress objects.
+ properties:
+ any:
+ description: Boolean describing whether all namespaces
+ are selected in contrast to a list restricting them.
+ type: boolean
+ matchNames:
+ description: List of namespace names to select from.
+ items:
+ type: string
+ type: array
+ type: object
+ relabelingConfigs:
+ description: 'RelabelConfigs to apply to the label set of
+ the target before it gets scraped. The original ingress
+ address is available via the `__tmp_prometheus_ingress_address`
+ label. It can be used to customize the probed URL. The original
+ scrape job''s name is available via the `__tmp_prometheus_job_name`
+ label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
+ items:
+ description: 'RelabelConfig allows dynamic rewriting of
+ the label set, being applied to samples before ingestion.
+ It defines `<metric_relabel_configs>`-section of Prometheus
+ configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
+ properties:
+ action:
+ default: replace
+ description: Action to perform based on regex matching.
+ Default is 'replace'. uppercase and lowercase actions
+ require Prometheus >= 2.36.
+ enum:
+ - replace
+ - Replace
+ - keep
+ - Keep
+ - drop
+ - Drop
+ - hashmod
+ - HashMod
+ - labelmap
+ - LabelMap
+ - labeldrop
+ - LabelDrop
+ - labelkeep
+ - LabelKeep
+ - lowercase
+ - Lowercase
+ - uppercase
+ - Uppercase
+ type: string
+ modulus:
+ description: Modulus to take of the hash of the source
+ label values.
+ format: int64
+ type: integer
+ regex:
+ description: Regular expression against which the extracted
+ value is matched. Default is '(.*)'
+ type: string
+ replacement:
+ description: Replacement value against which a regex
+ replace is performed if the regular expression matches.
+ Regex capture groups are available. Default is '$1'
+ type: string
+ separator:
+ description: Separator placed between concatenated source
+ label values. default is ';'.
+ type: string
+ sourceLabels:
+ description: The source labels select values from existing
+ labels. Their content is concatenated using the configured
+ separator and matched against the configured regular
+ expression for the replace, keep, and drop actions.
+ items:
+ description: LabelName is a valid Prometheus label
+ name which may only contain ASCII letters, numbers,
+ as well as underscores.
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
+ type: string
+ type: array
+ targetLabel:
+ description: Label to which the resulting value is written
+ in a replace action. It is mandatory for replace actions.
+ Regex capture groups are available.
+ type: string
+ type: object
+ type: array
+ selector:
+ description: Selector to select the Ingress objects.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ staticConfig:
+ description: 'staticConfig defines the static list of targets
+ to probe and the relabeling configuration. If `ingress` is also
+ defined, `staticConfig` takes precedence. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config.'
+ properties:
+ labels:
+ additionalProperties:
+ type: string
+ description: Labels assigned to all metrics scraped from the
+ targets.
+ type: object
+ relabelingConfigs:
+ description: 'RelabelConfigs to apply to the label set of
+ the targets before it gets scraped. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
+ items:
+ description: 'RelabelConfig allows dynamic rewriting of
+ the label set, being applied to samples before ingestion.
+ It defines `<metric_relabel_configs>`-section of Prometheus
+ configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
+ properties:
+ action:
+ default: replace
+ description: Action to perform based on regex matching.
+ Default is 'replace'. uppercase and lowercase actions
+ require Prometheus >= 2.36.
+ enum:
+ - replace
+ - Replace
+ - keep
+ - Keep
+ - drop
+ - Drop
+ - hashmod
+ - HashMod
+ - labelmap
+ - LabelMap
+ - labeldrop
+ - LabelDrop
+ - labelkeep
+ - LabelKeep
+ - lowercase
+ - Lowercase
+ - uppercase
+ - Uppercase
+ type: string
+ modulus:
+ description: Modulus to take of the hash of the source
+ label values.
+ format: int64
+ type: integer
+ regex:
+ description: Regular expression against which the extracted
+ value is matched. Default is '(.*)'
+ type: string
+ replacement:
+ description: Replacement value against which a regex
+ replace is performed if the regular expression matches.
+ Regex capture groups are available. Default is '$1'
+ type: string
+ separator:
+ description: Separator placed between concatenated source
+ label values. default is ';'.
+ type: string
+ sourceLabels:
+ description: The source labels select values from existing
+ labels. Their content is concatenated using the configured
+ separator and matched against the configured regular
+ expression for the replace, keep, and drop actions.
+ items:
+ description: LabelName is a valid Prometheus label
+ name which may only contain ASCII letters, numbers,
+ as well as underscores.
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
+ type: string
+ type: array
+ targetLabel:
+ description: Label to which the resulting value is written
+ in a replace action. It is mandatory for replace actions.
+ Regex capture groups are available.
+ type: string
+ type: object
+ type: array
+ static:
+ description: The list of hosts to probe.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ tlsConfig:
+ description: TLS configuration to use when scraping the endpoint.
+ properties:
+ ca:
+ description: Struct containing the CA cert to use for the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ cert:
+ description: Struct containing the client cert file for the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ insecureSkipVerify:
+ description: Disable target certificate validation.
+ type: boolean
+ keySecret:
+ description: Secret containing the client key file for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be
+ a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be
+ defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ serverName:
+ description: Used to verify the hostname for the targets.
+ type: string
+ type: object
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
diff --git a/charts/kube-prometheus-stack/crds/crd-prometheuses.yaml b/charts/kube-prometheus-stack/crds/crd-prometheuses.yaml
new file mode 100644
index 0000000..13ddec8
--- /dev/null
+++ b/charts/kube-prometheus-stack/crds/crd-prometheuses.yaml
@@ -0,0 +1,8861 @@
+# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.9.2
+ creationTimestamp: null
+ name: prometheuses.monitoring.coreos.com
+spec:
+ group: monitoring.coreos.com
+ names:
+ categories:
+ - prometheus-operator
+ kind: Prometheus
+ listKind: PrometheusList
+ plural: prometheuses
+ shortNames:
+ - prom
+ singular: prometheus
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: The version of Prometheus
+ jsonPath: .spec.version
+ name: Version
+ type: string
+ - description: The number of desired replicas
+ jsonPath: .spec.replicas
+ name: Desired
+ type: integer
+ - description: The number of ready replicas
+ jsonPath: .status.availableReplicas
+ name: Ready
+ type: integer
+ - jsonPath: .status.conditions[?(@.type == 'Reconciled')].status
+ name: Reconciled
+ type: string
+ - jsonPath: .status.conditions[?(@.type == 'Available')].status
+ name: Available
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - description: Whether the resource reconciliation is paused or not
+ jsonPath: .status.paused
+ name: Paused
+ priority: 1
+ type: boolean
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: Prometheus defines a Prometheus deployment.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: 'Specification of the desired behavior of the Prometheus
+ cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+ properties:
+ additionalAlertManagerConfigs:
+ description: 'AdditionalAlertManagerConfigs allows specifying a key
+ of a Secret containing additional Prometheus AlertManager configurations.
+ AlertManager configurations specified are appended to the configurations
+ generated by the Prometheus Operator. Job configurations specified
+ must have the form as specified in the official Prometheus documentation:
+ https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config.
+ As AlertManager configs are appended, the user is responsible to
+ make sure it is valid. Note that using this feature may expose the
+ possibility to break upgrades of Prometheus. It is advised to review
+ Prometheus release notes to ensure that no incompatible AlertManager
+ configs are going to break Prometheus after the upgrade.'
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a
+ valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ additionalAlertRelabelConfigs:
+ description: 'AdditionalAlertRelabelConfigs allows specifying a key
+ of a Secret containing additional Prometheus alert relabel configurations.
+ Alert relabel configurations specified are appended to the configurations
+ generated by the Prometheus Operator. Alert relabel configurations
+ specified must have the form as specified in the official Prometheus
+ documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs.
+ As alert relabel configs are appended, the user is responsible to
+ make sure it is valid. Note that using this feature may expose the
+ possibility to break upgrades of Prometheus. It is advised to review
+ Prometheus release notes to ensure that no incompatible alert relabel
+ configs are going to break Prometheus after the upgrade.'
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a
+ valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ additionalArgs:
+ description: AdditionalArgs allows setting additional arguments for
+ the Prometheus container. It is intended for e.g. activating hidden
+ flags which are not supported by the dedicated configuration options
+ yet. The arguments are passed as-is to the Prometheus container
+ which may cause issues if they are invalid or not supported by the
+ given Prometheus version. In case of an argument conflict (e.g.
+ an argument which is already set by the operator itself) or when
+ providing an invalid argument the reconciliation will fail and an
+ error will be logged.
+ items:
+ description: Argument as part of the AdditionalArgs list.
+ properties:
+ name:
+ description: Name of the argument, e.g. "scrape.discovery-reload-interval".
+ minLength: 1
+ type: string
+ value:
+ description: Argument value, e.g. 30s. Can be empty for name-only
+ arguments (e.g. --storage.tsdb.no-lockfile)
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ additionalScrapeConfigs:
+ description: 'AdditionalScrapeConfigs allows specifying a key of a
+ Secret containing additional Prometheus scrape configurations. Scrape
+ configurations specified are appended to the configurations generated
+ by the Prometheus Operator. Job configurations specified must have
+ the form as specified in the official Prometheus documentation:
+ https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config.
+ As scrape configs are appended, the user is responsible to make
+ sure it is valid. Note that using this feature may expose the possibility
+ to break upgrades of Prometheus. It is advised to review Prometheus
+ release notes to ensure that no incompatible scrape configs are
+ going to break Prometheus after the upgrade.'
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a
+ valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ affinity:
+ description: If specified, the pod's scheduling constraints.
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for the
+ pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the affinity expressions specified by
+ this field, but it may choose a node that violates one or
+ more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node matches
+ the corresponding matchExpressions; the node(s) with the
+ highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term matches
+ all objects with implicit weight 0 (i.e. it's a no-op).
+ A null preferred scheduling term matches no objects (i.e.
+ is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with the
+ corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching the corresponding
+ nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this
+ field are not met at scheduling time, the pod will not be
+ scheduled onto the node. If the affinity requirements specified
+ by this field cease to be met at some point during pod execution
+ (e.g. due to an update), the system may or may not try to
+ eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: A null or empty node selector term matches
+ no objects. The requirements of them are ANDed. The
+ TopologySelectorTerm type implements a subset of the
+ NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g. co-locate
+ this pod in the same node, zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the affinity expressions specified by
+ this field, but it may choose a node that violates one or
+ more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node has
+ pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding
+ podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this
+ field are not met at scheduling time, the pod will not be
+ scheduled onto the node. If the affinity requirements specified
+ by this field cease to be met at some point during pod execution
+ (e.g. due to a pod label update), the system may or may
+ not try to eventually evict the pod from its node. When
+ there are multiple elements, the lists of nodes corresponding
+ to each podAffinityTerm are intersected, i.e. all terms
+ must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not co-located
+ (anti-affinity) with, where co-located is defined as running
+ on a node whose value of the label with key <topologyKey>
+ matches that of any node on which a pod of the set of
+ pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied to the
+ union of the namespaces selected by this field and
+ the ones listed in the namespaces field. null selector
+ and null or empty namespaces list means "this pod's
+ namespace". An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list of namespace
+ names that the term applies to. The term is applied
+ to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector. null or
+ empty namespaces list and null namespaceSelector means
+ "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where
+ co-located is defined as running on a node whose value
+ of the label with key topologyKey matches that of
+ any node on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules (e.g.
+ avoid putting this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the anti-affinity expressions specified
+ by this field, but it may choose a node that violates one
+ or more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node has
+ pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding
+ podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the anti-affinity requirements
+ specified by this field cease to be met at some point during
+ pod execution (e.g. due to a pod label update), the system
+ may or may not try to eventually evict the pod from its
+ node. When there are multiple elements, the lists of nodes
+ corresponding to each podAffinityTerm are intersected, i.e.
+ all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not co-located
+ (anti-affinity) with, where co-located is defined as running
+ on a node whose value of the label with key <topologyKey>
+ matches that of any node on which a pod of the set of
+ pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied to the
+ union of the namespaces selected by this field and
+ the ones listed in the namespaces field. null selector
+ and null or empty namespaces list means "this pod's
+ namespace". An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list of namespace
+ names that the term applies to. The term is applied
+ to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector. null or
+ empty namespaces list and null namespaceSelector means
+ "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where
+ co-located is defined as running on a node whose value
+ of the label with key topologyKey matches that of
+ any node on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ alerting:
+ description: Define details regarding alerting.
+ properties:
+ alertmanagers:
+ description: AlertmanagerEndpoints Prometheus should fire alerts
+ against.
+ items:
+ description: AlertmanagerEndpoints defines a selection of a
+ single Endpoints object containing alertmanager IPs to fire
+ alerts against.
+ properties:
+ apiVersion:
+ description: Version of the Alertmanager API that Prometheus
+ uses to send alerts. It can be "v1" or "v2".
+ type: string
+ authorization:
+ description: Authorization section for this alertmanager
+ endpoint
+ properties:
+ credentials:
+ description: The secret's key that contains the credentials
+ of the request
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type:
+ description: Set the authentication type. Defaults to
+ Bearer, Basic will cause an error
+ type: string
+ type: object
+ bearerTokenFile:
+ description: BearerTokenFile to read from filesystem to
+ use when authenticating to Alertmanager.
+ type: string
+ name:
+ description: Name of Endpoints object in Namespace.
+ type: string
+ namespace:
+ description: Namespace of Endpoints object.
+ type: string
+ pathPrefix:
+ description: Prefix for the HTTP path alerts are pushed
+ to.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Port the Alertmanager API is exposed on.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use when firing alerts.
+ type: string
+ timeout:
+ description: Timeout is a per-target Alertmanager timeout
+ when pushing alerts.
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
+ type: string
+ tlsConfig:
+ description: TLS Config to use for alertmanager connection.
+ properties:
+ ca:
+ description: Struct containing the CA cert to use for
+ the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for
+ the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the
+ targets.
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ caFile:
+ description: Path to the CA cert in the Prometheus container
+ to use for the targets.
+ type: string
+ cert:
+ description: Struct containing the client cert file
+ for the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for
+ the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the
+ targets.
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ certFile:
+ description: Path to the client cert file in the Prometheus
+ container for the targets.
+ type: string
+ insecureSkipVerify:
+ description: Disable target certificate validation.
+ type: boolean
+ keyFile:
+ description: Path to the client key file in the Prometheus
+ container for the targets.
+ type: string
+ keySecret:
+ description: Secret containing the client key file for
+ the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ serverName:
+ description: Used to verify the hostname for the targets.
+ type: string
+ type: object
+ required:
+ - name
+ - namespace
+ - port
+ type: object
+ type: array
+ required:
+ - alertmanagers
+ type: object
+ allowOverlappingBlocks:
+ description: AllowOverlappingBlocks enables vertical compaction and
+ vertical query merge in Prometheus. This is still experimental in
+ Prometheus so it may change in any upcoming release.
+ type: boolean
+ apiserverConfig:
+ description: APIServerConfig allows specifying a host and auth methods
+ to access apiserver. If left empty, Prometheus is assumed to run
+ inside of the cluster and will discover API servers automatically
+ and use the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.
+ properties:
+ authorization:
+ description: Authorization section for accessing apiserver
+ properties:
+ credentials:
+ description: The secret's key that contains the credentials
+ of the request
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ credentialsFile:
+ description: File to read a secret from, mutually exclusive
+ with Credentials (from SafeAuthorization)
+ type: string
+ type:
+ description: Set the authentication type. Defaults to Bearer,
+ Basic will cause an error
+ type: string
+ type: object
+ basicAuth:
+ description: BasicAuth allow an endpoint to authenticate over
+ basic authentication
+ properties:
+ password:
+ description: The secret in the service monitor namespace that
+ contains the password for authentication.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ username:
+ description: The secret in the service monitor namespace that
+ contains the username for authentication.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ bearerToken:
+ description: Bearer token for accessing apiserver.
+ type: string
+ bearerTokenFile:
+ description: File to read bearer token for accessing apiserver.
+ type: string
+ host:
+ description: Host of apiserver. A valid string consisting of a
+ hostname or IP followed by an optional port number
+ type: string
+ tlsConfig:
+ description: TLS Config to use for accessing apiserver.
+ properties:
+ ca:
+ description: Struct containing the CA cert to use for the
+ targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the
+ targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ caFile:
+ description: Path to the CA cert in the Prometheus container
+ to use for the targets.
+ type: string
+ cert:
+ description: Struct containing the client cert file for the
+ targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the
+ targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ certFile:
+ description: Path to the client cert file in the Prometheus
+ container for the targets.
+ type: string
+ insecureSkipVerify:
+ description: Disable target certificate validation.
+ type: boolean
+ keyFile:
+ description: Path to the client key file in the Prometheus
+ container for the targets.
+ type: string
+ keySecret:
+ description: Secret containing the client key file for the
+ targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ serverName:
+ description: Used to verify the hostname for the targets.
+ type: string
+ type: object
+ required:
+ - host
+ type: object
+ arbitraryFSAccessThroughSMs:
+ description: ArbitraryFSAccessThroughSMs configures whether configuration
+ based on a service monitor can access arbitrary files on the file
+ system of the Prometheus container e.g. bearer token files.
+ properties:
+ deny:
+ type: boolean
+ type: object
+ baseImage:
+ description: 'Base image to use for a Prometheus deployment. Deprecated:
+ use ''image'' instead'
+ type: string
+ configMaps:
+ description: ConfigMaps is a list of ConfigMaps in the same namespace
+ as the Prometheus object, which shall be mounted into the Prometheus
+ Pods. Each ConfigMap is added to the StatefulSet definition as a
+ volume named `configmap-<configmap-name>`. The ConfigMaps are mounted
+ into /etc/prometheus/configmaps/<configmap-name> in the 'prometheus'
+ container.
+ items:
+ type: string
+ type: array
+ containers:
+ description: 'Containers allows injecting additional containers or
+ modifying operator generated containers. This can be used to allow
+ adding an authentication proxy to a Prometheus pod or to change
+ the behavior of an operator generated container. Containers described
+ here modify an operator generated container if they share the same
+ name and modifications are done via a strategic merge patch. The
+ current container names are: `prometheus`, `config-reloader`, and
+ `thanos-sidecar`. Overriding containers is entirely outside the
+ scope of what the maintainers will support and by doing so, you
+ accept that this behaviour may break at any time without notice.'
+ items:
+ description: A single application container that you want to run
+ within a pod.
+ properties:
+ args:
+ description: 'Arguments to the entrypoint. The container image''s
+ CMD is used if this is not provided. Variable references $(VAR_NAME)
+ are expanded using the container''s environment. If a variable
+ cannot be resolved, the reference in the input string will
+ be unchanged. Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references
+ will never be expanded, regardless of whether the variable
+ exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ command:
+ description: 'Entrypoint array. Not executed within a shell.
+ The container image''s ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container''s
+ environment. If a variable cannot be resolved, the reference
+ in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax:
+ i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether
+ the variable exists or not. Cannot be updated. More info:
+ https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be
+ a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in
+ the container and any service environment variables.
+ If a variable cannot be resolved, the reference in the
+ input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists
+ or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: 'Selects a field of the pod: supports
+ metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
+ `metadata.annotations[''<KEY>'']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: List of sources to populate environment variables
+ in the container. The keys defined within a source must be
+ a C_IDENTIFIER. All invalid keys will be reported as an event
+ when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take
+ precedence. Values defined by an Env with a duplicate key
+ will take precedence. Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of a set
+ of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must be
+ defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend to each
+ key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management
+ to default or override container images in workload controllers
+ like Deployments and StatefulSets.'
+ type: string
+ imagePullPolicy:
+ description: 'Image pull policy. One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent
+ otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
+ type: string
+ lifecycle:
+ description: Actions that the management system should take
+ in response to container lifecycle events. Cannot be updated.
+ properties:
+ postStart:
+ description: 'PostStart is called immediately after a container
+ is created. If the handler fails, the container is terminated
+ and restarted according to its restart policy. Other management
+ of the container blocks until the hook completes. More
+ info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: 'PreStop is called immediately before a container
+ is terminated due to an API request or management event
+ such as liveness/startup probe failure, preemption, resource
+ contention, etc. The handler is not called if the container
+ crashes or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the container
+ will eventually terminate within the Pod''s termination
+ grace period (unless delayed by finalizers). Other management
+ of the container blocks until the hook completes or until
+ the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: 'Periodic probe of container liveness. Container
+ will be restarted if the probe fails. Cannot be updated. More
+ info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: List of ports to expose from the container. Not
+ specifying a port here DOES NOT prevent that port from being
+ exposed. Any port which is listening on the default "0.0.0.0"
+ address inside a container will be accessible from the network.
+ Modifying this array with strategic merge patch may corrupt
+ the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network port in a
+ single container.
+ properties:
+ containerPort:
+ description: Number of port to expose on the pod's IP
+ address. This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external port to.
+ type: string
+ hostPort:
+ description: Number of port to expose on the host. If
+ specified, this must be a valid port number, 0 < x <
+ 65536. If HostNetwork is specified, this must match
+ ContainerPort. Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: If specified, this must be an IANA_SVC_NAME
+ and unique within the pod. Each named port in a pod
+ must have a unique name. Name for the port that can
+ be referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: 'Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe
+ fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: 'Compute Resources required by this container.
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: 'SecurityContext defines the security options the
+ container should be run with. If set, the fields of SecurityContext
+ override the equivalent fields of PodSecurityContext. More
+ info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether
+ a process can gain more privileges than its parent process.
+ This bool directly controls if the no_new_privs flag will
+ be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by
+ the container runtime. Note that this field cannot be
+ set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent to
+ root on the host. Defaults to false. Note that this field
+ cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to
+ use for the containers. The default is DefaultProcMount
+ which uses the container runtime defaults for readonly
+ paths and masked paths. This requires the ProcMountType
+ feature flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root
+ filesystem. Default is false. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a
+ non-root user. If true, the Kubelet will validate the
+ image at runtime to ensure that it does not run as UID
+ 0 (root) and fail to start the container if it does. If
+ unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata
+ if unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a
+ random SELinux context for each container. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container.
+ If seccomp options are provided at both the pod & container
+ level, the container options override the pod options.
+ Note that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile
+ must be preconfigured on the node to work. Must be
+ a descending path, relative to the kubelet's configured
+ seccomp profile location. Must only be set if type
+ is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost -
+ a profile defined in a file on the node should be
+ used. RuntimeDefault - the container runtime default
+ profile should be used. Unconfined - no profile should
+ be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options from the PodSecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. This field is
+ alpha-level and will only be honored by components
+ that enable the WindowsHostProcessContainers feature
+ flag. Setting this field without the feature flag
+ will result in errors when validating the Pod. All
+ of a Pod's containers must have the same effective
+ HostProcess value (it is not allowed to have a mix
+ of HostProcess containers and non-HostProcess containers). In
+ addition, if HostProcess is true then HostNetwork
+ must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: 'StartupProbe indicates that the Pod has successfully
+ initialized. If specified, no other probes are executed until
+ this completes successfully. If this probe fails, the Pod
+ will be restarted, just as if the livenessProbe failed. This
+ can be used to provide different probe parameters at the beginning
+ of a Pod''s lifecycle, when it might take a long time to load
+ data or warm a cache, than during steady-state operation.
+ This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: Whether this container should allocate a buffer
+ for stdin in the container runtime. If this is not set, reads
+ from stdin in the container will always result in EOF. Default
+ is false.
+ type: boolean
+ stdinOnce:
+ description: Whether the container runtime should close the
+ stdin channel after it has been opened by a single attach.
+ When stdin is true the stdin stream will remain open across
+ multiple attach sessions. If stdinOnce is set to true, stdin
+ is opened on container start, is empty until the first client
+ attaches to stdin, and then remains open and accepts data
+ until the client disconnects, at which time stdin is closed
+ and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin
+ will never receive an EOF. Default is false
+ type: boolean
+ terminationMessagePath:
+ description: 'Optional: Path at which the file to which the
+ container''s termination message will be written is mounted
+ into the container''s filesystem. Message written is intended
+ to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes.
+ The total message length across all containers will be limited
+ to 12kb. Defaults to /dev/termination-log. Cannot be updated.'
+ type: string
+ terminationMessagePolicy:
+ description: Indicate how the termination message should be
+ populated. File will use the contents of terminationMessagePath
+ to populate the container status message on both success and
+ failure. FallbackToLogsOnError will use the last chunk of
+ container log output if the termination message file is empty
+ and the container exited with an error. The log output is
+ limited to 2048 bytes or 80 lines, whichever is smaller. Defaults
+ to File. Cannot be updated.
+ type: string
+ tty:
+ description: Whether this container should allocate a TTY for
+ itself, also requires 'stdin' to be true. Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices to be
+ used by the container.
+ items:
+ description: volumeDevice describes a mapping of a raw block
+ device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside of the container
+ that the device will be mapped to.
+ type: string
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a Volume
+ within a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume
+ should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are
+ propagated from the host to container and the other
+ way around. When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves similarly
+ to SubPath but environment variable references $(VAR_NAME)
+ are expanded using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath are mutually
+ exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: Container's working directory. If not specified,
+ the container runtime's default will be used, which might
+ be configured in the container image. Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ disableCompaction:
+ description: Disable prometheus compaction.
+ type: boolean
+ enableAdminAPI:
+ description: 'Enable access to prometheus web admin API. Defaults
+ to the value of `false`. WARNING: Enabling the admin APIs enables
+ mutating endpoints, to delete data, shutdown Prometheus, and more.
+ Enabling this should be done with care and the user is advised to
+ add additional authentication authorization via a proxy to ensure
+ only clients authorized to perform these actions can do so. For
+ more information see https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis'
+ type: boolean
+ enableFeatures:
+ description: Enable access to Prometheus disabled features. By default,
+ no features are enabled. Enabling disabled features is entirely
+ outside the scope of what the maintainers will support and by doing
+ so, you accept that this behaviour may break at any time without
+ notice. For more information see https://prometheus.io/docs/prometheus/latest/disabled_features/
+ items:
+ type: string
+ type: array
+ enableRemoteWriteReceiver:
+ description: 'Enable Prometheus to be used as a receiver for the Prometheus
+ remote write protocol. Defaults to the value of `false`. WARNING:
+ This is not considered an efficient way of ingesting samples. Use
+ it with caution for specific low-volume use cases. It is not suitable
+ for replacing the ingestion via scraping and turning Prometheus
+ into a push-based metrics collection system. For more information
+ see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver
+ Only valid in Prometheus versions 2.33.0 and newer.'
+ type: boolean
+ enforcedBodySizeLimit:
+ description: 'EnforcedBodySizeLimit defines the maximum size of uncompressed
+ response body that will be accepted by Prometheus. Targets responding
+ with a body larger than this many bytes will cause the scrape to
+ fail. Example: 100MB. If defined, the limit will apply to all service/pod
+ monitors and probes. This is an experimental feature, this behaviour
+ could change or be removed in the future. Only valid in Prometheus
+ versions 2.28.0 and newer.'
+ pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$
+ type: string
+ enforcedLabelLimit:
+ description: Per-scrape limit on number of labels that will be accepted
+ for a sample. If more than this number of labels are present post
+ metric-relabeling, the entire scrape will be treated as failed.
+ 0 means no limit. Only valid in Prometheus versions 2.27.0 and newer.
+ format: int64
+ type: integer
+ enforcedLabelNameLengthLimit:
+ description: Per-scrape limit on length of labels name that will be
+ accepted for a sample. If a label name is longer than this number
+ post metric-relabeling, the entire scrape will be treated as failed.
+ 0 means no limit. Only valid in Prometheus versions 2.27.0 and newer.
+ format: int64
+ type: integer
+ enforcedLabelValueLengthLimit:
+ description: Per-scrape limit on length of labels value that will
+ be accepted for a sample. If a label value is longer than this number
+ post metric-relabeling, the entire scrape will be treated as failed.
+ 0 means no limit. Only valid in Prometheus versions 2.27.0 and newer.
+ format: int64
+ type: integer
+ enforcedNamespaceLabel:
+ description: "EnforcedNamespaceLabel If set, a label will be added
+ to \n 1. all user-metrics (created by `ServiceMonitor`, `PodMonitor`
+ and `Probe` objects) and 2. in all `PrometheusRule` objects (except
+ the ones excluded in `prometheusRulesExcludedFromEnforce`) to *
+ alerting & recording rules and * the metrics used in their expressions
+ (`expr`). \n Label name is this field's value. Label value is the
+ namespace of the created object (mentioned above)."
+ type: string
+ enforcedSampleLimit:
+ description: EnforcedSampleLimit defines global limit on number of
+ scraped samples that will be accepted. This overrides any SampleLimit
+ set per ServiceMonitor or/and PodMonitor. It is meant to be used
+ by admins to enforce the SampleLimit to keep overall number of samples/series
+ under the desired limit. Note that if SampleLimit is lower that
+ value will be taken instead.
+ format: int64
+ type: integer
+ enforcedTargetLimit:
+ description: EnforcedTargetLimit defines a global limit on the number
+ of scraped targets. This overrides any TargetLimit set per ServiceMonitor
+ or/and PodMonitor. It is meant to be used by admins to enforce
+ the TargetLimit to keep the overall number of targets under the
+ desired limit. Note that if TargetLimit is lower, that value will
+ be taken instead, except if either value is zero, in which case
+ the non-zero value will be used. If both values are zero, no limit
+ is enforced.
+ format: int64
+ type: integer
+ evaluationInterval:
+ default: 30s
+ description: 'Interval between consecutive evaluations. Default: `30s`'
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
+ type: string
+ excludedFromEnforcement:
+ description: List of references to PodMonitor, ServiceMonitor, Probe
+ and PrometheusRule objects to be excluded from enforcing a namespace
+ label of origin. Applies only if enforcedNamespaceLabel set to true.
+ items:
+ description: ObjectReference references a PodMonitor, ServiceMonitor,
+ Probe or PrometheusRule object.
+ properties:
+ group:
+ default: monitoring.coreos.com
+ description: Group of the referent. When not specified, it defaults
+ to `monitoring.coreos.com`
+ enum:
+ - monitoring.coreos.com
+ type: string
+ name:
+ description: Name of the referent. When not set, all resources
+ are matched.
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ minLength: 1
+ type: string
+ resource:
+ description: Resource of the referent.
+ enum:
+ - prometheusrules
+ - servicemonitors
+ - podmonitors
+ - probes
+ type: string
+ required:
+ - namespace
+ - resource
+ type: object
+ type: array
+ exemplars:
+ description: Exemplars related settings that are runtime reloadable.
+ It requires to enable the exemplar storage feature to be effective.
+ properties:
+ maxSize:
+ description: Maximum number of exemplars stored in memory for
+ all series. If not set, Prometheus uses its default value. A
+ value of zero or less than zero disables the storage.
+ format: int64
+ type: integer
+ type: object
+ externalLabels:
+ additionalProperties:
+ type: string
+ description: The labels to add to any time series or alerts when communicating
+ with external systems (federation, remote storage, Alertmanager).
+ type: object
+ externalUrl:
+ description: The external URL the Prometheus instances will be available
+ under. This is necessary to generate correct URLs. This is necessary
+ if Prometheus is not served from root of a DNS name.
+ type: string
+ hostAliases:
+ description: Pods' hostAliases configuration
+ items:
+ description: HostAlias holds the mapping between IP and hostnames
+ that will be injected as an entry in the pod's hosts file.
+ properties:
+ hostnames:
+ description: Hostnames for the above IP address.
+ items:
+ type: string
+ type: array
+ ip:
+ description: IP address of the host file entry.
+ type: string
+ required:
+ - hostnames
+ - ip
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - ip
+ x-kubernetes-list-type: map
+ hostNetwork:
+ description: Use the host's network namespace if true. Make sure to
+ understand the security implications if you want to enable it. When
+ hostNetwork is enabled, this will set dnsPolicy to ClusterFirstWithHostNet
+ automatically.
+ type: boolean
+ ignoreNamespaceSelectors:
+ description: IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector
+ settings from all PodMonitor, ServiceMonitor and Probe objects.
+ They will only discover endpoints within the namespace of the PodMonitor,
+ ServiceMonitor and Probe objects. Defaults to false.
+ type: boolean
+ image:
+ description: Image if specified has precedence over baseImage, tag
+ and sha combinations. Specifying the version is still necessary
+ to ensure the Prometheus Operator knows what version of Prometheus
+ is being configured.
+ type: string
+ imagePullSecrets:
+ description: An optional list of references to secrets in the same
+ namespace to use for pulling prometheus and alertmanager images
+ from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod
+ items:
+ description: LocalObjectReference contains enough information to
+ let you locate the referenced object inside the same namespace.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ initContainers:
+ description: 'InitContainers allows adding initContainers to the pod
+ definition. Those can be used to e.g. fetch secrets for injection
+ into the Prometheus configuration from external sources. Any errors
+ during the execution of an initContainer will lead to a restart
+ of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+ InitContainers described here modify an operator generated init
+ containers if they share the same name and modifications are done
+ via a strategic merge patch. The current init container name is:
+ `init-config-reloader`. Overriding init containers is entirely outside
+ the scope of what the maintainers will support and by doing so,
+ you accept that this behaviour may break at any time without notice.'
+ items:
+ description: A single application container that you want to run
+ within a pod.
+ properties:
+ args:
+ description: 'Arguments to the entrypoint. The container image''s
+ CMD is used if this is not provided. Variable references $(VAR_NAME)
+ are expanded using the container''s environment. If a variable
+ cannot be resolved, the reference in the input string will
+ be unchanged. Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references
+ will never be expanded, regardless of whether the variable
+ exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ command:
+ description: 'Entrypoint array. Not executed within a shell.
+ The container image''s ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container''s
+ environment. If a variable cannot be resolved, the reference
+ in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax:
+ i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether
+ the variable exists or not. Cannot be updated. More info:
+ https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be
+ a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in
+ the container and any service environment variables.
+ If a variable cannot be resolved, the reference in the
+ input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists
+ or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: 'Selects a field of the pod: supports
+ metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
+ `metadata.annotations[''<KEY>'']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: List of sources to populate environment variables
+ in the container. The keys defined within a source must be
+ a C_IDENTIFIER. All invalid keys will be reported as an event
+ when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take
+ precedence. Values defined by an Env with a duplicate key
+ will take precedence. Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of a set
+ of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must be
+ defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend to each
+ key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management
+ to default or override container images in workload controllers
+ like Deployments and StatefulSets.'
+ type: string
+ imagePullPolicy:
+ description: 'Image pull policy. One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent
+ otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
+ type: string
+ lifecycle:
+ description: Actions that the management system should take
+ in response to container lifecycle events. Cannot be updated.
+ properties:
+ postStart:
+ description: 'PostStart is called immediately after a container
+ is created. If the handler fails, the container is terminated
+ and restarted according to its restart policy. Other management
+ of the container blocks until the hook completes. More
+ info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: 'PreStop is called immediately before a container
+ is terminated due to an API request or management event
+ such as liveness/startup probe failure, preemption, resource
+ contention, etc. The handler is not called if the container
+ crashes or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the container
+ will eventually terminate within the Pod''s termination
+ grace period (unless delayed by finalizers). Other management
+ of the container blocks until the hook completes or until
+ the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: 'Periodic probe of container liveness. Container
+ will be restarted if the probe fails. Cannot be updated. More
+ info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: List of ports to expose from the container. Not
+ specifying a port here DOES NOT prevent that port from being
+ exposed. Any port which is listening on the default "0.0.0.0"
+ address inside a container will be accessible from the network.
+ Modifying this array with strategic merge patch may corrupt
+ the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network port in a
+ single container.
+ properties:
+ containerPort:
+ description: Number of port to expose on the pod's IP
+ address. This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external port to.
+ type: string
+ hostPort:
+ description: Number of port to expose on the host. If
+ specified, this must be a valid port number, 0 < x <
+ 65536. If HostNetwork is specified, this must match
+ ContainerPort. Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: If specified, this must be an IANA_SVC_NAME
+ and unique within the pod. Each named port in a pod
+ must have a unique name. Name for the port that can
+ be referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: 'Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe
+ fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: 'Compute Resources required by this container.
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: 'SecurityContext defines the security options the
+ container should be run with. If set, the fields of SecurityContext
+ override the equivalent fields of PodSecurityContext. More
+ info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether
+ a process can gain more privileges than its parent process.
+ This bool directly controls if the no_new_privs flag will
+ be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by
+ the container runtime. Note that this field cannot be
+ set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent to
+ root on the host. Defaults to false. Note that this field
+ cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to
+ use for the containers. The default is DefaultProcMount
+ which uses the container runtime defaults for readonly
+ paths and masked paths. This requires the ProcMountType
+ feature flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root
+ filesystem. Default is false. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a
+ non-root user. If true, the Kubelet will validate the
+ image at runtime to ensure that it does not run as UID
+ 0 (root) and fail to start the container if it does. If
+ unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata
+ if unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a
+ random SELinux context for each container. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container.
+ If seccomp options are provided at both the pod & container
+ level, the container options override the pod options.
+ Note that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile
+ must be preconfigured on the node to work. Must be
+ a descending path, relative to the kubelet's configured
+ seccomp profile location. Must only be set if type
+ is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost -
+ a profile defined in a file on the node should be
+ used. RuntimeDefault - the container runtime default
+ profile should be used. Unconfined - no profile should
+ be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options from the PodSecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. This field is
+ alpha-level and will only be honored by components
+ that enable the WindowsHostProcessContainers feature
+ flag. Setting this field without the feature flag
+ will result in errors when validating the Pod. All
+ of a Pod's containers must have the same effective
+ HostProcess value (it is not allowed to have a mix
+ of HostProcess containers and non-HostProcess containers). In
+ addition, if HostProcess is true then HostNetwork
+ must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: 'StartupProbe indicates that the Pod has successfully
+ initialized. If specified, no other probes are executed until
+ this completes successfully. If this probe fails, the Pod
+ will be restarted, just as if the livenessProbe failed. This
+ can be used to provide different probe parameters at the beginning
+ of a Pod''s lifecycle, when it might take a long time to load
+ data or warm a cache, than during steady-state operation.
+ This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: Whether this container should allocate a buffer
+ for stdin in the container runtime. If this is not set, reads
+ from stdin in the container will always result in EOF. Default
+ is false.
+ type: boolean
+ stdinOnce:
+ description: Whether the container runtime should close the
+ stdin channel after it has been opened by a single attach.
+ When stdin is true the stdin stream will remain open across
+ multiple attach sessions. If stdinOnce is set to true, stdin
+ is opened on container start, is empty until the first client
+ attaches to stdin, and then remains open and accepts data
+ until the client disconnects, at which time stdin is closed
+ and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin
+ will never receive an EOF. Default is false
+ type: boolean
+ terminationMessagePath:
+ description: 'Optional: Path at which the file to which the
+ container''s termination message will be written is mounted
+ into the container''s filesystem. Message written is intended
+ to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes.
+ The total message length across all containers will be limited
+ to 12kb. Defaults to /dev/termination-log. Cannot be updated.'
+ type: string
+ terminationMessagePolicy:
+ description: Indicate how the termination message should be
+ populated. File will use the contents of terminationMessagePath
+ to populate the container status message on both success and
+ failure. FallbackToLogsOnError will use the last chunk of
+ container log output if the termination message file is empty
+ and the container exited with an error. The log output is
+ limited to 2048 bytes or 80 lines, whichever is smaller. Defaults
+ to File. Cannot be updated.
+ type: string
+ tty:
+ description: Whether this container should allocate a TTY for
+ itself, also requires 'stdin' to be true. Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices to be
+ used by the container.
+ items:
+ description: volumeDevice describes a mapping of a raw block
+ device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside of the container
+ that the device will be mapped to.
+ type: string
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a Volume
+ within a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume
+ should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are
+ propagated from the host to container and the other
+ way around. When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves similarly
+ to SubPath but environment variable references $(VAR_NAME)
+ are expanded using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath are mutually
+ exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: Container's working directory. If not specified,
+ the container runtime's default will be used, which might
+ be configured in the container image. Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ listenLocal:
+ description: ListenLocal makes the Prometheus server listen on loopback,
+ so that it does not bind against the Pod IP.
+ type: boolean
+ logFormat:
+ description: Log format for Prometheus to be configured with.
+ enum:
+ - ""
+ - logfmt
+ - json
+ type: string
+ logLevel:
+ description: Log level for Prometheus to be configured with.
+ enum:
+ - ""
+ - debug
+ - info
+ - warn
+ - error
+ type: string
+ minReadySeconds:
+ description: Minimum number of seconds for which a newly created pod
+ should be ready without any of its container crashing for it to
+ be considered available. Defaults to 0 (pod will be considered available
+ as soon as it is ready) This is an alpha field and requires enabling
+ StatefulSetMinReadySeconds feature gate.
+ format: int32
+ type: integer
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: Define which Nodes the Pods are scheduled on.
+ type: object
+ overrideHonorLabels:
+ description: When true, Prometheus resolves label conflicts by renaming
+ the labels in the scraped data to "exported_<label value>" for all
+ targets created from service and pod monitors. Otherwise the HonorLabels
+ field of the service or pod monitor applies.
+ type: boolean
+ overrideHonorTimestamps:
+ description: When true, Prometheus ignores the timestamps for all
+ the targets created from service and pod monitors. Otherwise the
+ HonorTimestamps field of the service or pod monitor applies.
+ type: boolean
+ paused:
+ description: When a Prometheus deployment is paused, no actions except
+ for deletion will be performed on the underlying objects.
+ type: boolean
+ podMetadata:
+ description: PodMetadata configures Labels and Annotations which are
+ propagated to the prometheus pods.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'Annotations is an unstructured key value map stored
+ with a resource that may be set by external tools to store and
+ retrieve arbitrary metadata. They are not queryable and should
+ be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations'
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: 'Map of string keys and values that can be used to
+ organize and categorize (scope and select) objects. May match
+ selectors of replication controllers and services. More info:
+ http://kubernetes.io/docs/user-guide/labels'
+ type: object
+ name:
+ description: 'Name must be unique within a namespace. Is required
+ when creating resources, although some resources may allow a
+ client to request the generation of an appropriate name automatically.
+ Name is primarily intended for creation idempotence and configuration
+ definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names'
+ type: string
+ type: object
+ podMonitorNamespaceSelector:
+ description: Namespace's labels to match for PodMonitor discovery.
+ If nil, only check own namespace.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ podMonitorSelector:
+ description: '*Experimental* PodMonitors to be selected for target
+ discovery. *Deprecated:* if neither this nor serviceMonitorSelector
+ are specified, configuration is unmanaged.'
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ portName:
+ description: Port name used for the pods and governing service. This
+ defaults to web
+ type: string
+ priorityClassName:
+ description: Priority class assigned to the Pods
+ type: string
+ probeNamespaceSelector:
+ description: '*Experimental* Namespaces to be selected for Probe discovery.
+ If nil, only check own namespace.'
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ probeSelector:
+ description: '*Experimental* Probes to be selected for target discovery.'
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ prometheusExternalLabelName:
+ description: Name of Prometheus external label used to denote Prometheus
+ instance name. Defaults to the value of `prometheus`. External label
+ will _not_ be added when value is set to empty string (`""`).
+ type: string
+ prometheusRulesExcludedFromEnforce:
+ description: 'PrometheusRulesExcludedFromEnforce - list of prometheus
+ rules to be excluded from enforcing of adding namespace labels.
+ Works only if enforcedNamespaceLabel set to true. Make sure both
+ ruleNamespace and ruleName are set for each pair. Deprecated: use
+ excludedFromEnforcement instead.'
+ items:
+ description: PrometheusRuleExcludeConfig enables users to configure
+ excluded PrometheusRule names and their namespaces to be ignored
+ while enforcing namespace label for alerts and metrics.
+ properties:
+ ruleName:
+ description: RuleNamespace - name of excluded rule
+ type: string
+ ruleNamespace:
+ description: RuleNamespace - namespace of excluded rule
+ type: string
+ required:
+ - ruleName
+ - ruleNamespace
+ type: object
+ type: array
+ query:
+ description: QuerySpec defines the query command line flags when starting
+ Prometheus.
+ properties:
+ lookbackDelta:
+ description: The delta difference allowed for retrieving metrics
+ during expression evaluations.
+ type: string
+ maxConcurrency:
+ description: Number of concurrent queries that can be run at once.
+ format: int32
+ type: integer
+ maxSamples:
+ description: Maximum number of samples a single query can load
+ into memory. Note that queries will fail if they would load
+ more samples than this into memory, so this also limits the
+ number of samples a query can return.
+ format: int32
+ type: integer
+ timeout:
+ description: Maximum time a query may take before being aborted.
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
+ type: string
+ type: object
+ queryLogFile:
+ description: QueryLogFile specifies the file to which PromQL queries
+ are logged. If the filename has an empty path, e.g. 'query.log',
+ prometheus-operator will mount the file into an emptyDir volume
+ at `/var/log/prometheus`. If a full path is provided, e.g. /var/log/prometheus/query.log,
+ you must mount a volume in the specified directory and it must be
+ writable. This is because the prometheus container runs with a read-only
+ root filesystem for security reasons. Alternatively, the location
+ can be set to a stdout location such as `/dev/stdout` to log query
+ information to the default Prometheus log stream. This is only available
+ in versions of Prometheus >= 2.16.0. For more details, see the Prometheus
+ docs (https://prometheus.io/docs/guides/query-log/)
+ type: string
+ remoteRead:
+ description: remoteRead is the list of remote read configurations.
+ items:
+ description: RemoteReadSpec defines the configuration for Prometheus
+ to read back samples from a remote endpoint.
+ properties:
+ authorization:
+ description: Authorization section for remote read
+ properties:
+ credentials:
+ description: The secret's key that contains the credentials
+ of the request
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ credentialsFile:
+ description: File to read a secret from, mutually exclusive
+ with Credentials (from SafeAuthorization)
+ type: string
+ type:
+ description: Set the authentication type. Defaults to Bearer,
+ Basic will cause an error
+ type: string
+ type: object
+ basicAuth:
+ description: BasicAuth for the URL.
+ properties:
+ password:
+ description: The secret in the service monitor namespace
+ that contains the password for authentication.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ username:
+ description: The secret in the service monitor namespace
+ that contains the username for authentication.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ bearerToken:
+ description: Bearer token for remote read.
+ type: string
+ bearerTokenFile:
+ description: File to read bearer token for remote read.
+ type: string
+ headers:
+ additionalProperties:
+ type: string
+ description: Custom HTTP headers to be sent along with each
+ remote read request. Be aware that headers that are set by
+ Prometheus itself can't be overwritten. Only valid in Prometheus
+ versions 2.26.0 and newer.
+ type: object
+ name:
+ description: The name of the remote read queue, it must be unique
+ if specified. The name is used in metrics and logging in order
+ to differentiate read configurations. Only valid in Prometheus
+ versions 2.15.0 and newer.
+ type: string
+ oauth2:
+ description: OAuth2 for the URL. Only valid in Prometheus versions
+ 2.27.0 and newer.
+ properties:
+ clientId:
+ description: The secret or configmap containing the OAuth2
+ client id
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the
+ targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ clientSecret:
+ description: The secret containing the OAuth2 client secret
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ endpointParams:
+ additionalProperties:
+ type: string
+ description: Parameters to append to the token URL
+ type: object
+ scopes:
+ description: OAuth2 scopes used for the token request
+ items:
+ type: string
+ type: array
+ tokenUrl:
+ description: The URL to fetch the token from
+ minLength: 1
+ type: string
+ required:
+ - clientId
+ - clientSecret
+ - tokenUrl
+ type: object
+ proxyUrl:
+ description: Optional ProxyURL.
+ type: string
+ readRecent:
+ description: Whether reads should be made for queries for time
+ ranges that the local storage should have complete data for.
+ type: boolean
+ remoteTimeout:
+ description: Timeout for requests to the remote read endpoint.
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
+ type: string
+ requiredMatchers:
+ additionalProperties:
+ type: string
+ description: An optional list of equality matchers which have
+ to be present in a selector to query the remote read endpoint.
+ type: object
+ tlsConfig:
+ description: TLS Config to use for remote read.
+ properties:
+ ca:
+ description: Struct containing the CA cert to use for the
+ targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the
+ targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ caFile:
+ description: Path to the CA cert in the Prometheus container
+ to use for the targets.
+ type: string
+ cert:
+ description: Struct containing the client cert file for
+ the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the
+ targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ certFile:
+ description: Path to the client cert file in the Prometheus
+ container for the targets.
+ type: string
+ insecureSkipVerify:
+ description: Disable target certificate validation.
+ type: boolean
+ keyFile:
+ description: Path to the client key file in the Prometheus
+ container for the targets.
+ type: string
+ keySecret:
+ description: Secret containing the client key file for the
+ targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ serverName:
+ description: Used to verify the hostname for the targets.
+ type: string
+ type: object
+ url:
+ description: The URL of the endpoint to query from.
+ type: string
+ required:
+ - url
+ type: object
+ type: array
+ remoteWrite:
+ description: remoteWrite is the list of remote write configurations.
+ items:
+ description: RemoteWriteSpec defines the configuration to write
+ samples from Prometheus to a remote endpoint.
+ properties:
+ authorization:
+ description: Authorization section for remote write
+ properties:
+ credentials:
+ description: The secret's key that contains the credentials
+ of the request
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ credentialsFile:
+ description: File to read a secret from, mutually exclusive
+ with Credentials (from SafeAuthorization)
+ type: string
+ type:
+ description: Set the authentication type. Defaults to Bearer,
+ Basic will cause an error
+ type: string
+ type: object
+ basicAuth:
+ description: BasicAuth for the URL.
+ properties:
+ password:
+ description: The secret in the service monitor namespace
+ that contains the password for authentication.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ username:
+ description: The secret in the service monitor namespace
+ that contains the username for authentication.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ bearerToken:
+ description: Bearer token for remote write.
+ type: string
+ bearerTokenFile:
+ description: File to read bearer token for remote write.
+ type: string
+ headers:
+ additionalProperties:
+ type: string
+ description: Custom HTTP headers to be sent along with each
+ remote write request. Be aware that headers that are set by
+ Prometheus itself can't be overwritten. Only valid in Prometheus
+ versions 2.25.0 and newer.
+ type: object
+ metadataConfig:
+ description: MetadataConfig configures the sending of series
+ metadata to the remote storage.
+ properties:
+ send:
+ description: Whether metric metadata is sent to the remote
+ storage or not.
+ type: boolean
+ sendInterval:
+ description: How frequently metric metadata is sent to the
+ remote storage.
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
+ type: string
+ type: object
+ name:
+ description: The name of the remote write queue, it must be
+ unique if specified. The name is used in metrics and logging
+ in order to differentiate queues. Only valid in Prometheus
+ versions 2.15.0 and newer.
+ type: string
+ oauth2:
+ description: OAuth2 for the URL. Only valid in Prometheus versions
+ 2.27.0 and newer.
+ properties:
+ clientId:
+ description: The secret or configmap containing the OAuth2
+ client id
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the
+ targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ clientSecret:
+ description: The secret containing the OAuth2 client secret
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ endpointParams:
+ additionalProperties:
+ type: string
+ description: Parameters to append to the token URL
+ type: object
+ scopes:
+ description: OAuth2 scopes used for the token request
+ items:
+ type: string
+ type: array
+ tokenUrl:
+ description: The URL to fetch the token from
+ minLength: 1
+ type: string
+ required:
+ - clientId
+ - clientSecret
+ - tokenUrl
+ type: object
+ proxyUrl:
+ description: Optional ProxyURL.
+ type: string
+ queueConfig:
+ description: QueueConfig allows tuning of the remote write queue
+ parameters.
+ properties:
+ batchSendDeadline:
+ description: BatchSendDeadline is the maximum time a sample
+ will wait in buffer.
+ type: string
+ capacity:
+ description: Capacity is the number of samples to buffer
+ per shard before we start dropping them.
+ type: integer
+ maxBackoff:
+ description: MaxBackoff is the maximum retry delay.
+ type: string
+ maxRetries:
+ description: MaxRetries is the maximum number of times to
+ retry a batch on recoverable errors.
+ type: integer
+ maxSamplesPerSend:
+ description: MaxSamplesPerSend is the maximum number of
+ samples per send.
+ type: integer
+ maxShards:
+ description: MaxShards is the maximum number of shards,
+ i.e. amount of concurrency.
+ type: integer
+ minBackoff:
+ description: MinBackoff is the initial retry delay. Gets
+ doubled for every retry.
+ type: string
+ minShards:
+ description: MinShards is the minimum number of shards,
+ i.e. amount of concurrency.
+ type: integer
+ retryOnRateLimit:
+ description: Retry upon receiving a 429 status code from
+ the remote-write storage. This is experimental feature
+ and might change in the future.
+ type: boolean
+ type: object
+ remoteTimeout:
+ description: Timeout for requests to the remote write endpoint.
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
+ type: string
+ sendExemplars:
+ description: Enables sending of exemplars over remote write.
+ Note that exemplar-storage itself must be enabled using the
+ enableFeature option for exemplars to be scraped in the first
+ place. Only valid in Prometheus versions 2.27.0 and newer.
+ type: boolean
+ sigv4:
+ description: Sigv4 allows to configures AWS's Signature Verification
+ 4
+ properties:
+ accessKey:
+ description: AccessKey is the AWS API key. If blank, the
+ environment variable `AWS_ACCESS_KEY_ID` is used.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ profile:
+ description: Profile is the named AWS profile used to authenticate.
+ type: string
+ region:
+ description: Region is the AWS region. If blank, the region
+ from the default credentials chain used.
+ type: string
+ roleArn:
+ description: RoleArn is the named AWS profile used to authenticate.
+ type: string
+ secretKey:
+ description: SecretKey is the AWS API secret. If blank,
+ the environment variable `AWS_SECRET_ACCESS_KEY` is used.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ tlsConfig:
+ description: TLS Config to use for remote write.
+ properties:
+ ca:
+ description: Struct containing the CA cert to use for the
+ targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the
+ targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ caFile:
+ description: Path to the CA cert in the Prometheus container
+ to use for the targets.
+ type: string
+ cert:
+ description: Struct containing the client cert file for
+ the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the
+ targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ certFile:
+ description: Path to the client cert file in the Prometheus
+ container for the targets.
+ type: string
+ insecureSkipVerify:
+ description: Disable target certificate validation.
+ type: boolean
+ keyFile:
+ description: Path to the client key file in the Prometheus
+ container for the targets.
+ type: string
+ keySecret:
+ description: Secret containing the client key file for the
+ targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ serverName:
+ description: Used to verify the hostname for the targets.
+ type: string
+ type: object
+ url:
+ description: The URL of the endpoint to send samples to.
+ type: string
+ writeRelabelConfigs:
+ description: The list of remote write relabel configurations.
+ items:
+ description: 'RelabelConfig allows dynamic rewriting of the
+ label set, being applied to samples before ingestion. It
+ defines `<metric_relabel_configs>`-section of Prometheus
+ configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
+ properties:
+ action:
+ default: replace
+ description: Action to perform based on regex matching.
+ Default is 'replace'. uppercase and lowercase actions
+ require Prometheus >= 2.36.
+ enum:
+ - replace
+ - Replace
+ - keep
+ - Keep
+ - drop
+ - Drop
+ - hashmod
+ - HashMod
+ - labelmap
+ - LabelMap
+ - labeldrop
+ - LabelDrop
+ - labelkeep
+ - LabelKeep
+ - lowercase
+ - Lowercase
+ - uppercase
+ - Uppercase
+ type: string
+ modulus:
+ description: Modulus to take of the hash of the source
+ label values.
+ format: int64
+ type: integer
+ regex:
+ description: Regular expression against which the extracted
+ value is matched. Default is '(.*)'
+ type: string
+ replacement:
+ description: Replacement value against which a regex replace
+ is performed if the regular expression matches. Regex
+ capture groups are available. Default is '$1'
+ type: string
+ separator:
+ description: Separator placed between concatenated source
+ label values. default is ';'.
+ type: string
+ sourceLabels:
+ description: The source labels select values from existing
+ labels. Their content is concatenated using the configured
+ separator and matched against the configured regular
+ expression for the replace, keep, and drop actions.
+ items:
+ description: LabelName is a valid Prometheus label name
+ which may only contain ASCII letters, numbers, as
+ well as underscores.
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
+ type: string
+ type: array
+ targetLabel:
+ description: Label to which the resulting value is written
+ in a replace action. It is mandatory for replace actions.
+ Regex capture groups are available.
+ type: string
+ type: object
+ type: array
+ required:
+ - url
+ type: object
+ type: array
+ replicaExternalLabelName:
+ description: Name of Prometheus external label used to denote replica
+ name. Defaults to the value of `prometheus_replica`. External label
+ will _not_ be added when value is set to empty string (`""`).
+ type: string
+ replicas:
+ description: Number of replicas of each shard to deploy for a Prometheus
+ deployment. Number of replicas multiplied by shards is the total
+ number of Pods created.
+ format: int32
+ type: integer
+ resources:
+ description: Define resources requests and limits for single Pods.
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute resources
+ allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ retention:
+ description: Time duration Prometheus shall retain data for. Default
+ is '24h' if retentionSize is not set, and must match the regular
+ expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds seconds minutes
+ hours days weeks years).
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
+ type: string
+ retentionSize:
+ description: Maximum amount of disk space used by blocks.
+ pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$
+ type: string
+ routePrefix:
+ description: The route prefix Prometheus registers HTTP handlers for.
+ This is useful, if using ExternalURL and a proxy is rewriting HTTP
+ routes of a request, and the actual ExternalURL is still true, but
+ the server serves requests under a different route prefix. For example
+ for use with `kubectl proxy`.
+ type: string
+ ruleNamespaceSelector:
+ description: Namespaces to be selected for PrometheusRules discovery.
+ If unspecified, only the same namespace as the Prometheus object
+ is in is used.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ ruleSelector:
+ description: A selector to select which PrometheusRules to mount for
+ loading alerting/recording rules from. Until (excluding) Prometheus
+ Operator v0.24.0 Prometheus Operator will migrate any legacy rule
+ ConfigMaps to PrometheusRule custom resources selected by RuleSelector.
+ Make sure it does not match any config maps that you do not want
+ to be migrated.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ rules:
+ description: /--rules.*/ command-line arguments.
+ properties:
+ alert:
+ description: /--rules.alert.*/ command-line arguments
+ properties:
+ forGracePeriod:
+ description: Minimum duration between alert and restored 'for'
+ state. This is maintained only for alerts with configured
+ 'for' time greater than grace period.
+ type: string
+ forOutageTolerance:
+ description: Max time to tolerate prometheus outage for restoring
+ 'for' state of alert.
+ type: string
+ resendDelay:
+ description: Minimum amount of time to wait before resending
+ an alert to Alertmanager.
+ type: string
+ type: object
+ type: object
+ scrapeInterval:
+ default: 30s
+ description: 'Interval between consecutive scrapes. Default: `30s`'
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
+ type: string
+ scrapeTimeout:
+ description: Number of seconds to wait for target to respond before
+ erroring.
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
+ type: string
+ secrets:
+ description: Secrets is a list of Secrets in the same namespace as
+ the Prometheus object, which shall be mounted into the Prometheus
+ Pods. Each Secret is added to the StatefulSet definition as a volume
+ named `secret-<secret-name>`. The Secrets are mounted into /etc/prometheus/secrets/<secret-name>
+ in the 'prometheus' container.
+ items:
+ type: string
+ type: array
+ securityContext:
+ description: SecurityContext holds pod-level security attributes and
+ common container settings. This defaults to the default PodSecurityContext.
+ properties:
+ fsGroup:
+ description: "A special supplemental group that applies to all
+ containers in a pod. Some volume types allow the Kubelet to
+ change the ownership of that volume to be owned by the pod:
+ \n 1. The owning GID will be the FSGroup 2. The setgid bit is
+ set (new files created in the volume will be owned by FSGroup)
+ 3. The permission bits are OR'd with rw-rw---- \n If unset,
+ the Kubelet will not modify the ownership and permissions of
+ any volume. Note that this field cannot be set when spec.os.name
+ is windows."
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: 'fsGroupChangePolicy defines behavior of changing
+ ownership and permission of the volume before being exposed
+ inside Pod. This field will only apply to volume types which
+ support fsGroup based ownership(and permissions). It will have
+ no effect on ephemeral volume types such as: secret, configmaps
+ and emptydir. Valid values are "OnRootMismatch" and "Always".
+ If not specified, "Always" is used. Note that this field cannot
+ be set when spec.os.name is windows.'
+ type: string
+ runAsGroup:
+ description: The GID to run the entrypoint of the container process.
+ Uses runtime default if unset. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root
+ user. If true, the Kubelet will validate the image at runtime
+ to ensure that it does not run as UID 0 (root) and fail to start
+ the container if it does. If unset or false, no such validation
+ will be performed. May also be set in SecurityContext. If set
+ in both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in SecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container. Note that this field cannot
+ be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to all containers.
+ If unspecified, the container runtime will allocate a random
+ SELinux context for each container. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to
+ the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to
+ the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to
+ the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to
+ the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by the containers in this
+ pod. Note that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile must be
+ preconfigured on the node to work. Must be a descending
+ path, relative to the kubelet's configured seccomp profile
+ location. Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost - a profile
+ defined in a file on the node should be used. RuntimeDefault
+ - the container runtime default profile should be used.
+ Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: A list of groups applied to the first process run
+ in each container, in addition to the container's primary GID. If
+ unspecified, no groups will be added to any container. Note
+ that this field cannot be set when spec.os.name is windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ description: Sysctls hold a list of namespaced sysctls used for
+ the pod. Pods with unsupported sysctls (by the container runtime)
+ might fail to launch. Note that this field cannot be set when
+ spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ description: The Windows specific settings applied to all containers.
+ If unspecified, the options within a container's SecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named by
+ the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA
+ credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. This field is alpha-level
+ and will only be honored by components that enable the WindowsHostProcessContainers
+ feature flag. Setting this field without the feature flag
+ will result in errors when validating the Pod. All of a
+ Pod's containers must have the same effective HostProcess
+ value (it is not allowed to have a mix of HostProcess containers
+ and non-HostProcess containers). In addition, if HostProcess
+ is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set in PodSecurityContext.
+ If set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ serviceAccountName:
+ description: ServiceAccountName is the name of the ServiceAccount
+ to use to run the Prometheus Pods.
+ type: string
+ serviceMonitorNamespaceSelector:
+ description: Namespace's labels to match for ServiceMonitor discovery.
+ If nil, only check own namespace.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ serviceMonitorSelector:
+ description: ServiceMonitors to be selected for target discovery.
+ *Deprecated:* if neither this nor podMonitorSelector are specified,
+ configuration is unmanaged.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ sha:
+ description: 'SHA of Prometheus container image to be deployed. Defaults
+ to the value of `version`. Similar to a tag, but the SHA explicitly
+ deploys an immutable container image. Version and Tag are ignored
+ if SHA is set. Deprecated: use ''image'' instead. The image digest
+ can be specified as part of the image URL.'
+ type: string
+ shards:
+ description: 'EXPERIMENTAL: Number of shards to distribute targets
+ onto. Number of replicas multiplied by shards is the total number
+ of Pods created. Note that scaling down shards will not reshard
+ data onto remaining instances, it must be manually moved. Increasing
+ shards will not reshard data either but it will continue to be available
+ from the same instances. To query globally use Thanos sidecar and
+ Thanos querier or remote write data to a central location. Sharding
+ is done on the content of the `__address__` target meta-label.'
+ format: int32
+ type: integer
+ storage:
+ description: Storage spec to specify how storage shall be used.
+ properties:
+ disableMountSubPath:
+ description: 'Deprecated: subPath usage will be disabled by default
+ in a future release, this option will become unnecessary. DisableMountSubPath
+ allows to remove any subPath usage in volume mounts.'
+ type: boolean
+ emptyDir:
+ description: 'EmptyDirVolumeSource to be used by the Prometheus
+ StatefulSets. If specified, used in place of any volumeClaimTemplate.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir'
+ properties:
+ medium:
+ description: 'medium represents what type of storage medium
+ should back this directory. The default is "" which means
+ to use the node''s default medium. Must be an empty string
+ (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'sizeLimit is the total amount of local storage
+ required for this EmptyDir volume. The size limit is also
+ applicable for memory medium. The maximum usage on memory
+ medium EmptyDir would be the minimum value between the SizeLimit
+ specified here and the sum of memory limits of all containers
+ in a pod. The default is nil which means that the limit
+ is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: 'EphemeralVolumeSource to be used by the Prometheus
+ StatefulSets. This is a beta field in k8s 1.21, for lower versions,
+ starting with k8s 1.19, it requires enabling the GenericEphemeralVolume
+ feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes'
+ properties:
+ volumeClaimTemplate:
+ description: "Will be used to create a stand-alone PVC to
+ provision the volume. The pod in which this EphemeralVolumeSource
+ is embedded will be the owner of the PVC, i.e. the PVC will
+ be deleted together with the pod. The name of the PVC will
+ be `<pod name>-<volume name>` where `<volume name>` is the
+ name from the `PodSpec.Volumes` array entry. Pod validation
+ will reject the pod if the concatenated name is not valid
+ for a PVC (for example, too long). \n An existing PVC with
+ that name that is not owned by the pod will *not* be used
+ for the pod to avoid using an unrelated volume by mistake.
+ Starting the pod is then blocked until the unrelated PVC
+ is removed. If such a pre-created PVC is meant to be used
+ by the pod, the PVC has to updated with an owner reference
+ to the pod once the pod exists. Normally this should not
+ be necessary, but it may be useful when manually reconstructing
+ a broken cluster. \n This field is read-only and no changes
+ will be made by Kubernetes to the PVC after it has been
+ created. \n Required, must not be nil."
+ properties:
+ metadata:
+ description: May contain labels and annotations that will
+ be copied into the PVC when creating it. No other fields
+ are allowed and will be rejected during validation.
+ type: object
+ spec:
+ description: The specification for the PersistentVolumeClaim.
+ The entire content is copied unchanged into the PVC
+ that gets created from this template. The same fields
+ as in a PersistentVolumeClaim are also valid here.
+ properties:
+ accessModes:
+ description: 'accessModes contains the desired access
+ modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'dataSource field can be used to specify
+ either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim) If the
+ provisioner or an external controller can support
+ the specified data source, it will create a new
+ volume based on the contents of the specified data
+ source. If the AnyVolumeDataSource feature gate
+ is enabled, this field will always have the same
+ contents as the DataSourceRef field.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is
+ required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: 'dataSourceRef specifies the object from
+ which to populate the volume with data, if a non-empty
+ volume is desired. This may be any local object
+ from a non-empty API group (non core object) or
+ a PersistentVolumeClaim object. When this field
+ is specified, volume binding will only succeed if
+ the type of the specified object matches some installed
+ volume populator or dynamic provisioner. This field
+ will replace the functionality of the DataSource
+ field and as such if both fields are non-empty,
+ they must have the same value. For backwards compatibility,
+ both fields (DataSource and DataSourceRef) will
+ be set to the same value automatically if one of
+ them is empty and the other is non-empty. There
+ are two important differences between DataSource
+ and DataSourceRef: * While DataSource only allows
+ two specific types of objects, DataSourceRef allows
+ any non-core object, as well as PersistentVolumeClaim
+ objects. * While DataSource ignores disallowed values
+ (dropping them), DataSourceRef preserves all values,
+ and generates an error if a disallowed value is
+ specified. (Beta) Using this field requires the
+ AnyVolumeDataSource feature gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is
+ required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ resources:
+ description: 'resources represents the minimum resources
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than previous
+ value but must still be higher than capacity recorded
+ in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount
+ of compute resources required. If Requests is
+ omitted for a container, it defaults to Limits
+ if that is explicitly specified, otherwise to
+ an implementation-defined value. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes
+ to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement is
+ a selector that contains values, a key, and
+ an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If
+ the operator is Exists or DoesNotExist,
+ the values array must be empty. This array
+ is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: 'storageClassName is the name of the
+ StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of volume
+ is required by the claim. Value of Filesystem is
+ implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference to
+ the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ volumeClaimTemplate:
+ description: A PVC spec to be used by the Prometheus StatefulSets.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this
+ representation of an object. Servers should convert recognized
+ schemas to the latest internal value, and may reject unrecognized
+ values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST
+ resource this object represents. Servers may infer this
+ from the endpoint the client submits requests to. Cannot
+ be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ description: EmbeddedMetadata contains metadata relevant to
+ an EmbeddedResource.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'Annotations is an unstructured key value
+ map stored with a resource that may be set by external
+ tools to store and retrieve arbitrary metadata. They
+ are not queryable and should be preserved when modifying
+ objects. More info: http://kubernetes.io/docs/user-guide/annotations'
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: 'Map of string keys and values that can be
+ used to organize and categorize (scope and select) objects.
+ May match selectors of replication controllers and services.
+ More info: http://kubernetes.io/docs/user-guide/labels'
+ type: object
+ name:
+ description: 'Name must be unique within a namespace.
+ Is required when creating resources, although some resources
+ may allow a client to request the generation of an appropriate
+ name automatically. Name is primarily intended for creation
+ idempotence and configuration definition. Cannot be
+ updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names'
+ type: string
+ type: object
+ spec:
+ description: 'Spec defines the desired characteristics of
+ a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ accessModes:
+ description: 'accessModes contains the desired access
+ modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'dataSource field can be used to specify
+ either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim) If the provisioner
+ or an external controller can support the specified
+ data source, it will create a new volume based on the
+ contents of the specified data source. If the AnyVolumeDataSource
+ feature gate is enabled, this field will always have
+ the same contents as the DataSourceRef field.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: 'dataSourceRef specifies the object from
+ which to populate the volume with data, if a non-empty
+ volume is desired. This may be any local object from
+ a non-empty API group (non core object) or a PersistentVolumeClaim
+ object. When this field is specified, volume binding
+ will only succeed if the type of the specified object
+ matches some installed volume populator or dynamic provisioner.
+ This field will replace the functionality of the DataSource
+ field and as such if both fields are non-empty, they
+ must have the same value. For backwards compatibility,
+ both fields (DataSource and DataSourceRef) will be set
+ to the same value automatically if one of them is empty
+ and the other is non-empty. There are two important
+ differences between DataSource and DataSourceRef: *
+ While DataSource only allows two specific types of objects,
+ DataSourceRef allows any non-core object, as well as
+ PersistentVolumeClaim objects. * While DataSource ignores
+ disallowed values (dropping them), DataSourceRef preserves
+ all values, and generates an error if a disallowed value
+ is specified. (Beta) Using this field requires the AnyVolumeDataSource
+ feature gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ resources:
+ description: 'resources represents the minimum resources
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify resource
+ requirements that are lower than previous value but
+ must still be higher than capacity recorded in the status
+ field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount
+ of compute resources required. If Requests is omitted
+ for a container, it defaults to Limits if that is
+ explicitly specified, otherwise to an implementation-defined
+ value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes to
+ consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In,
+ NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values
+ array must be non-empty. If the operator is
+ Exists or DoesNotExist, the values array must
+ be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field
+ is "key", the operator is "In", and the values array
+ contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: 'storageClassName is the name of the StorageClass
+ required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of volume is
+ required by the claim. Value of Filesystem is implied
+ when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference to the
+ PersistentVolume backing this claim.
+ type: string
+ type: object
+ status:
+ description: 'Status represents the current information/status
+ of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ accessModes:
+ description: 'accessModes contains the actual access modes
+ the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ allocatedResources:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: allocatedResources is the storage resource
+ within AllocatedResources tracks the capacity allocated
+ to a PVC. It may be larger than the actual capacity
+ when a volume expansion operation is requested. For
+ storage quota, the larger value from allocatedResources
+ and PVC.spec.resources is used. If allocatedResources
+ is not set, PVC.spec.resources alone is used for quota
+ calculation. If a volume expansion capacity request
+ is lowered, allocatedResources is only lowered if there
+ are no expansion operations in progress and if the actual
+ volume capacity is equal or lower than the requested
+ capacity. This is an alpha field and requires enabling
+ RecoverVolumeExpansionFailure feature.
+ type: object
+ capacity:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: capacity represents the actual resources
+ of the underlying volume.
+ type: object
+ conditions:
+ description: conditions is the current Condition of persistent
+ volume claim. If underlying persistent volume is being
+ resized then the Condition will be set to 'ResizeStarted'.
+ items:
+ description: PersistentVolumeClaimCondition contails
+ details about state of pvc
+ properties:
+ lastProbeTime:
+ description: lastProbeTime is the time we probed
+ the condition.
+ format: date-time
+ type: string
+ lastTransitionTime:
+ description: lastTransitionTime is the time the
+ condition transitioned from one status to another.
+ format: date-time
+ type: string
+ message:
+ description: message is the human-readable message
+ indicating details about last transition.
+ type: string
+ reason:
+ description: reason is a unique, this should be
+ a short, machine understandable string that gives
+ the reason for condition's last transition. If
+ it reports "ResizeStarted" that means the underlying
+ persistent volume is being resized.
+ type: string
+ status:
+ type: string
+ type:
+ description: PersistentVolumeClaimConditionType
+ is a valid value of PersistentVolumeClaimCondition.Type
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ phase:
+ description: phase represents the current phase of PersistentVolumeClaim.
+ type: string
+ resizeStatus:
+ description: resizeStatus stores status of resize operation.
+ ResizeStatus is not set by default but when expansion
+ is complete resizeStatus is set to empty string by resize
+ controller or kubelet. This is an alpha field and requires
+ enabling RecoverVolumeExpansionFailure feature.
+ type: string
+ type: object
+ type: object
+ type: object
+ tag:
+ description: 'Tag of Prometheus container image to be deployed. Defaults
+ to the value of `version`. Version is ignored if Tag is set. Deprecated:
+ use ''image'' instead. The image tag can be specified as part of
+ the image URL.'
+ type: string
+ thanos:
+ description: "Thanos configuration allows configuring various aspects
+ of a Prometheus server in a Thanos environment. \n This section
+ is experimental, it may change significantly without deprecation
+ notice in any release. \n This is experimental and may change significantly
+ without backward compatibility in any release."
+ properties:
+ additionalArgs:
+ description: AdditionalArgs allows setting additional arguments
+ for the Thanos container. The arguments are passed as-is to
+ the Thanos container which may cause issues if they are invalid
+ or not supported the given Thanos version. In case of an argument
+ conflict (e.g. an argument which is already set by the operator
+ itself) or when providing an invalid argument the reconciliation
+ will fail and an error will be logged.
+ items:
+ description: Argument as part of the AdditionalArgs list.
+ properties:
+ name:
+ description: Name of the argument, e.g. "scrape.discovery-reload-interval".
+ minLength: 1
+ type: string
+ value:
+ description: Argument value, e.g. 30s. Can be empty for
+ name-only arguments (e.g. --storage.tsdb.no-lockfile)
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ baseImage:
+ description: 'Thanos base image if other than default. Deprecated:
+ use ''image'' instead'
+ type: string
+ grpcListenLocal:
+ description: If true, the Thanos sidecar listens on the loopback
+ interface for the gRPC endpoints. It has no effect if `listenLocal`
+ is true.
+ type: boolean
+ grpcServerTlsConfig:
+ description: 'GRPCServerTLSConfig configures the TLS parameters
+ for the gRPC server providing the StoreAPI. Note: Currently
+ only the CAFile, CertFile, and KeyFile fields are supported.
+ Maps to the ''--grpc-server-tls-*'' CLI args.'
+ properties:
+ ca:
+ description: Struct containing the CA cert to use for the
+ targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the
+ targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ caFile:
+ description: Path to the CA cert in the Prometheus container
+ to use for the targets.
+ type: string
+ cert:
+ description: Struct containing the client cert file for the
+ targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the
+ targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ certFile:
+ description: Path to the client cert file in the Prometheus
+ container for the targets.
+ type: string
+ insecureSkipVerify:
+ description: Disable target certificate validation.
+ type: boolean
+ keyFile:
+ description: Path to the client key file in the Prometheus
+ container for the targets.
+ type: string
+ keySecret:
+ description: Secret containing the client key file for the
+ targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ serverName:
+ description: Used to verify the hostname for the targets.
+ type: string
+ type: object
+ httpListenLocal:
+ description: If true, the Thanos sidecar listens on the loopback
+ interface for the HTTP endpoints. It has no effect if `listenLocal`
+ is true.
+ type: boolean
+ image:
+ description: Image if specified has precedence over baseImage,
+ tag and sha combinations. Specifying the version is still necessary
+ to ensure the Prometheus Operator knows what version of Thanos
+ is being configured.
+ type: string
+ listenLocal:
+ description: 'If true, the Thanos sidecar listens on the loopback
+ interface for the HTTP and gRPC endpoints. It takes precedence
+ over `grpcListenLocal` and `httpListenLocal`. Deprecated: use
+ `grpcListenLocal` and `httpListenLocal` instead.'
+ type: boolean
+ logFormat:
+ description: LogFormat for Thanos sidecar to be configured with.
+ enum:
+ - ""
+ - logfmt
+ - json
+ type: string
+ logLevel:
+ description: LogLevel for Thanos sidecar to be configured with.
+ enum:
+ - ""
+ - debug
+ - info
+ - warn
+ - error
+ type: string
+ minTime:
+ description: MinTime for Thanos sidecar to be configured with.
+ Option can be a constant time in RFC3339 format or time duration
+ relative to current time, such as -1d or 2h45m. Valid duration
+ units are ms, s, m, h, d, w, y.
+ type: string
+ objectStorageConfig:
+ description: ObjectStorageConfig configures object storage in
+ Thanos. Alternative to ObjectStorageConfigFile, and lower order
+ priority.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be
+ a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be
+ defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ objectStorageConfigFile:
+ description: ObjectStorageConfigFile specifies the path of the
+ object storage configuration file. When used alongside with
+ ObjectStorageConfig, ObjectStorageConfigFile takes precedence.
+ type: string
+ readyTimeout:
+ description: ReadyTimeout is the maximum time Thanos sidecar will
+ wait for Prometheus to start. Eg 10m
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
+ type: string
+ resources:
+ description: Resources defines the resource requirements for the
+ Thanos sidecar. If not provided, no requests/limits will be
+ set
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ sha:
+ description: 'SHA of Thanos container image to be deployed. Defaults
+ to the value of `version`. Similar to a tag, but the SHA explicitly
+ deploys an immutable container image. Version and Tag are ignored
+ if SHA is set. Deprecated: use ''image'' instead. The image
+ digest can be specified as part of the image URL.'
+ type: string
+ tag:
+ description: 'Tag of Thanos sidecar container image to be deployed.
+ Defaults to the value of `version`. Version is ignored if Tag
+ is set. Deprecated: use ''image'' instead. The image tag can
+ be specified as part of the image URL.'
+ type: string
+ tracingConfig:
+ description: TracingConfig configures tracing in Thanos. This
+ is an experimental feature, it may change in any upcoming release
+ in a breaking way.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be
+ a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be
+ defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ tracingConfigFile:
+ description: TracingConfig specifies the path of the tracing configuration
+ file. When used alongside with TracingConfig, TracingConfigFile
+ takes precedence.
+ type: string
+ version:
+ description: Version describes the version of Thanos to use.
+ type: string
+ volumeMounts:
+ description: VolumeMounts allows configuration of additional VolumeMounts
+ on the output StatefulSet definition. VolumeMounts specified
+ will be appended to other VolumeMounts in the thanos-sidecar
+ container.
+ items:
+ description: VolumeMount describes a mounting of a Volume within
+ a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume
+ should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are
+ propagated from the host to container and the other way
+ around. When not set, MountPropagationNone is used. This
+ field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves similarly
+ to SubPath but environment variable references $(VAR_NAME)
+ are expanded using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath are mutually
+ exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ tolerations:
+ description: If specified, the pod's tolerations.
+ items:
+ description: The pod this Toleration is attached to tolerates any
+ taint that matches the triple <key,value,effect> using the matching
+ operator <operator>.
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match. Empty
+ means match all taint effects. When specified, allowed values
+ are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration applies
+ to. Empty means match all taint keys. If the key is empty,
+ operator must be Exists; this combination means to match all
+ values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship to the
+ value. Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod
+ can tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of time
+ the toleration (which must be of effect NoExecute, otherwise
+ this field is ignored) tolerates the taint. By default, it
+ is not set, which means tolerate the taint forever (do not
+ evict). Zero and negative values will be treated as 0 (evict
+ immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration matches
+ to. If the operator is Exists, the value should be empty,
+ otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ topologySpreadConstraints:
+ description: If specified, the pod's topology spread constraints.
+ items:
+ description: TopologySpreadConstraint specifies how to spread matching
+ pods among the given topology.
+ properties:
+ labelSelector:
+ description: LabelSelector is used to find matching pods. Pods
+ that match this label selector are counted to determine the
+ number of pods in their corresponding topology domain.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: MatchLabelKeys is a set of pod label keys to select
+ the pods over which spreading will be calculated. The keys
+ are used to lookup values from the incoming pod labels, those
+ key-value labels are ANDed with labelSelector to select the
+ group of existing pods over which spreading will be calculated
+ for the incoming pod. Keys that don't exist in the incoming
+ pod labels will be ignored. A null or empty list means only
+ match against labelSelector.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ maxSkew:
+ description: 'MaxSkew describes the degree to which pods may
+ be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
+ it is the maximum permitted difference between the number
+ of matching pods in the target topology and the global minimum.
+ The global minimum is the minimum number of matching pods
+ in an eligible domain or zero if the number of eligible domains
+ is less than MinDomains. For example, in a 3-zone cluster,
+ MaxSkew is set to 1, and pods with the same labelSelector
+ spread as 2/2/1: In this case, the global minimum is 1. |
+ zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew
+ is 1, incoming pod can only be scheduled to zone3 to become
+ 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1)
+ on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming
+ pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+ it is used to give higher precedence to topologies that satisfy
+ it. It''s a required field. Default value is 1 and 0 is not
+ allowed.'
+ format: int32
+ type: integer
+ minDomains:
+ description: "MinDomains indicates a minimum number of eligible
+ domains. When the number of eligible domains with matching
+ topology keys is less than minDomains, Pod Topology Spread
+ treats \"global minimum\" as 0, and then the calculation of
+ Skew is performed. And when the number of eligible domains
+ with matching topology keys equals or greater than minDomains,
+ this value has no effect on scheduling. As a result, when
+ the number of eligible domains is less than minDomains, scheduler
+ won't schedule more than maxSkew Pods to those domains. If
+ value is nil, the constraint behaves as if MinDomains is equal
+ to 1. Valid values are integers greater than 0. When value
+ is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For
+ example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains
+ is set to 5 and pods with the same labelSelector spread as
+ 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P |
+ The number of domains is less than 5(MinDomains), so \"global
+ minimum\" is treated as 0. In this situation, new pod with
+ the same labelSelector cannot be scheduled, because computed
+ skew will be 3(3 - 0) if new Pod is scheduled to any of the
+ three zones, it will violate MaxSkew. \n This is a beta field
+ and requires the MinDomainsInPodTopologySpread feature gate
+ to be enabled (enabled by default)."
+ format: int32
+ type: integer
+ nodeAffinityPolicy:
+ description: "NodeAffinityPolicy indicates how we will treat
+ Pod's nodeAffinity/nodeSelector when calculating pod topology
+ spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector
+ are included in the calculations. - Ignore: nodeAffinity/nodeSelector
+ are ignored. All nodes are included in the calculations. \n
+ If this value is nil, the behavior is equivalent to the Honor
+ policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread
+ feature flag."
+ type: string
+ nodeTaintsPolicy:
+ description: "NodeTaintsPolicy indicates how we will treat node
+ taints when calculating pod topology spread skew. Options
+ are: - Honor: nodes without taints, along with tainted nodes
+ for which the incoming pod has a toleration, are included.
+ - Ignore: node taints are ignored. All nodes are included.
+ \n If this value is nil, the behavior is equivalent to the
+ Ignore policy. This is a alpha-level feature enabled by the
+ NodeInclusionPolicyInPodTopologySpread feature flag."
+ type: string
+ topologyKey:
+ description: TopologyKey is the key of node labels. Nodes that
+ have a label with this key and identical values are considered
+ to be in the same topology. We consider each <key, value>
+ as a "bucket", and try to put balanced number of pods into
+ each bucket. We define a domain as a particular instance of
+ a topology. Also, we define an eligible domain as a domain
+ whose nodes meet the requirements of nodeAffinityPolicy and
+ nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname",
+ each Node is a domain of that topology. And, if TopologyKey
+ is "topology.kubernetes.io/zone", each zone is a domain of
+ that topology. It's a required field.
+ type: string
+ whenUnsatisfiable:
+ description: 'WhenUnsatisfiable indicates how to deal with a
+ pod if it doesn''t satisfy the spread constraint. - DoNotSchedule
+ (default) tells the scheduler not to schedule it. - ScheduleAnyway
+ tells the scheduler to schedule the pod in any location, but
+ giving higher precedence to topologies that would help reduce
+ the skew. A constraint is considered "Unsatisfiable" for an
+ incoming pod if and only if every possible node assignment
+ for that pod would violate "MaxSkew" on some topology. For
+ example, in a 3-zone cluster, MaxSkew is set to 1, and pods
+ with the same labelSelector spread as 3/1/1: | zone1 | zone2
+ | zone3 | | P P P | P | P | If WhenUnsatisfiable is
+ set to DoNotSchedule, incoming pod can only be scheduled to
+ zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on
+ zone2(zone3) satisfies MaxSkew(1). In other words, the cluster
+ can still be imbalanced, but scheduler won''t make it *more*
+ imbalanced. It''s a required field.'
+ type: string
+ required:
+ - maxSkew
+ - topologyKey
+ - whenUnsatisfiable
+ type: object
+ type: array
+ tsdb:
+ description: Defines the runtime reloadable configuration of the timeseries
+ database (TSDB).
+ properties:
+ outOfOrderTimeWindow:
+ description: Configures how old an out-of-order/out-of-bounds
+ sample can be w.r.t. the TSDB max time. An out-of-order/out-of-bounds
+ sample is ingested into the TSDB as long as the timestamp of
+ the sample is >= (TSDB.MaxTime - outOfOrderTimeWindow). Out
+ of order ingestion is an experimental feature and requires Prometheus
+ >= v2.39.0.
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
+ type: string
+ type: object
+ version:
+ description: Version of Prometheus to be deployed.
+ type: string
+ volumeMounts:
+ description: VolumeMounts allows configuration of additional VolumeMounts
+ on the output StatefulSet definition. VolumeMounts specified will
+ be appended to other VolumeMounts in the prometheus container, that
+ are generated as a result of StorageSpec objects.
+ items:
+ description: VolumeMount describes a mounting of a Volume within
+ a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume should
+ be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are propagated
+ from the host to container and the other way around. When
+ not set, MountPropagationNone is used. This field is beta
+ in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which the
+ container's volume should be mounted. Behaves similarly to
+ SubPath but environment variable references $(VAR_NAME) are
+ expanded using the container's environment. Defaults to ""
+ (volume's root). SubPathExpr and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ volumes:
+ description: Volumes allows configuration of additional volumes on
+ the output StatefulSet definition. Volumes specified will be appended
+ to other volumes that are generated as a result of StorageSpec objects.
+ items:
+ description: Volume represents a named volume in a pod that may
+ be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'awsElasticBlockStore represents an AWS Disk resource
+ that is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the volume that
+ you want to mount. If omitted, the default is to mount
+ by volume name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly value true will force the readOnly
+ setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'volumeID is unique ID of the persistent disk
+ resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: azureDisk represents an Azure Data Disk mount on
+ the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'cachingMode is the Host Caching mode: None,
+ Read Only, Read Write.'
+ type: string
+ diskName:
+ description: diskName is the Name of the data disk in the
+ blob storage
+ type: string
+ diskURI:
+ description: diskURI is the URI of data disk in the blob
+ storage
+ type: string
+ fsType:
+ description: fsType is Filesystem type to mount. Must be
+ a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ kind:
+ description: 'kind expected values are Shared: multiple
+ blob disks per storage account Dedicated: single blob
+ disk per storage account Managed: azure managed data
+ disk (only in managed availability set). defaults to shared'
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: azureFile represents an Azure File Service mount
+ on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: secretName is the name of secret that contains
+ Azure Storage Account Name and Key
+ type: string
+ shareName:
+ description: shareName is the azure share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: cephFS represents a Ceph FS mount on the host that
+ shares a pod's lifetime
+ properties:
+ monitors:
+ description: 'monitors is Required: Monitors is a collection
+ of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ path:
+ description: 'path is Optional: Used as the mounted root,
+ rather than the full Ceph tree, default is /'
+ type: string
+ readOnly:
+ description: 'readOnly is Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'secretFile is Optional: SecretFile is the
+ path to key ring for User, default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'secretRef is Optional: SecretRef is reference
+ to the authentication secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: 'user is optional: User is the rados user name,
+ default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'cinder represents a cinder volume attached and
+ mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to
+ be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'secretRef is optional: points to a secret
+ object containing parameters used to connect to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeID:
+ description: 'volumeID used to identify the volume in cinder.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: configMap represents a configMap that should populate
+ this volume
+ properties:
+ defaultMode:
+ description: 'defaultMode is optional: mode bits used to
+ set permissions on created files by default. Must be an
+ octal value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items if unspecified, each key-value pair in
+ the Data field of the referenced ConfigMap will be projected
+ into the volume as a file whose name is the key and content
+ is the value. If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in
+ the ConfigMap, the volume setup will error unless it is
+ marked optional. Paths must be relative and may not contain
+ the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits used to
+ set permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. If not
+ specified, the volume defaultMode will be used.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of the file
+ to map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap or its
+ keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ csi:
+ description: csi (Container Storage Interface) represents ephemeral
+ storage that is handled by certain external CSI drivers (Beta
+ feature).
+ properties:
+ driver:
+ description: driver is the name of the CSI driver that handles
+ this volume. Consult with your admin for the correct name
+ as registered in the cluster.
+ type: string
+ fsType:
+ description: fsType to mount. Ex. "ext4", "xfs", "ntfs".
+ If not provided, the empty value is passed to the associated
+ CSI driver which will determine the default filesystem
+ to apply.
+ type: string
+ nodePublishSecretRef:
+ description: nodePublishSecretRef is a reference to the
+ secret object containing sensitive information to pass
+ to the CSI driver to complete the CSI NodePublishVolume
+ and NodeUnpublishVolume calls. This field is optional,
+ and may be empty if no secret is required. If the secret
+ object contains more than one secret, all secret references
+ are passed.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ readOnly:
+ description: readOnly specifies a read-only configuration
+ for the volume. Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: volumeAttributes stores driver-specific properties
+ that are passed to the CSI driver. Consult your driver's
+ documentation for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: downwardAPI represents downward API about the pod
+ that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on created files
+ by default. Must be a Optional: mode bits used to set
+ permissions on created files by default. Must be an octal
+ value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API volume file
+ items:
+ description: DownwardAPIVolumeFile represents information
+ to create the file containing the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of the pod:
+ only annotations, labels, name and namespace are
+ supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: 'Optional: mode bits used to set permissions
+ on this file, must be an octal value between 0000
+ and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires
+ decimal values for mode bits. If not specified,
+ the volume defaultMode will be used. This might
+ be in conflict with other options that affect the
+ file mode, like fsGroup, and the result can be other
+ mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative path
+ name of the file to be created. Must not be absolute
+ or contain the ''..'' path. Must be utf-8 encoded.
+ The first item of the relative path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'emptyDir represents a temporary directory that
+ shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'medium represents what type of storage medium
+ should back this directory. The default is "" which means
+ to use the node''s default medium. Must be an empty string
+ (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'sizeLimit is the total amount of local storage
+ required for this EmptyDir volume. The size limit is also
+ applicable for memory medium. The maximum usage on memory
+ medium EmptyDir would be the minimum value between the
+ SizeLimit specified here and the sum of memory limits
+ of all containers in a pod. The default is nil which means
+ that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: "ephemeral represents a volume that is handled
+ by a cluster storage driver. The volume's lifecycle is tied
+ to the pod that defines it - it will be created before the
+ pod starts, and deleted when the pod is removed. \n Use this
+ if: a) the volume is only needed while the pod runs, b) features
+ of normal volumes like restoring from snapshot or capacity
+ tracking are needed, c) the storage driver is specified through
+ a storage class, and d) the storage driver supports dynamic
+ volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource
+ for more information on the connection between this volume
+ type and PersistentVolumeClaim). \n Use PersistentVolumeClaim
+ or one of the vendor-specific APIs for volumes that persist
+ for longer than the lifecycle of an individual pod. \n Use
+ CSI for light-weight local ephemeral volumes if the CSI driver
+ is meant to be used that way - see the documentation of the
+ driver for more information. \n A pod can use both types of
+ ephemeral volumes and persistent volumes at the same time."
+ properties:
+ volumeClaimTemplate:
+ description: "Will be used to create a stand-alone PVC to
+ provision the volume. The pod in which this EphemeralVolumeSource
+ is embedded will be the owner of the PVC, i.e. the PVC
+ will be deleted together with the pod. The name of the
+ PVC will be `<pod name>-<volume name>` where `<volume
+ name>` is the name from the `PodSpec.Volumes` array entry.
+ Pod validation will reject the pod if the concatenated
+ name is not valid for a PVC (for example, too long). \n
+ An existing PVC with that name that is not owned by the
+ pod will *not* be used for the pod to avoid using an unrelated
+ volume by mistake. Starting the pod is then blocked until
+ the unrelated PVC is removed. If such a pre-created PVC
+ is meant to be used by the pod, the PVC has to updated
+ with an owner reference to the pod once the pod exists.
+ Normally this should not be necessary, but it may be useful
+ when manually reconstructing a broken cluster. \n This
+ field is read-only and no changes will be made by Kubernetes
+ to the PVC after it has been created. \n Required, must
+ not be nil."
+ properties:
+ metadata:
+ description: May contain labels and annotations that
+ will be copied into the PVC when creating it. No other
+ fields are allowed and will be rejected during validation.
+ type: object
+ spec:
+ description: The specification for the PersistentVolumeClaim.
+ The entire content is copied unchanged into the PVC
+ that gets created from this template. The same fields
+ as in a PersistentVolumeClaim are also valid here.
+ properties:
+ accessModes:
+ description: 'accessModes contains the desired access
+ modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'dataSource field can be used to specify
+ either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim) If the
+ provisioner or an external controller can support
+ the specified data source, it will create a new
+ volume based on the contents of the specified
+ data source. If the AnyVolumeDataSource feature
+ gate is enabled, this field will always have the
+ same contents as the DataSourceRef field.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API
+ group. For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: 'dataSourceRef specifies the object
+ from which to populate the volume with data, if
+ a non-empty volume is desired. This may be any
+ local object from a non-empty API group (non core
+ object) or a PersistentVolumeClaim object. When
+ this field is specified, volume binding will only
+ succeed if the type of the specified object matches
+ some installed volume populator or dynamic provisioner.
+ This field will replace the functionality of the
+ DataSource field and as such if both fields are
+ non-empty, they must have the same value. For
+ backwards compatibility, both fields (DataSource
+ and DataSourceRef) will be set to the same value
+ automatically if one of them is empty and the
+ other is non-empty. There are two important differences
+ between DataSource and DataSourceRef: * While
+ DataSource only allows two specific types of objects,
+ DataSourceRef allows any non-core object, as well
+ as PersistentVolumeClaim objects. * While DataSource
+ ignores disallowed values (dropping them), DataSourceRef
+ preserves all values, and generates an error if
+ a disallowed value is specified. (Beta) Using
+ this field requires the AnyVolumeDataSource feature
+ gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API
+ group. For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ resources:
+ description: 'resources represents the minimum resources
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than previous
+ value but must still be higher than capacity recorded
+ in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum
+ amount of compute resources required. If Requests
+ is omitted for a container, it defaults to
+ Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes
+ to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: 'storageClassName is the name of the
+ StorageClass required by the claim. More info:
+ https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of volume
+ is required by the claim. Value of Filesystem
+ is implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference
+ to the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: fc represents a Fibre Channel resource that is
+ attached to a kubelet's host machine and then exposed to the
+ pod.
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. TODO: how do we prevent errors in the
+ filesystem from compromising the machine'
+ type: string
+ lun:
+ description: 'lun is Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly is Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'targetWWNs is Optional: FC target worldwide
+ names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'wwids Optional: FC volume world wide identifiers
+ (wwids) Either wwids or combination of targetWWNs and
+ lun must be set, but not both simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: flexVolume represents a generic volume resource
+ that is provisioned/attached using an exec based plugin.
+ properties:
+ driver:
+ description: driver is the name of the driver to use for
+ this volume.
+ type: string
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". The default filesystem depends
+ on FlexVolume script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'options is Optional: this field holds extra
+ command options if any.'
+ type: object
+ readOnly:
+ description: 'readOnly is Optional: defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'secretRef is Optional: secretRef is reference
+ to the secret object containing sensitive information
+ to pass to the plugin scripts. This may be empty if no
+ secret object is specified. If the secret object contains
+ more than one secret, all secrets are passed to the plugin
+ scripts.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - driver
+ type: object
+ flocker:
+ description: flocker represents a Flocker volume attached to
+ a kubelet's host machine. This depends on the Flocker control
+ service being running
+ properties:
+ datasetName:
+ description: datasetName is Name of the dataset stored as
+ metadata -> name on the dataset for Flocker should be
+ considered as deprecated
+ type: string
+ datasetUUID:
+ description: datasetUUID is the UUID of the dataset. This
+ is unique identifier of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: 'gcePersistentDisk represents a GCE Disk resource
+ that is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'fsType is filesystem type of the volume that
+ you want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the volume that
+ you want to mount. If omitted, the default is to mount
+ by volume name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property empty).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'pdName is unique name of the PD resource in
+ GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'gitRepo represents a git repository at a particular
+ revision. DEPRECATED: GitRepo is deprecated. To provision
+ a container with a git repo, mount an EmptyDir into an InitContainer
+ that clones the repo using git, then mount the EmptyDir into
+ the Pod''s container.'
+ properties:
+ directory:
+ description: directory is the target directory name. Must
+ not contain or start with '..'. If '.' is supplied, the
+ volume directory will be the git repository. Otherwise,
+ if specified, the volume will contain the git repository
+ in the subdirectory with the given name.
+ type: string
+ repository:
+ description: repository is the URL
+ type: string
+ revision:
+ description: revision is the commit hash for the specified
+ revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'glusterfs represents a Glusterfs mount on the
+ host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'endpoints is the endpoint name that details
+ Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'path is the Glusterfs volume path. More info:
+ https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the Glusterfs volume
+ to be mounted with read-only permissions. Defaults to
+ false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'hostPath represents a pre-existing file or directory
+ on the host machine that is directly exposed to the container.
+ This is generally used for system agents or other privileged
+ things that are allowed to see the host machine. Most containers
+ will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ --- TODO(jonesdl) We need to restrict who can use host directory
+ mounts and who can/can not mount host directories as read/write.'
+ properties:
+ path:
+ description: 'path of the directory on the host. If the
+ path is a symlink, it will follow the link to the real
+ path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'type for HostPath Volume Defaults to "" More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'iscsi represents an ISCSI Disk resource that is
+ attached to a kubelet''s host machine and then exposed to
+ the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: chapAuthDiscovery defines whether support iSCSI
+ Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: chapAuthSession defines whether support iSCSI
+ Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ initiatorName:
+ description: initiatorName is the custom iSCSI Initiator
+ Name. If initiatorName is specified with iscsiInterface
+ simultaneously, new iSCSI interface <target portal>:<volume
+ name> will be created for the connection.
+ type: string
+ iqn:
+ description: iqn is the target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ description: iscsiInterface is the interface Name that uses
+ an iSCSI transport. Defaults to 'default' (tcp).
+ type: string
+ lun:
+ description: lun represents iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: portals is the iSCSI Target Portal List. The
+ portal is either an IP or ip_addr:port if the port is
+ other than default (typically TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false.
+ type: boolean
+ secretRef:
+ description: secretRef is the CHAP Secret for iSCSI target
+ and initiator authentication
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ targetPortal:
+ description: targetPortal is iSCSI Target Portal. The Portal
+ is either an IP or ip_addr:port if the port is other than
+ default (typically TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'name of the volume. Must be a DNS_LABEL and unique
+ within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'nfs represents an NFS mount on the host that shares
+ a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'path that is exported by the NFS server. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the NFS export to
+ be mounted with read-only permissions. Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'server is the hostname or IP address of the
+ NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'persistentVolumeClaimVolumeSource represents a
+ reference to a PersistentVolumeClaim in the same namespace.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'claimName is the name of a PersistentVolumeClaim
+ in the same namespace as the pod using this volume. More
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: readOnly Will force the ReadOnly setting in
+ VolumeMounts. Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: photonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ pdID:
+ description: pdID is the ID that identifies Photon Controller
+ persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: portworxVolume represents a portworx volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fSType represents the filesystem type to mount
+ Must be a filesystem type supported by the host operating
+ system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: volumeID uniquely identifies a Portworx volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: projected items for all in one resources secrets,
+ configmaps, and downward API
+ properties:
+ defaultMode:
+ description: defaultMode are the mode bits used to set permissions
+ on created files by default. Must be an octal value between
+ 0000 and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires decimal
+ values for mode bits. Directories within the path are
+ not affected by this setting. This might be in conflict
+ with other options that affect the file mode, like fsGroup,
+ and the result can be other mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: sources is the list of volume projections
+ items:
+ description: Projection that may be projected along with
+ other supported volume types
+ properties:
+ configMap:
+ description: configMap information about the configMap
+ data to project
+ properties:
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced ConfigMap
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified which
+ is not present in the ConfigMap, the volume
+ setup will error unless it is marked optional.
+ Paths must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and
+ 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for
+ mode bits. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of
+ the file to map the key to. May not be
+ an absolute path. May not contain the
+ path element '..'. May not start with
+ the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ downwardAPI:
+ description: downwardAPI information about the downwardAPI
+ data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field
+ of the pod: only annotations, labels,
+ name and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: 'Optional: mode bits used to
+ set permissions on this file, must be
+ an octal value between 0000 and 0777 or
+ a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values,
+ JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict
+ with other options that affect the file
+ mode, like fsGroup, and the result can
+ be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must
+ not be absolute or contain the ''..''
+ path. Must be utf-8 encoded. The first
+ item of the relative path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the
+ container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu
+ and requests.memory) are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults
+ to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: secret information about the secret data
+ to project
+ properties:
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced Secret
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified which
+ is not present in the Secret, the volume setup
+ will error unless it is marked optional. Paths
+ must be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and
+ 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for
+ mode bits. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of
+ the file to map the key to. May not be
+ an absolute path. May not contain the
+ path element '..'. May not start with
+ the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: optional field specify whether the
+ Secret or its key must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ serviceAccountToken:
+ description: serviceAccountToken is information about
+ the serviceAccountToken data to project
+ properties:
+ audience:
+ description: audience is the intended audience
+ of the token. A recipient of a token must identify
+ itself with an identifier specified in the audience
+ of the token, and otherwise should reject the
+ token. The audience defaults to the identifier
+ of the apiserver.
+ type: string
+ expirationSeconds:
+ description: expirationSeconds is the requested
+ duration of validity of the service account
+ token. As the token approaches expiration, the
+ kubelet volume plugin will proactively rotate
+ the service account token. The kubelet will
+ start trying to rotate the token if the token
+ is older than 80 percent of its time to live
+ or if the token is older than 24 hours.Defaults
+ to 1 hour and must be at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: path is the path relative to the
+ mount point of the file to project the token
+ into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: quobyte represents a Quobyte mount on the host
+ that shares a pod's lifetime
+ properties:
+ group:
+ description: group to map volume access to Default is no
+ group
+ type: string
+ readOnly:
+ description: readOnly here will force the Quobyte volume
+ to be mounted with read-only permissions. Defaults to
+ false.
+ type: boolean
+ registry:
+ description: registry represents a single or multiple Quobyte
+ Registry services specified as a string as host:port pair
+ (multiple entries are separated with commas) which acts
+ as the central registry for volumes
+ type: string
+ tenant:
+ description: tenant owning the given Quobyte volume in the
+ Backend Used with dynamically provisioned Quobyte volumes,
+ value is set by the plugin
+ type: string
+ user:
+ description: user to map volume access to Defaults to serivceaccount
+ user
+ type: string
+ volume:
+ description: volume is a string that references an already
+ created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'rbd represents a Rados Block Device mount on the
+ host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ image:
+ description: 'image is the rados image name. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'monitors is a collection of Ceph monitors.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ pool:
+ description: 'pool is the rados pool name. Default is rbd.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'secretRef is name of the authentication secret
+ for RBDUser. If provided overrides keyring. Default is
+ nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: 'user is the rados user name. Default is admin.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: scaleIO represents a ScaleIO persistent volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Default is "xfs".
+ type: string
+ gateway:
+ description: gateway is the host address of the ScaleIO
+ API Gateway.
+ type: string
+ protectionDomain:
+ description: protectionDomain is the name of the ScaleIO
+ Protection Domain for the configured storage.
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef references to the secret for ScaleIO
+ user and other sensitive information. If this is not provided,
+ Login operation will fail.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ sslEnabled:
+ description: sslEnabled Flag enable/disable SSL communication
+ with Gateway, default false
+ type: boolean
+ storageMode:
+ description: storageMode indicates whether the storage for
+ a volume should be ThickProvisioned or ThinProvisioned.
+ Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: storagePool is the ScaleIO Storage Pool associated
+ with the protection domain.
+ type: string
+ system:
+ description: system is the name of the storage system as
+ configured in ScaleIO.
+ type: string
+ volumeName:
+ description: volumeName is the name of a volume already
+ created in the ScaleIO system that is associated with
+ this volume source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'secret represents a secret that should populate
+ this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'defaultMode is Optional: mode bits used to
+ set permissions on created files by default. Must be an
+ octal value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items If unspecified, each key-value pair in
+ the Data field of the referenced Secret will be projected
+ into the volume as a file whose name is the key and content
+ is the value. If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in
+ the Secret, the volume setup will error unless it is marked
+ optional. Paths must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits used to
+ set permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. If not
+ specified, the volume defaultMode will be used.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of the file
+ to map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: optional field specify whether the Secret or
+ its keys must be defined
+ type: boolean
+ secretName:
+ description: 'secretName is the name of the secret in the
+ pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: storageOS represents a StorageOS volume attached
+ and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef specifies the secret to use for obtaining
+ the StorageOS API credentials. If not specified, default
+ values will be attempted.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeName:
+ description: volumeName is the human-readable name of the
+ StorageOS volume. Volume names are only unique within
+ a namespace.
+ type: string
+ volumeNamespace:
+ description: volumeNamespace specifies the scope of the
+ volume within StorageOS. If no namespace is specified
+ then the Pod's namespace will be used. This allows the
+ Kubernetes name scoping to be mirrored within StorageOS
+ for tighter integration. Set VolumeName to any name to
+ override the default behaviour. Set to "default" if you
+ are not using namespaces within StorageOS. Namespaces
+ that do not pre-exist within StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: vsphereVolume represents a vSphere volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is filesystem type to mount. Must be
+ a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ storagePolicyID:
+ description: storagePolicyID is the storage Policy Based
+ Management (SPBM) profile ID associated with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: storagePolicyName is the storage Policy Based
+ Management (SPBM) profile name.
+ type: string
+ volumePath:
+ description: volumePath is the path that identifies vSphere
+ volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ walCompression:
+ description: Enable compression of the write-ahead log using Snappy.
+ This flag is only available in versions of Prometheus >= 2.11.0.
+ type: boolean
+ web:
+ description: Defines the web command line flags when starting Prometheus.
+ properties:
+ httpConfig:
+ description: Defines HTTP parameters for web server.
+ properties:
+ headers:
+ description: List of headers that can be added to HTTP responses.
+ properties:
+ contentSecurityPolicy:
+ description: Set the Content-Security-Policy header to
+ HTTP responses. Unset if blank.
+ type: string
+ strictTransportSecurity:
+ description: Set the Strict-Transport-Security header
+ to HTTP responses. Unset if blank. Please make sure
+ that you use this with care as this header might force
+ browsers to load Prometheus and the other applications
+ hosted on the same domain and subdomains over HTTPS.
+ https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
+ type: string
+ xContentTypeOptions:
+ description: Set the X-Content-Type-Options header to
+ HTTP responses. Unset if blank. Accepted value is nosniff.
+ https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
+ enum:
+ - ""
+ - NoSniff
+ type: string
+ xFrameOptions:
+ description: Set the X-Frame-Options header to HTTP responses.
+ Unset if blank. Accepted values are deny and sameorigin.
+ https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+ enum:
+ - ""
+ - Deny
+ - SameOrigin
+ type: string
+ xXSSProtection:
+ description: Set the X-XSS-Protection header to all responses.
+ Unset if blank. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
+ type: string
+ type: object
+ http2:
+ description: Enable HTTP/2 support. Note that HTTP/2 is only
+ supported with TLS. When TLSConfig is not configured, HTTP/2
+ will be disabled. Whenever the value of the field changes,
+ a rolling update will be triggered.
+ type: boolean
+ type: object
+ pageTitle:
+ description: The prometheus web page title
+ type: string
+ tlsConfig:
+ description: Defines the TLS parameters for HTTPS.
+ properties:
+ cert:
+ description: Contains the TLS certificate for the server.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the
+ targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ cipherSuites:
+ description: 'List of supported cipher suites for TLS versions
+ up to TLS 1.2. If empty, Go default cipher suites are used.
+ Available cipher suites are documented in the go documentation:
+ https://golang.org/pkg/crypto/tls/#pkg-constants'
+ items:
+ type: string
+ type: array
+ client_ca:
+ description: Contains the CA certificate for client certificate
+ authentication to the server.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the
+ targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ clientAuthType:
+ description: 'Server policy for client authentication. Maps
+ to ClientAuth Policies. For more detail on clientAuth options:
+ https://golang.org/pkg/crypto/tls/#ClientAuthType'
+ type: string
+ curvePreferences:
+ description: 'Elliptic curves that will be used in an ECDHE
+ handshake, in preference order. Available curves are documented
+ in the go documentation: https://golang.org/pkg/crypto/tls/#CurveID'
+ items:
+ type: string
+ type: array
+ keySecret:
+ description: Secret containing the TLS key for the server.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ maxVersion:
+ description: Maximum TLS version that is acceptable. Defaults
+ to TLS13.
+ type: string
+ minVersion:
+ description: Minimum TLS version that is acceptable. Defaults
+ to TLS12.
+ type: string
+ preferServerCipherSuites:
+ description: Controls whether the server selects the client's
+ most preferred cipher suite, or the server's most preferred
+ cipher suite. If true then the server's preference, as expressed
+ in the order of elements in cipherSuites, is used.
+ type: boolean
+ required:
+ - cert
+ - keySecret
+ type: object
+ type: object
+ type: object
+ status:
+ description: 'Most recent observed status of the Prometheus cluster. Read-only.
+ More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+ properties:
+ availableReplicas:
+ description: Total number of available pods (ready for at least minReadySeconds)
+ targeted by this Prometheus deployment.
+ format: int32
+ type: integer
+ conditions:
+ description: The current state of the Prometheus deployment.
+ items:
+ description: PrometheusCondition represents the state of the resources
+ associated with the Prometheus resource.
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the time of the last update
+ to the current status property.
+ format: date-time
+ type: string
+ message:
+ description: Human-readable message indicating details for the
+ condition's last transition.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ type: integer
+ reason:
+ description: Reason for the condition's last transition.
+ type: string
+ status:
+ description: status of the condition.
+ type: string
+ type:
+ description: Type of the condition being reported.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ paused:
+ description: Represents whether any actions on the underlying managed
+ objects are being performed. Only delete actions will be performed.
+ type: boolean
+ replicas:
+ description: Total number of non-terminated pods targeted by this
+ Prometheus deployment (their labels match the selector).
+ format: int32
+ type: integer
+ shardStatuses:
+ description: The list has one entry per shard. Each entry provides
+ a summary of the shard status.
+ items:
+ properties:
+ availableReplicas:
+ description: Total number of available pods (ready for at least
+ minReadySeconds) targeted by this shard.
+ format: int32
+ type: integer
+ replicas:
+ description: Total number of pods targeted by this shard.
+ format: int32
+ type: integer
+ shardID:
+ description: Identifier of the shard.
+ type: string
+ unavailableReplicas:
+ description: Total number of unavailable pods targeted by this
+ shard.
+ format: int32
+ type: integer
+ updatedReplicas:
+ description: Total number of non-terminated pods targeted by
+ this shard that have the desired spec.
+ format: int32
+ type: integer
+ required:
+ - availableReplicas
+ - replicas
+ - shardID
+ - unavailableReplicas
+ - updatedReplicas
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - shardID
+ x-kubernetes-list-type: map
+ unavailableReplicas:
+ description: Total number of unavailable pods targeted by this Prometheus
+ deployment.
+ format: int32
+ type: integer
+ updatedReplicas:
+ description: Total number of non-terminated pods targeted by this
+ Prometheus deployment that have the desired version spec.
+ format: int32
+ type: integer
+ required:
+ - availableReplicas
+ - paused
+ - replicas
+ - unavailableReplicas
+ - updatedReplicas
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/charts/kube-prometheus-stack/crds/crd-prometheusrules.yaml b/charts/kube-prometheus-stack/crds/crd-prometheusrules.yaml
new file mode 100644
index 0000000..6fd613b
--- /dev/null
+++ b/charts/kube-prometheus-stack/crds/crd-prometheusrules.yaml
@@ -0,0 +1,98 @@
+# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.9.2
+ creationTimestamp: null
+ name: prometheusrules.monitoring.coreos.com
+spec:
+ group: monitoring.coreos.com
+ names:
+ categories:
+ - prometheus-operator
+ kind: PrometheusRule
+ listKind: PrometheusRuleList
+ plural: prometheusrules
+ shortNames:
+ - promrule
+ singular: prometheusrule
+ scope: Namespaced
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: PrometheusRule defines recording and alerting rules for a Prometheus
+ instance
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Specification of desired alerting rule definitions for Prometheus.
+ properties:
+ groups:
+ description: Content of Prometheus rule file
+ items:
+ description: 'RuleGroup is a list of sequentially evaluated recording
+ and alerting rules. Note: PartialResponseStrategy is only used
+ by ThanosRuler and will be ignored by Prometheus instances. Valid
+ values for this field are ''warn'' or ''abort''. More info: https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md#partial-response'
+ properties:
+ interval:
+ type: string
+ name:
+ type: string
+ partial_response_strategy:
+ type: string
+ rules:
+ items:
+ description: 'Rule describes an alerting or recording rule
+ See Prometheus documentation: [alerting](https://www.prometheus.io/docs/prometheus/latest/configuration/alerting_rules/)
+ or [recording](https://www.prometheus.io/docs/prometheus/latest/configuration/recording_rules/#recording-rules)
+ rule'
+ properties:
+ alert:
+ type: string
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ expr:
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ for:
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ record:
+ type: string
+ required:
+ - expr
+ type: object
+ type: array
+ required:
+ - name
+ - rules
+ type: object
+ type: array
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
diff --git a/charts/kube-prometheus-stack/crds/crd-servicemonitors.yaml b/charts/kube-prometheus-stack/crds/crd-servicemonitors.yaml
new file mode 100644
index 0000000..a3159b6
--- /dev/null
+++ b/charts/kube-prometheus-stack/crds/crd-servicemonitors.yaml
@@ -0,0 +1,684 @@
+# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.9.2
+ creationTimestamp: null
+ name: servicemonitors.monitoring.coreos.com
+spec:
+ group: monitoring.coreos.com
+ names:
+ categories:
+ - prometheus-operator
+ kind: ServiceMonitor
+ listKind: ServiceMonitorList
+ plural: servicemonitors
+ shortNames:
+ - smon
+ singular: servicemonitor
+ scope: Namespaced
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: ServiceMonitor defines monitoring for a set of services.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Specification of desired Service selection for target discovery
+ by Prometheus.
+ properties:
+ endpoints:
+ description: A list of endpoints allowed as part of this ServiceMonitor.
+ items:
+ description: Endpoint defines a scrapeable endpoint serving Prometheus
+ metrics.
+ properties:
+ authorization:
+ description: Authorization section for this endpoint
+ properties:
+ credentials:
+ description: The secret's key that contains the credentials
+ of the request
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type:
+ description: Set the authentication type. Defaults to Bearer,
+ Basic will cause an error
+ type: string
+ type: object
+ basicAuth:
+ description: 'BasicAuth allow an endpoint to authenticate over
+ basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints'
+ properties:
+ password:
+ description: The secret in the service monitor namespace
+ that contains the password for authentication.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ username:
+ description: The secret in the service monitor namespace
+ that contains the username for authentication.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ bearerTokenFile:
+ description: File to read bearer token for scraping targets.
+ type: string
+ bearerTokenSecret:
+ description: Secret to mount to read bearer token for scraping
+ targets. The secret needs to be in the same namespace as the
+ service monitor and accessible by the Prometheus Operator.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ enableHttp2:
+ description: Whether to enable HTTP2.
+ type: boolean
+ followRedirects:
+ description: FollowRedirects configures whether scrape requests
+ follow HTTP 3xx redirects.
+ type: boolean
+ honorLabels:
+ description: HonorLabels chooses the metric's labels on collisions
+ with target labels.
+ type: boolean
+ honorTimestamps:
+ description: HonorTimestamps controls whether Prometheus respects
+ the timestamps present in scraped data.
+ type: boolean
+ interval:
+ description: Interval at which metrics should be scraped If
+ not specified Prometheus' global scrape interval is used.
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
+ type: string
+ metricRelabelings:
+ description: MetricRelabelConfigs to apply to samples before
+ ingestion.
+ items:
+ description: 'RelabelConfig allows dynamic rewriting of the
+ label set, being applied to samples before ingestion. It
+ defines `<metric_relabel_configs>`-section of Prometheus
+ configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
+ properties:
+ action:
+ default: replace
+ description: Action to perform based on regex matching.
+ Default is 'replace'. uppercase and lowercase actions
+ require Prometheus >= 2.36.
+ enum:
+ - replace
+ - Replace
+ - keep
+ - Keep
+ - drop
+ - Drop
+ - hashmod
+ - HashMod
+ - labelmap
+ - LabelMap
+ - labeldrop
+ - LabelDrop
+ - labelkeep
+ - LabelKeep
+ - lowercase
+ - Lowercase
+ - uppercase
+ - Uppercase
+ type: string
+ modulus:
+ description: Modulus to take of the hash of the source
+ label values.
+ format: int64
+ type: integer
+ regex:
+ description: Regular expression against which the extracted
+ value is matched. Default is '(.*)'
+ type: string
+ replacement:
+ description: Replacement value against which a regex replace
+ is performed if the regular expression matches. Regex
+ capture groups are available. Default is '$1'
+ type: string
+ separator:
+ description: Separator placed between concatenated source
+ label values. default is ';'.
+ type: string
+ sourceLabels:
+ description: The source labels select values from existing
+ labels. Their content is concatenated using the configured
+ separator and matched against the configured regular
+ expression for the replace, keep, and drop actions.
+ items:
+ description: LabelName is a valid Prometheus label name
+ which may only contain ASCII letters, numbers, as
+ well as underscores.
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
+ type: string
+ type: array
+ targetLabel:
+ description: Label to which the resulting value is written
+ in a replace action. It is mandatory for replace actions.
+ Regex capture groups are available.
+ type: string
+ type: object
+ type: array
+ oauth2:
+ description: OAuth2 for the URL. Only valid in Prometheus versions
+ 2.27.0 and newer.
+ properties:
+ clientId:
+ description: The secret or configmap containing the OAuth2
+ client id
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the
+ targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ clientSecret:
+ description: The secret containing the OAuth2 client secret
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ endpointParams:
+ additionalProperties:
+ type: string
+ description: Parameters to append to the token URL
+ type: object
+ scopes:
+ description: OAuth2 scopes used for the token request
+ items:
+ type: string
+ type: array
+ tokenUrl:
+ description: The URL to fetch the token from
+ minLength: 1
+ type: string
+ required:
+ - clientId
+ - clientSecret
+ - tokenUrl
+ type: object
+ params:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Optional HTTP URL parameters
+ type: object
+ path:
+ description: HTTP path to scrape for metrics. If empty, Prometheus
+ uses the default value (e.g. `/metrics`).
+ type: string
+ port:
+ description: Name of the service port this endpoint refers to.
+ Mutually exclusive with targetPort.
+ type: string
+ proxyUrl:
+ description: ProxyURL eg http://proxyserver:2195 Directs scrapes
+ to proxy through this endpoint.
+ type: string
+ relabelings:
+ description: 'RelabelConfigs to apply to samples before scraping.
+ Prometheus Operator automatically adds relabelings for a few
+ standard Kubernetes fields. The original scrape job''s name
+ is available via the `__tmp_prometheus_job_name` label. More
+ info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
+ items:
+ description: 'RelabelConfig allows dynamic rewriting of the
+ label set, being applied to samples before ingestion. It
+ defines `<metric_relabel_configs>`-section of Prometheus
+ configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
+ properties:
+ action:
+ default: replace
+ description: Action to perform based on regex matching.
+ Default is 'replace'. uppercase and lowercase actions
+ require Prometheus >= 2.36.
+ enum:
+ - replace
+ - Replace
+ - keep
+ - Keep
+ - drop
+ - Drop
+ - hashmod
+ - HashMod
+ - labelmap
+ - LabelMap
+ - labeldrop
+ - LabelDrop
+ - labelkeep
+ - LabelKeep
+ - lowercase
+ - Lowercase
+ - uppercase
+ - Uppercase
+ type: string
+ modulus:
+ description: Modulus to take of the hash of the source
+ label values.
+ format: int64
+ type: integer
+ regex:
+ description: Regular expression against which the extracted
+ value is matched. Default is '(.*)'
+ type: string
+ replacement:
+ description: Replacement value against which a regex replace
+ is performed if the regular expression matches. Regex
+ capture groups are available. Default is '$1'
+ type: string
+ separator:
+ description: Separator placed between concatenated source
+ label values. default is ';'.
+ type: string
+ sourceLabels:
+ description: The source labels select values from existing
+ labels. Their content is concatenated using the configured
+ separator and matched against the configured regular
+ expression for the replace, keep, and drop actions.
+ items:
+ description: LabelName is a valid Prometheus label name
+ which may only contain ASCII letters, numbers, as
+ well as underscores.
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
+ type: string
+ type: array
+ targetLabel:
+ description: Label to which the resulting value is written
+ in a replace action. It is mandatory for replace actions.
+ Regex capture groups are available.
+ type: string
+ type: object
+ type: array
+ scheme:
+ description: HTTP scheme to use for scraping.
+ type: string
+ scrapeTimeout:
+ description: Timeout after which the scrape is ended If not
+ specified, the Prometheus global scrape timeout is used unless
+ it is less than `Interval` in which the latter is used.
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the target port of the Pod behind
+ the Service, the port must be specified with container port
+ property. Mutually exclusive with port.
+ x-kubernetes-int-or-string: true
+ tlsConfig:
+ description: TLS configuration to use when scraping the endpoint
+ properties:
+ ca:
+ description: Struct containing the CA cert to use for the
+ targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the
+ targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ caFile:
+ description: Path to the CA cert in the Prometheus container
+ to use for the targets.
+ type: string
+ cert:
+ description: Struct containing the client cert file for
+ the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the
+ targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ certFile:
+ description: Path to the client cert file in the Prometheus
+ container for the targets.
+ type: string
+ insecureSkipVerify:
+ description: Disable target certificate validation.
+ type: boolean
+ keyFile:
+ description: Path to the client key file in the Prometheus
+ container for the targets.
+ type: string
+ keySecret:
+ description: Secret containing the client key file for the
+ targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ serverName:
+ description: Used to verify the hostname for the targets.
+ type: string
+ type: object
+ type: object
+ type: array
+ jobLabel:
+ description: "JobLabel selects the label from the associated Kubernetes
+ service which will be used as the `job` label for all metrics. \n
+ For example: If in `ServiceMonitor.spec.jobLabel: foo` and in `Service.metadata.labels.foo:
+ bar`, then the `job=\"bar\"` label is added to all metrics. \n If
+ the value of this field is empty or if the label doesn't exist for
+ the given Service, the `job` label of the metrics defaults to the
+ name of the Kubernetes Service."
+ type: string
+ labelLimit:
+ description: Per-scrape limit on number of labels that will be accepted
+ for a sample. Only valid in Prometheus versions 2.27.0 and newer.
+ format: int64
+ type: integer
+ labelNameLengthLimit:
+ description: Per-scrape limit on length of labels name that will be
+ accepted for a sample. Only valid in Prometheus versions 2.27.0
+ and newer.
+ format: int64
+ type: integer
+ labelValueLengthLimit:
+ description: Per-scrape limit on length of labels value that will
+ be accepted for a sample. Only valid in Prometheus versions 2.27.0
+ and newer.
+ format: int64
+ type: integer
+ namespaceSelector:
+ description: Selector to select which namespaces the Kubernetes Endpoints
+ objects are discovered from.
+ properties:
+ any:
+ description: Boolean describing whether all namespaces are selected
+ in contrast to a list restricting them.
+ type: boolean
+ matchNames:
+ description: List of namespace names to select from.
+ items:
+ type: string
+ type: array
+ type: object
+ podTargetLabels:
+ description: PodTargetLabels transfers labels on the Kubernetes `Pod`
+ onto the created metrics.
+ items:
+ type: string
+ type: array
+ sampleLimit:
+ description: SampleLimit defines per-scrape limit on number of scraped
+ samples that will be accepted.
+ format: int64
+ type: integer
+ selector:
+ description: Selector to select Endpoints objects.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ targetLabels:
+ description: TargetLabels transfers labels from the Kubernetes `Service`
+ onto the created metrics.
+ items:
+ type: string
+ type: array
+ targetLimit:
+ description: TargetLimit defines a limit on the number of scraped
+ targets that will be accepted.
+ format: int64
+ type: integer
+ required:
+ - endpoints
+ - selector
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
diff --git a/charts/kube-prometheus-stack/crds/crd-thanosrulers.yaml b/charts/kube-prometheus-stack/crds/crd-thanosrulers.yaml
new file mode 100644
index 0000000..0b8cf0d
--- /dev/null
+++ b/charts/kube-prometheus-stack/crds/crd-thanosrulers.yaml
@@ -0,0 +1,6436 @@
+# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.9.2
+ creationTimestamp: null
+ name: thanosrulers.monitoring.coreos.com
+spec:
+ group: monitoring.coreos.com
+ names:
+ categories:
+ - prometheus-operator
+ kind: ThanosRuler
+ listKind: ThanosRulerList
+ plural: thanosrulers
+ shortNames:
+ - ruler
+ singular: thanosruler
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: The number of desired replicas
+ jsonPath: .spec.replicas
+ name: Replicas
+ type: integer
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - description: Whether the resource reconciliation is paused or not
+ jsonPath: .status.paused
+ name: Paused
+ priority: 1
+ type: boolean
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: ThanosRuler defines a ThanosRuler deployment.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: 'Specification of the desired behavior of the ThanosRuler
+ cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+ properties:
+ affinity:
+ description: If specified, the pod's scheduling constraints.
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for the
+ pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the affinity expressions specified by
+ this field, but it may choose a node that violates one or
+ more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node matches
+ the corresponding matchExpressions; the node(s) with the
+ highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term matches
+ all objects with implicit weight 0 (i.e. it's a no-op).
+ A null preferred scheduling term matches no objects (i.e.
+ is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with the
+ corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching the corresponding
+ nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this
+ field are not met at scheduling time, the pod will not be
+ scheduled onto the node. If the affinity requirements specified
+ by this field cease to be met at some point during pod execution
+ (e.g. due to an update), the system may or may not try to
+ eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: A null or empty node selector term matches
+ no objects. The requirements of them are ANDed. The
+ TopologySelectorTerm type implements a subset of the
+ NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string values. If
+ the operator is In or NotIn, the values
+ array must be non-empty. If the operator
+ is Exists or DoesNotExist, the values array
+ must be empty. If the operator is Gt or
+ Lt, the values array must have a single
+ element, which will be interpreted as an
+ integer. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g. co-locate
+ this pod in the same node, zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the affinity expressions specified by
+ this field, but it may choose a node that violates one or
+ more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node has
+ pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding
+ podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this
+ field are not met at scheduling time, the pod will not be
+ scheduled onto the node. If the affinity requirements specified
+ by this field cease to be met at some point during pod execution
+ (e.g. due to a pod label update), the system may or may
+ not try to eventually evict the pod from its node. When
+ there are multiple elements, the lists of nodes corresponding
+ to each podAffinityTerm are intersected, i.e. all terms
+ must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not co-located
+ (anti-affinity) with, where co-located is defined as running
+ on a node whose value of the label with key <topologyKey>
+ matches that of any node on which a pod of the set of
+ pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied to the
+ union of the namespaces selected by this field and
+ the ones listed in the namespaces field. null selector
+ and null or empty namespaces list means "this pod's
+ namespace". An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list of namespace
+ names that the term applies to. The term is applied
+ to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector. null or
+ empty namespaces list and null namespaceSelector means
+ "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where
+ co-located is defined as running on a node whose value
+ of the label with key topologyKey matches that of
+ any node on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules (e.g.
+ avoid putting this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to
+ nodes that satisfy the anti-affinity expressions specified
+ by this field, but it may choose a node that violates one
+ or more of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights, i.e. for each
+ node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions,
+ etc.), compute a sum by iterating through the elements of
+ this field and adding "weight" to the sum if the node has
+ pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by this
+ field and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list
+ means "this pod's namespace". An empty selector
+ ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to. The
+ term is applied to the union of the namespaces
+ listed in this field and the ones selected by
+ namespaceSelector. null or empty namespaces list
+ and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods
+ matching the labelSelector in the specified namespaces,
+ where co-located is defined as running on a node
+ whose value of the label with key topologyKey
+ matches that of any node on which any of the selected
+ pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding
+ podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified by
+ this field are not met at scheduling time, the pod will
+ not be scheduled onto the node. If the anti-affinity requirements
+ specified by this field cease to be met at some point during
+ pod execution (e.g. due to a pod label update), the system
+ may or may not try to eventually evict the pod from its
+ node. When there are multiple elements, the lists of nodes
+ corresponding to each podAffinityTerm are intersected, i.e.
+ all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching
+ the labelSelector relative to the given namespace(s))
+ that this pod should be co-located (affinity) or not co-located
+ (anti-affinity) with, where co-located is defined as running
+ on a node whose value of the label with key <topologyKey>
+ matches that of any node on which a pod of the set of
+ pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied to the
+ union of the namespaces selected by this field and
+ the ones listed in the namespaces field. null selector
+ and null or empty namespaces list means "this pod's
+ namespace". An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a
+ selector that contains values, a key, and an
+ operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If the
+ operator is Exists or DoesNotExist, the
+ values array must be empty. This array is
+ replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value". The
+ requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static list of namespace
+ names that the term applies to. The term is applied
+ to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector. null or
+ empty namespaces list and null namespaceSelector means
+ "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where
+ co-located is defined as running on a node whose value
+ of the label with key topologyKey matches that of
+ any node on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ alertDropLabels:
+ description: AlertDropLabels configure the label names which should
+ be dropped in ThanosRuler alerts. The replica label `thanos_ruler_replica`
+ will always be dropped in alerts.
+ items:
+ type: string
+ type: array
+ alertQueryUrl:
+ description: The external Query URL the Thanos Ruler will set in the
+ 'Source' field of all alerts. Maps to the '--alert.query-url' CLI
+ arg.
+ type: string
+ alertRelabelConfigFile:
+ description: AlertRelabelConfigFile specifies the path of the alert
+ relabeling configuration file. When used alongside with AlertRelabelConfigs,
+ alertRelabelConfigFile takes precedence.
+ type: string
+ alertRelabelConfigs:
+ description: 'AlertRelabelConfigs configures alert relabeling in ThanosRuler.
+ Alert relabel configurations must have the form as specified in
+ the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs
+ Alternative to AlertRelabelConfigFile, and lower order priority.'
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a
+ valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ alertmanagersConfig:
+ description: Define configuration for connecting to alertmanager. Only
+ available with thanos v0.10.0 and higher. Maps to the `alertmanagers.config`
+ arg.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a
+ valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ alertmanagersUrl:
+ description: 'Define URLs to send alerts to Alertmanager. For Thanos
+ v0.10.0 and higher, AlertManagersConfig should be used instead. Note:
+ this field will be ignored if AlertManagersConfig is specified.
+ Maps to the `alertmanagers.url` arg.'
+ items:
+ type: string
+ type: array
+ containers:
+ description: 'Containers allows injecting additional containers or
+ modifying operator generated containers. This can be used to allow
+ adding an authentication proxy to a ThanosRuler pod or to change
+ the behavior of an operator generated container. Containers described
+ here modify an operator generated container if they share the same
+ name and modifications are done via a strategic merge patch. The
+ current container names are: `thanos-ruler` and `config-reloader`.
+ Overriding containers is entirely outside the scope of what the
+ maintainers will support and by doing so, you accept that this behaviour
+ may break at any time without notice.'
+ items:
+ description: A single application container that you want to run
+ within a pod.
+ properties:
+ args:
+ description: 'Arguments to the entrypoint. The container image''s
+ CMD is used if this is not provided. Variable references $(VAR_NAME)
+ are expanded using the container''s environment. If a variable
+ cannot be resolved, the reference in the input string will
+ be unchanged. Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references
+ will never be expanded, regardless of whether the variable
+ exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ command:
+ description: 'Entrypoint array. Not executed within a shell.
+ The container image''s ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container''s
+ environment. If a variable cannot be resolved, the reference
+ in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax:
+ i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether
+ the variable exists or not. Cannot be updated. More info:
+ https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be
+ a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in
+ the container and any service environment variables.
+ If a variable cannot be resolved, the reference in the
+ input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists
+ or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: 'Selects a field of the pod: supports
+ metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
+ `metadata.annotations[''<KEY>'']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: List of sources to populate environment variables
+ in the container. The keys defined within a source must be
+ a C_IDENTIFIER. All invalid keys will be reported as an event
+ when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take
+ precedence. Values defined by an Env with a duplicate key
+ will take precedence. Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of a set
+ of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must be
+ defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend to each
+ key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management
+ to default or override container images in workload controllers
+ like Deployments and StatefulSets.'
+ type: string
+ imagePullPolicy:
+ description: 'Image pull policy. One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent
+ otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
+ type: string
+ lifecycle:
+ description: Actions that the management system should take
+ in response to container lifecycle events. Cannot be updated.
+ properties:
+ postStart:
+ description: 'PostStart is called immediately after a container
+ is created. If the handler fails, the container is terminated
+ and restarted according to its restart policy. Other management
+ of the container blocks until the hook completes. More
+ info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: 'PreStop is called immediately before a container
+ is terminated due to an API request or management event
+ such as liveness/startup probe failure, preemption, resource
+ contention, etc. The handler is not called if the container
+ crashes or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the container
+ will eventually terminate within the Pod''s termination
+ grace period (unless delayed by finalizers). Other management
+ of the container blocks until the hook completes or until
+ the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: 'Periodic probe of container liveness. Container
+ will be restarted if the probe fails. Cannot be updated. More
+ info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: List of ports to expose from the container. Not
+ specifying a port here DOES NOT prevent that port from being
+ exposed. Any port which is listening on the default "0.0.0.0"
+ address inside a container will be accessible from the network.
+ Modifying this array with strategic merge patch may corrupt
+ the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network port in a
+ single container.
+ properties:
+ containerPort:
+ description: Number of port to expose on the pod's IP
+ address. This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external port to.
+ type: string
+ hostPort:
+ description: Number of port to expose on the host. If
+ specified, this must be a valid port number, 0 < x <
+ 65536. If HostNetwork is specified, this must match
+ ContainerPort. Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: If specified, this must be an IANA_SVC_NAME
+ and unique within the pod. Each named port in a pod
+ must have a unique name. Name for the port that can
+ be referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: 'Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe
+ fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: 'Compute Resources required by this container.
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: 'SecurityContext defines the security options the
+ container should be run with. If set, the fields of SecurityContext
+ override the equivalent fields of PodSecurityContext. More
+ info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether
+ a process can gain more privileges than its parent process.
+ This bool directly controls if the no_new_privs flag will
+ be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by
+ the container runtime. Note that this field cannot be
+ set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent to
+ root on the host. Defaults to false. Note that this field
+ cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to
+ use for the containers. The default is DefaultProcMount
+ which uses the container runtime defaults for readonly
+ paths and masked paths. This requires the ProcMountType
+ feature flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root
+ filesystem. Default is false. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a
+ non-root user. If true, the Kubelet will validate the
+ image at runtime to ensure that it does not run as UID
+ 0 (root) and fail to start the container if it does. If
+ unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata
+ if unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a
+ random SELinux context for each container. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container.
+ If seccomp options are provided at both the pod & container
+ level, the container options override the pod options.
+ Note that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile
+ must be preconfigured on the node to work. Must be
+ a descending path, relative to the kubelet's configured
+ seccomp profile location. Must only be set if type
+ is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost -
+ a profile defined in a file on the node should be
+ used. RuntimeDefault - the container runtime default
+ profile should be used. Unconfined - no profile should
+ be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options from the PodSecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. This field is
+ alpha-level and will only be honored by components
+ that enable the WindowsHostProcessContainers feature
+ flag. Setting this field without the feature flag
+ will result in errors when validating the Pod. All
+ of a Pod's containers must have the same effective
+ HostProcess value (it is not allowed to have a mix
+ of HostProcess containers and non-HostProcess containers). In
+ addition, if HostProcess is true then HostNetwork
+ must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: 'StartupProbe indicates that the Pod has successfully
+ initialized. If specified, no other probes are executed until
+ this completes successfully. If this probe fails, the Pod
+ will be restarted, just as if the livenessProbe failed. This
+ can be used to provide different probe parameters at the beginning
+ of a Pod''s lifecycle, when it might take a long time to load
+ data or warm a cache, than during steady-state operation.
+ This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: Whether this container should allocate a buffer
+ for stdin in the container runtime. If this is not set, reads
+ from stdin in the container will always result in EOF. Default
+ is false.
+ type: boolean
+ stdinOnce:
+ description: Whether the container runtime should close the
+ stdin channel after it has been opened by a single attach.
+ When stdin is true the stdin stream will remain open across
+ multiple attach sessions. If stdinOnce is set to true, stdin
+ is opened on container start, is empty until the first client
+ attaches to stdin, and then remains open and accepts data
+ until the client disconnects, at which time stdin is closed
+ and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin
+ will never receive an EOF. Default is false
+ type: boolean
+ terminationMessagePath:
+ description: 'Optional: Path at which the file to which the
+ container''s termination message will be written is mounted
+ into the container''s filesystem. Message written is intended
+ to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes.
+ The total message length across all containers will be limited
+ to 12kb. Defaults to /dev/termination-log. Cannot be updated.'
+ type: string
+ terminationMessagePolicy:
+ description: Indicate how the termination message should be
+ populated. File will use the contents of terminationMessagePath
+ to populate the container status message on both success and
+ failure. FallbackToLogsOnError will use the last chunk of
+ container log output if the termination message file is empty
+ and the container exited with an error. The log output is
+ limited to 2048 bytes or 80 lines, whichever is smaller. Defaults
+ to File. Cannot be updated.
+ type: string
+ tty:
+ description: Whether this container should allocate a TTY for
+ itself, also requires 'stdin' to be true. Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices to be
+ used by the container.
+ items:
+ description: volumeDevice describes a mapping of a raw block
+ device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside of the container
+ that the device will be mapped to.
+ type: string
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a Volume
+ within a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume
+ should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are
+ propagated from the host to container and the other
+ way around. When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves similarly
+ to SubPath but environment variable references $(VAR_NAME)
+ are expanded using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath are mutually
+ exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: Container's working directory. If not specified,
+ the container runtime's default will be used, which might
+ be configured in the container image. Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ enforcedNamespaceLabel:
+ description: EnforcedNamespaceLabel enforces adding a namespace label
+ of origin for each alert and metric that is user created. The label
+ value will always be the namespace of the object that is being created.
+ type: string
+ evaluationInterval:
+ default: 15s
+ description: Interval between consecutive evaluations.
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
+ type: string
+ excludedFromEnforcement:
+ description: List of references to PrometheusRule objects to be excluded
+ from enforcing a namespace label of origin. Applies only if enforcedNamespaceLabel
+ set to true.
+ items:
+ description: ObjectReference references a PodMonitor, ServiceMonitor,
+ Probe or PrometheusRule object.
+ properties:
+ group:
+ default: monitoring.coreos.com
+ description: Group of the referent. When not specified, it defaults
+ to `monitoring.coreos.com`
+ enum:
+ - monitoring.coreos.com
+ type: string
+ name:
+ description: Name of the referent. When not set, all resources
+ are matched.
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ minLength: 1
+ type: string
+ resource:
+ description: Resource of the referent.
+ enum:
+ - prometheusrules
+ - servicemonitors
+ - podmonitors
+ - probes
+ type: string
+ required:
+ - namespace
+ - resource
+ type: object
+ type: array
+ externalPrefix:
+ description: The external URL the Thanos Ruler instances will be available
+ under. This is necessary to generate correct URLs. This is necessary
+ if Thanos Ruler is not served from root of a DNS name.
+ type: string
+ grpcServerTlsConfig:
+ description: 'GRPCServerTLSConfig configures the gRPC server from
+ which Thanos Querier reads recorded rule data. Note: Currently only
+ the CAFile, CertFile, and KeyFile fields are supported. Maps to
+ the ''--grpc-server-tls-*'' CLI args.'
+ properties:
+ ca:
+ description: Struct containing the CA cert to use for the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ caFile:
+ description: Path to the CA cert in the Prometheus container to
+ use for the targets.
+ type: string
+ cert:
+ description: Struct containing the client cert file for the targets.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ certFile:
+ description: Path to the client cert file in the Prometheus container
+ for the targets.
+ type: string
+ insecureSkipVerify:
+ description: Disable target certificate validation.
+ type: boolean
+ keyFile:
+ description: Path to the client key file in the Prometheus container
+ for the targets.
+ type: string
+ keySecret:
+ description: Secret containing the client key file for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be
+ a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be
+ defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ serverName:
+ description: Used to verify the hostname for the targets.
+ type: string
+ type: object
+ hostAliases:
+ description: Pods' hostAliases configuration
+ items:
+ description: HostAlias holds the mapping between IP and hostnames
+ that will be injected as an entry in the pod's hosts file.
+ properties:
+ hostnames:
+ description: Hostnames for the above IP address.
+ items:
+ type: string
+ type: array
+ ip:
+ description: IP address of the host file entry.
+ type: string
+ required:
+ - hostnames
+ - ip
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - ip
+ x-kubernetes-list-type: map
+ image:
+ description: Thanos container image URL.
+ type: string
+ imagePullSecrets:
+ description: An optional list of references to secrets in the same
+ namespace to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod
+ items:
+ description: LocalObjectReference contains enough information to
+ let you locate the referenced object inside the same namespace.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ initContainers:
+ description: 'InitContainers allows adding initContainers to the pod
+ definition. Those can be used to e.g. fetch secrets for injection
+ into the ThanosRuler configuration from external sources. Any errors
+ during the execution of an initContainer will lead to a restart
+ of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+ Using initContainers for any use case other then secret fetching
+ is entirely outside the scope of what the maintainers will support
+ and by doing so, you accept that this behaviour may break at any
+ time without notice.'
+ items:
+ description: A single application container that you want to run
+ within a pod.
+ properties:
+ args:
+ description: 'Arguments to the entrypoint. The container image''s
+ CMD is used if this is not provided. Variable references $(VAR_NAME)
+ are expanded using the container''s environment. If a variable
+ cannot be resolved, the reference in the input string will
+ be unchanged. Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references
+ will never be expanded, regardless of whether the variable
+ exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ command:
+ description: 'Entrypoint array. Not executed within a shell.
+ The container image''s ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container''s
+ environment. If a variable cannot be resolved, the reference
+ in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax:
+ i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether
+ the variable exists or not. Cannot be updated. More info:
+ https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be
+ a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in
+ the container and any service environment variables.
+ If a variable cannot be resolved, the reference in the
+ input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists
+ or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: 'Selects a field of the pod: supports
+ metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
+ `metadata.annotations[''<KEY>'']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: List of sources to populate environment variables
+ in the container. The keys defined within a source must be
+ a C_IDENTIFIER. All invalid keys will be reported as an event
+ when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take
+ precedence. Values defined by an Env with a duplicate key
+ will take precedence. Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of a set
+ of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must be
+ defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend to each
+ key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management
+ to default or override container images in workload controllers
+ like Deployments and StatefulSets.'
+ type: string
+ imagePullPolicy:
+ description: 'Image pull policy. One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent
+ otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
+ type: string
+ lifecycle:
+ description: Actions that the management system should take
+ in response to container lifecycle events. Cannot be updated.
+ properties:
+ postStart:
+ description: 'PostStart is called immediately after a container
+ is created. If the handler fails, the container is terminated
+ and restarted according to its restart policy. Other management
+ of the container blocks until the hook completes. More
+ info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: 'PreStop is called immediately before a container
+ is terminated due to an API request or management event
+ such as liveness/startup probe failure, preemption, resource
+ contention, etc. The handler is not called if the container
+ crashes or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the container
+ will eventually terminate within the Pod''s termination
+ grace period (unless delayed by finalizers). Other management
+ of the container blocks until the hook completes or until
+ the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for
+ the command is root ('/') in the container's
+ filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell, you need
+ to explicitly call out to that shell. Exit status
+ of 0 is treated as live/healthy and non-zero is
+ unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to
+ the pod IP. You probably want to set "Host" in
+ httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the
+ host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward compatibility.
+ There are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to,
+ defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: 'Periodic probe of container liveness. Container
+ will be restarted if the probe fails. Cannot be updated. More
+ info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: List of ports to expose from the container. Not
+ specifying a port here DOES NOT prevent that port from being
+ exposed. Any port which is listening on the default "0.0.0.0"
+ address inside a container will be accessible from the network.
+ Modifying this array with strategic merge patch may corrupt
+ the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network port in a
+ single container.
+ properties:
+ containerPort:
+ description: Number of port to expose on the pod's IP
+ address. This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external port to.
+ type: string
+ hostPort:
+ description: Number of port to expose on the host. If
+ specified, this must be a valid port number, 0 < x <
+ 65536. If HostNetwork is specified, this must match
+ ContainerPort. Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: If specified, this must be an IANA_SVC_NAME
+ and unique within the pod. Each named port in a pod
+ must have a unique name. Name for the port that can
+ be referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: 'Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe
+ fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: 'Compute Resources required by this container.
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: 'SecurityContext defines the security options the
+ container should be run with. If set, the fields of SecurityContext
+ override the equivalent fields of PodSecurityContext. More
+ info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls whether
+ a process can gain more privileges than its parent process.
+ This bool directly controls if the no_new_privs flag will
+ be set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run as Privileged
+ 2) has CAP_SYS_ADMIN Note that this field cannot be set
+ when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by
+ the container runtime. Note that this field cannot be
+ set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent to
+ root on the host. Defaults to false. Note that this field
+ cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc mount to
+ use for the containers. The default is DefaultProcMount
+ which uses the container runtime defaults for readonly
+ paths and masked paths. This requires the ProcMountType
+ feature flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only root
+ filesystem. Default is false. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the container
+ process. Uses runtime default if unset. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a
+ non-root user. If true, the Kubelet will validate the
+ image at runtime to ensure that it does not run as UID
+ 0 (root) and fail to start the container if it does. If
+ unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container
+ process. Defaults to user specified in image metadata
+ if unspecified. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a
+ random SELinux context for each container. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence. Note that this field cannot be set when
+ spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies
+ to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies
+ to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies
+ to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies
+ to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this container.
+ If seccomp options are provided at both the pod & container
+ level, the container options override the pod options.
+ Note that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile
+ must be preconfigured on the node to work. Must be
+ a descending path, relative to the kubelet's configured
+ seccomp profile location. Must only be set if type
+ is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost -
+ a profile defined in a file on the node should be
+ used. RuntimeDefault - the container runtime default
+ profile should be used. Unconfined - no profile should
+ be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied to all
+ containers. If unspecified, the options from the PodSecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is
+ linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named
+ by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the
+ GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. This field is
+ alpha-level and will only be honored by components
+ that enable the WindowsHostProcessContainers feature
+ flag. Setting this field without the feature flag
+ will result in errors when validating the Pod. All
+ of a Pod's containers must have the same effective
+ HostProcess value (it is not allowed to have a mix
+ of HostProcess containers and non-HostProcess containers). In
+ addition, if HostProcess is true then HostNetwork
+ must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: 'StartupProbe indicates that the Pod has successfully
+ initialized. If specified, no other probes are executed until
+ this completes successfully. If this probe fails, the Pod
+ will be restarted, just as if the livenessProbe failed. This
+ can be used to provide different probe parameters at the beginning
+ of a Pod''s lifecycle, when it might take a long time to load
+ data or warm a cache, than during steady-state operation.
+ This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to execute
+ inside the container, the working directory for the
+ command is root ('/') in the container's filesystem.
+ The command is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is treated
+ as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the probe
+ to be considered failed after having succeeded. Defaults
+ to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults to the
+ pod IP. You probably want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP
+ allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header
+ to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container has
+ started before liveness probes are initiated. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the probe
+ to be considered successful after having failed. Defaults
+ to 1. Must be 1 for liveness and startup. Minimum value
+ is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP
+ port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults
+ to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access on
+ the container. Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and the
+ time when the processes are forcibly halted with a kill
+ signal. Set this value longer than the expected cleanup
+ time for your process. If this value is nil, the pod's
+ terminationGracePeriodSeconds will be used. Otherwise,
+ this value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity to
+ shut down). This is a beta field and requires enabling
+ ProbeTerminationGracePeriod feature gate. Minimum value
+ is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the probe times
+ out. Defaults to 1 second. Minimum value is 1. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: Whether this container should allocate a buffer
+ for stdin in the container runtime. If this is not set, reads
+ from stdin in the container will always result in EOF. Default
+ is false.
+ type: boolean
+ stdinOnce:
+ description: Whether the container runtime should close the
+ stdin channel after it has been opened by a single attach.
+ When stdin is true the stdin stream will remain open across
+ multiple attach sessions. If stdinOnce is set to true, stdin
+ is opened on container start, is empty until the first client
+ attaches to stdin, and then remains open and accepts data
+ until the client disconnects, at which time stdin is closed
+ and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin
+ will never receive an EOF. Default is false
+ type: boolean
+ terminationMessagePath:
+ description: 'Optional: Path at which the file to which the
+ container''s termination message will be written is mounted
+ into the container''s filesystem. Message written is intended
+ to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes.
+ The total message length across all containers will be limited
+ to 12kb. Defaults to /dev/termination-log. Cannot be updated.'
+ type: string
+ terminationMessagePolicy:
+ description: Indicate how the termination message should be
+ populated. File will use the contents of terminationMessagePath
+ to populate the container status message on both success and
+ failure. FallbackToLogsOnError will use the last chunk of
+ container log output if the termination message file is empty
+ and the container exited with an error. The log output is
+ limited to 2048 bytes or 80 lines, whichever is smaller. Defaults
+ to File. Cannot be updated.
+ type: string
+ tty:
+ description: Whether this container should allocate a TTY for
+ itself, also requires 'stdin' to be true. Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices to be
+ used by the container.
+ items:
+ description: volumeDevice describes a mapping of a raw block
+ device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside of the container
+ that the device will be mapped to.
+ type: string
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a Volume
+ within a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the volume
+ should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts are
+ propagated from the host to container and the other
+ way around. When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves similarly
+ to SubPath but environment variable references $(VAR_NAME)
+ are expanded using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath are mutually
+ exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: Container's working directory. If not specified,
+ the container runtime's default will be used, which might
+ be configured in the container image. Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ description: Labels configure the external label pairs to ThanosRuler.
+ A default replica label `thanos_ruler_replica` will be always added as
+ a label with the value of the pod's name and it will be dropped
+ in the alerts.
+ type: object
+ listenLocal:
+ description: ListenLocal makes the Thanos ruler listen on loopback,
+ so that it does not bind against the Pod IP.
+ type: boolean
+ logFormat:
+ description: Log format for ThanosRuler to be configured with.
+ enum:
+ - ""
+ - logfmt
+ - json
+ type: string
+ logLevel:
+ description: Log level for ThanosRuler to be configured with.
+ enum:
+ - ""
+ - debug
+ - info
+ - warn
+ - error
+ type: string
+ minReadySeconds:
+ description: Minimum number of seconds for which a newly created pod
+ should be ready without any of its container crashing for it to
+ be considered available. Defaults to 0 (pod will be considered available
+ as soon as it is ready) This is an alpha field and requires enabling
+ StatefulSetMinReadySeconds feature gate.
+ format: int32
+ type: integer
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: Define which Nodes the Pods are scheduled on.
+ type: object
+ objectStorageConfig:
+ description: ObjectStorageConfig configures object storage in Thanos.
+ Alternative to ObjectStorageConfigFile, and lower order priority.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a
+ valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ objectStorageConfigFile:
+ description: ObjectStorageConfigFile specifies the path of the object
+ storage configuration file. When used alongside with ObjectStorageConfig,
+ ObjectStorageConfigFile takes precedence.
+ type: string
+ paused:
+ description: When a ThanosRuler deployment is paused, no actions except
+ for deletion will be performed on the underlying objects.
+ type: boolean
+ podMetadata:
+ description: PodMetadata contains Labels and Annotations gets propagated
+ to the thanos ruler pods.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'Annotations is an unstructured key value map stored
+ with a resource that may be set by external tools to store and
+ retrieve arbitrary metadata. They are not queryable and should
+ be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations'
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: 'Map of string keys and values that can be used to
+ organize and categorize (scope and select) objects. May match
+ selectors of replication controllers and services. More info:
+ http://kubernetes.io/docs/user-guide/labels'
+ type: object
+ name:
+ description: 'Name must be unique within a namespace. Is required
+ when creating resources, although some resources may allow a
+ client to request the generation of an appropriate name automatically.
+ Name is primarily intended for creation idempotence and configuration
+ definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names'
+ type: string
+ type: object
+ portName:
+ description: Port name used for the pods and governing service. This
+ defaults to web
+ type: string
+ priorityClassName:
+ description: Priority class assigned to the Pods
+ type: string
+ prometheusRulesExcludedFromEnforce:
+ description: 'PrometheusRulesExcludedFromEnforce - list of Prometheus
+ rules to be excluded from enforcing of adding namespace labels.
+ Works only if enforcedNamespaceLabel set to true. Make sure both
+ ruleNamespace and ruleName are set for each pair Deprecated: use
+ excludedFromEnforcement instead.'
+ items:
+ description: PrometheusRuleExcludeConfig enables users to configure
+ excluded PrometheusRule names and their namespaces to be ignored
+ while enforcing namespace label for alerts and metrics.
+ properties:
+ ruleName:
+ description: RuleNamespace - name of excluded rule
+ type: string
+ ruleNamespace:
+ description: RuleNamespace - namespace of excluded rule
+ type: string
+ required:
+ - ruleName
+ - ruleNamespace
+ type: object
+ type: array
+ queryConfig:
+ description: Define configuration for connecting to thanos query instances.
+ If this is defined, the QueryEndpoints field will be ignored. Maps
+ to the `query.config` CLI argument. Only available with thanos v0.11.0
+ and higher.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a
+ valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ queryEndpoints:
+ description: QueryEndpoints defines Thanos querier endpoints from
+ which to query metrics. Maps to the --query flag of thanos ruler.
+ items:
+ type: string
+ type: array
+ replicas:
+ description: Number of thanos ruler instances to deploy.
+ format: int32
+ type: integer
+ resources:
+ description: Resources defines the resource requirements for single
+ Pods. If not provided, no requests/limits will be set
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute resources
+ allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ retention:
+ default: 24h
+ description: Time duration ThanosRuler shall retain data for. Default
+ is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)`
+ (milliseconds seconds minutes hours days weeks years).
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
+ type: string
+ routePrefix:
+ description: The route prefix ThanosRuler registers HTTP handlers
+ for. This allows thanos UI to be served on a sub-path.
+ type: string
+ ruleNamespaceSelector:
+ description: Namespaces to be selected for Rules discovery. If unspecified,
+ only the same namespace as the ThanosRuler object is in is used.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ ruleSelector:
+ description: A label selector to select which PrometheusRules to mount
+ for alerting and recording.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ securityContext:
+ description: SecurityContext holds pod-level security attributes and
+ common container settings. This defaults to the default PodSecurityContext.
+ properties:
+ fsGroup:
+ description: "A special supplemental group that applies to all
+ containers in a pod. Some volume types allow the Kubelet to
+ change the ownership of that volume to be owned by the pod:
+ \n 1. The owning GID will be the FSGroup 2. The setgid bit is
+ set (new files created in the volume will be owned by FSGroup)
+ 3. The permission bits are OR'd with rw-rw---- \n If unset,
+ the Kubelet will not modify the ownership and permissions of
+ any volume. Note that this field cannot be set when spec.os.name
+ is windows."
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: 'fsGroupChangePolicy defines behavior of changing
+ ownership and permission of the volume before being exposed
+ inside Pod. This field will only apply to volume types which
+ support fsGroup based ownership(and permissions). It will have
+ no effect on ephemeral volume types such as: secret, configmaps
+ and emptydir. Valid values are "OnRootMismatch" and "Always".
+ If not specified, "Always" is used. Note that this field cannot
+ be set when spec.os.name is windows.'
+ type: string
+ runAsGroup:
+ description: The GID to run the entrypoint of the container process.
+ Uses runtime default if unset. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run as a non-root
+ user. If true, the Kubelet will validate the image at runtime
+ to ensure that it does not run as UID 0 (root) and fail to start
+ the container if it does. If unset or false, no such validation
+ will be performed. May also be set in SecurityContext. If set
+ in both SecurityContext and PodSecurityContext, the value specified
+ in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in SecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container. Note that this field cannot
+ be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to all containers.
+ If unspecified, the container runtime will allocate a random
+ SELinux context for each container. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to
+ the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to
+ the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to
+ the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to
+ the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by the containers in this
+ pod. Note that this field cannot be set when spec.os.name is
+ windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile defined
+ in a file on the node should be used. The profile must be
+ preconfigured on the node to work. Must be a descending
+ path, relative to the kubelet's configured seccomp profile
+ location. Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind of seccomp profile
+ will be applied. Valid options are: \n Localhost - a profile
+ defined in a file on the node should be used. RuntimeDefault
+ - the container runtime default profile should be used.
+ Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: A list of groups applied to the first process run
+ in each container, in addition to the container's primary GID. If
+ unspecified, no groups will be added to any container. Note
+ that this field cannot be set when spec.os.name is windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ description: Sysctls hold a list of namespaced sysctls used for
+ the pod. Pods with unsupported sysctls (by the container runtime)
+ might fail to launch. Note that this field cannot be set when
+ spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ description: The Windows specific settings applied to all containers.
+ If unspecified, the options within a container's SecurityContext
+ will be used. If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA admission
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential spec named by
+ the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA
+ credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container should
+ be run as a 'Host Process' container. This field is alpha-level
+ and will only be honored by components that enable the WindowsHostProcessContainers
+ feature flag. Setting this field without the feature flag
+ will result in errors when validating the Pod. All of a
+ Pod's containers must have the same effective HostProcess
+ value (it is not allowed to have a mix of HostProcess containers
+ and non-HostProcess containers). In addition, if HostProcess
+ is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the entrypoint
+ of the container process. Defaults to the user specified
+ in image metadata if unspecified. May also be set in PodSecurityContext.
+ If set in both SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ serviceAccountName:
+ description: ServiceAccountName is the name of the ServiceAccount
+ to use to run the Thanos Ruler Pods.
+ type: string
+ storage:
+ description: Storage spec to specify how storage shall be used.
+ properties:
+ disableMountSubPath:
+ description: 'Deprecated: subPath usage will be disabled by default
+ in a future release, this option will become unnecessary. DisableMountSubPath
+ allows to remove any subPath usage in volume mounts.'
+ type: boolean
+ emptyDir:
+ description: 'EmptyDirVolumeSource to be used by the Prometheus
+ StatefulSets. If specified, used in place of any volumeClaimTemplate.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir'
+ properties:
+ medium:
+ description: 'medium represents what type of storage medium
+ should back this directory. The default is "" which means
+ to use the node''s default medium. Must be an empty string
+ (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'sizeLimit is the total amount of local storage
+ required for this EmptyDir volume. The size limit is also
+ applicable for memory medium. The maximum usage on memory
+ medium EmptyDir would be the minimum value between the SizeLimit
+ specified here and the sum of memory limits of all containers
+ in a pod. The default is nil which means that the limit
+ is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: 'EphemeralVolumeSource to be used by the Prometheus
+ StatefulSets. This is a beta field in k8s 1.21, for lower versions,
+ starting with k8s 1.19, it requires enabling the GenericEphemeralVolume
+ feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes'
+ properties:
+ volumeClaimTemplate:
+ description: "Will be used to create a stand-alone PVC to
+ provision the volume. The pod in which this EphemeralVolumeSource
+ is embedded will be the owner of the PVC, i.e. the PVC will
+ be deleted together with the pod. The name of the PVC will
+ be `<pod name>-<volume name>` where `<volume name>` is the
+ name from the `PodSpec.Volumes` array entry. Pod validation
+ will reject the pod if the concatenated name is not valid
+ for a PVC (for example, too long). \n An existing PVC with
+ that name that is not owned by the pod will *not* be used
+ for the pod to avoid using an unrelated volume by mistake.
+ Starting the pod is then blocked until the unrelated PVC
+ is removed. If such a pre-created PVC is meant to be used
+ by the pod, the PVC has to updated with an owner reference
+ to the pod once the pod exists. Normally this should not
+ be necessary, but it may be useful when manually reconstructing
+ a broken cluster. \n This field is read-only and no changes
+ will be made by Kubernetes to the PVC after it has been
+ created. \n Required, must not be nil."
+ properties:
+ metadata:
+ description: May contain labels and annotations that will
+ be copied into the PVC when creating it. No other fields
+ are allowed and will be rejected during validation.
+ type: object
+ spec:
+ description: The specification for the PersistentVolumeClaim.
+ The entire content is copied unchanged into the PVC
+ that gets created from this template. The same fields
+ as in a PersistentVolumeClaim are also valid here.
+ properties:
+ accessModes:
+ description: 'accessModes contains the desired access
+ modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'dataSource field can be used to specify
+ either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim) If the
+ provisioner or an external controller can support
+ the specified data source, it will create a new
+ volume based on the contents of the specified data
+ source. If the AnyVolumeDataSource feature gate
+ is enabled, this field will always have the same
+ contents as the DataSourceRef field.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is
+ required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: 'dataSourceRef specifies the object from
+ which to populate the volume with data, if a non-empty
+ volume is desired. This may be any local object
+ from a non-empty API group (non core object) or
+ a PersistentVolumeClaim object. When this field
+ is specified, volume binding will only succeed if
+ the type of the specified object matches some installed
+ volume populator or dynamic provisioner. This field
+ will replace the functionality of the DataSource
+ field and as such if both fields are non-empty,
+ they must have the same value. For backwards compatibility,
+ both fields (DataSource and DataSourceRef) will
+ be set to the same value automatically if one of
+ them is empty and the other is non-empty. There
+ are two important differences between DataSource
+ and DataSourceRef: * While DataSource only allows
+ two specific types of objects, DataSourceRef allows
+ any non-core object, as well as PersistentVolumeClaim
+ objects. * While DataSource ignores disallowed values
+ (dropping them), DataSourceRef preserves all values,
+ and generates an error if a disallowed value is
+ specified. (Beta) Using this field requires the
+ AnyVolumeDataSource feature gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is
+ required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ resources:
+ description: 'resources represents the minimum resources
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than previous
+ value but must still be higher than capacity recorded
+ in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount
+ of compute resources required. If Requests is
+ omitted for a container, it defaults to Limits
+ if that is explicitly specified, otherwise to
+ an implementation-defined value. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes
+ to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement is
+ a selector that contains values, a key, and
+ an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty. If
+ the operator is Exists or DoesNotExist,
+ the values array must be empty. This array
+ is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is "In",
+ and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: 'storageClassName is the name of the
+ StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of volume
+ is required by the claim. Value of Filesystem is
+ implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference to
+ the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ volumeClaimTemplate:
+ description: A PVC spec to be used by the Prometheus StatefulSets.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this
+ representation of an object. Servers should convert recognized
+ schemas to the latest internal value, and may reject unrecognized
+ values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST
+ resource this object represents. Servers may infer this
+ from the endpoint the client submits requests to. Cannot
+ be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ description: EmbeddedMetadata contains metadata relevant to
+ an EmbeddedResource.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'Annotations is an unstructured key value
+ map stored with a resource that may be set by external
+ tools to store and retrieve arbitrary metadata. They
+ are not queryable and should be preserved when modifying
+ objects. More info: http://kubernetes.io/docs/user-guide/annotations'
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: 'Map of string keys and values that can be
+ used to organize and categorize (scope and select) objects.
+ May match selectors of replication controllers and services.
+ More info: http://kubernetes.io/docs/user-guide/labels'
+ type: object
+ name:
+ description: 'Name must be unique within a namespace.
+ Is required when creating resources, although some resources
+ may allow a client to request the generation of an appropriate
+ name automatically. Name is primarily intended for creation
+ idempotence and configuration definition. Cannot be
+ updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names'
+ type: string
+ type: object
+ spec:
+ description: 'Spec defines the desired characteristics of
+ a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ accessModes:
+ description: 'accessModes contains the desired access
+ modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'dataSource field can be used to specify
+ either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim) If the provisioner
+ or an external controller can support the specified
+ data source, it will create a new volume based on the
+ contents of the specified data source. If the AnyVolumeDataSource
+ feature gate is enabled, this field will always have
+ the same contents as the DataSourceRef field.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: 'dataSourceRef specifies the object from
+ which to populate the volume with data, if a non-empty
+ volume is desired. This may be any local object from
+ a non-empty API group (non core object) or a PersistentVolumeClaim
+ object. When this field is specified, volume binding
+ will only succeed if the type of the specified object
+ matches some installed volume populator or dynamic provisioner.
+ This field will replace the functionality of the DataSource
+ field and as such if both fields are non-empty, they
+ must have the same value. For backwards compatibility,
+ both fields (DataSource and DataSourceRef) will be set
+ to the same value automatically if one of them is empty
+ and the other is non-empty. There are two important
+ differences between DataSource and DataSourceRef: *
+ While DataSource only allows two specific types of objects,
+ DataSourceRef allows any non-core object, as well as
+ PersistentVolumeClaim objects. * While DataSource ignores
+ disallowed values (dropping them), DataSourceRef preserves
+ all values, and generates an error if a disallowed value
+ is specified. (Beta) Using this field requires the AnyVolumeDataSource
+ feature gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ resources:
+ description: 'resources represents the minimum resources
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify resource
+ requirements that are lower than previous value but
+ must still be higher than capacity recorded in the status
+ field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount
+ of compute resources required. If Requests is omitted
+ for a container, it defaults to Limits if that is
+ explicitly specified, otherwise to an implementation-defined
+ value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes to
+ consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In,
+ NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values
+ array must be non-empty. If the operator is
+ Exists or DoesNotExist, the values array must
+ be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field
+ is "key", the operator is "In", and the values array
+ contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: 'storageClassName is the name of the StorageClass
+ required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of volume is
+ required by the claim. Value of Filesystem is implied
+ when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference to the
+ PersistentVolume backing this claim.
+ type: string
+ type: object
+ status:
+ description: 'Status represents the current information/status
+ of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ accessModes:
+ description: 'accessModes contains the actual access modes
+ the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ allocatedResources:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: allocatedResources is the storage resource
+ within AllocatedResources tracks the capacity allocated
+ to a PVC. It may be larger than the actual capacity
+ when a volume expansion operation is requested. For
+ storage quota, the larger value from allocatedResources
+ and PVC.spec.resources is used. If allocatedResources
+ is not set, PVC.spec.resources alone is used for quota
+ calculation. If a volume expansion capacity request
+ is lowered, allocatedResources is only lowered if there
+ are no expansion operations in progress and if the actual
+ volume capacity is equal or lower than the requested
+ capacity. This is an alpha field and requires enabling
+ RecoverVolumeExpansionFailure feature.
+ type: object
+ capacity:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: capacity represents the actual resources
+ of the underlying volume.
+ type: object
+ conditions:
+ description: conditions is the current Condition of persistent
+ volume claim. If underlying persistent volume is being
+ resized then the Condition will be set to 'ResizeStarted'.
+ items:
+ description: PersistentVolumeClaimCondition contails
+ details about state of pvc
+ properties:
+ lastProbeTime:
+ description: lastProbeTime is the time we probed
+ the condition.
+ format: date-time
+ type: string
+ lastTransitionTime:
+ description: lastTransitionTime is the time the
+ condition transitioned from one status to another.
+ format: date-time
+ type: string
+ message:
+ description: message is the human-readable message
+ indicating details about last transition.
+ type: string
+ reason:
+ description: reason is a unique, this should be
+ a short, machine understandable string that gives
+ the reason for condition's last transition. If
+ it reports "ResizeStarted" that means the underlying
+ persistent volume is being resized.
+ type: string
+ status:
+ type: string
+ type:
+ description: PersistentVolumeClaimConditionType
+ is a valid value of PersistentVolumeClaimCondition.Type
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ phase:
+ description: phase represents the current phase of PersistentVolumeClaim.
+ type: string
+ resizeStatus:
+ description: resizeStatus stores status of resize operation.
+ ResizeStatus is not set by default but when expansion
+ is complete resizeStatus is set to empty string by resize
+ controller or kubelet. This is an alpha field and requires
+ enabling RecoverVolumeExpansionFailure feature.
+ type: string
+ type: object
+ type: object
+ type: object
+ tolerations:
+ description: If specified, the pod's tolerations.
+ items:
+ description: The pod this Toleration is attached to tolerates any
+ taint that matches the triple <key,value,effect> using the matching
+ operator <operator>.
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match. Empty
+ means match all taint effects. When specified, allowed values
+ are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration applies
+ to. Empty means match all taint keys. If the key is empty,
+ operator must be Exists; this combination means to match all
+ values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship to the
+ value. Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod
+ can tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of time
+ the toleration (which must be of effect NoExecute, otherwise
+ this field is ignored) tolerates the taint. By default, it
+ is not set, which means tolerate the taint forever (do not
+ evict). Zero and negative values will be treated as 0 (evict
+ immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration matches
+ to. If the operator is Exists, the value should be empty,
+ otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ topologySpreadConstraints:
+ description: If specified, the pod's topology spread constraints.
+ items:
+ description: TopologySpreadConstraint specifies how to spread matching
+ pods among the given topology.
+ properties:
+ labelSelector:
+ description: LabelSelector is used to find matching pods. Pods
+ that match this label selector are counted to determine the
+ number of pods in their corresponding topology domain.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: MatchLabelKeys is a set of pod label keys to select
+ the pods over which spreading will be calculated. The keys
+ are used to lookup values from the incoming pod labels, those
+ key-value labels are ANDed with labelSelector to select the
+ group of existing pods over which spreading will be calculated
+ for the incoming pod. Keys that don't exist in the incoming
+ pod labels will be ignored. A null or empty list means only
+ match against labelSelector.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ maxSkew:
+ description: 'MaxSkew describes the degree to which pods may
+ be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
+ it is the maximum permitted difference between the number
+ of matching pods in the target topology and the global minimum.
+ The global minimum is the minimum number of matching pods
+ in an eligible domain or zero if the number of eligible domains
+ is less than MinDomains. For example, in a 3-zone cluster,
+ MaxSkew is set to 1, and pods with the same labelSelector
+ spread as 2/2/1: In this case, the global minimum is 1. |
+ zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew
+ is 1, incoming pod can only be scheduled to zone3 to become
+ 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1)
+ on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming
+ pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+ it is used to give higher precedence to topologies that satisfy
+ it. It''s a required field. Default value is 1 and 0 is not
+ allowed.'
+ format: int32
+ type: integer
+ minDomains:
+ description: "MinDomains indicates a minimum number of eligible
+ domains. When the number of eligible domains with matching
+ topology keys is less than minDomains, Pod Topology Spread
+ treats \"global minimum\" as 0, and then the calculation of
+ Skew is performed. And when the number of eligible domains
+ with matching topology keys equals or greater than minDomains,
+ this value has no effect on scheduling. As a result, when
+ the number of eligible domains is less than minDomains, scheduler
+ won't schedule more than maxSkew Pods to those domains. If
+ value is nil, the constraint behaves as if MinDomains is equal
+ to 1. Valid values are integers greater than 0. When value
+ is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For
+ example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains
+ is set to 5 and pods with the same labelSelector spread as
+ 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P |
+ The number of domains is less than 5(MinDomains), so \"global
+ minimum\" is treated as 0. In this situation, new pod with
+ the same labelSelector cannot be scheduled, because computed
+ skew will be 3(3 - 0) if new Pod is scheduled to any of the
+ three zones, it will violate MaxSkew. \n This is a beta field
+ and requires the MinDomainsInPodTopologySpread feature gate
+ to be enabled (enabled by default)."
+ format: int32
+ type: integer
+ nodeAffinityPolicy:
+ description: "NodeAffinityPolicy indicates how we will treat
+ Pod's nodeAffinity/nodeSelector when calculating pod topology
+ spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector
+ are included in the calculations. - Ignore: nodeAffinity/nodeSelector
+ are ignored. All nodes are included in the calculations. \n
+ If this value is nil, the behavior is equivalent to the Honor
+ policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread
+ feature flag."
+ type: string
+ nodeTaintsPolicy:
+ description: "NodeTaintsPolicy indicates how we will treat node
+ taints when calculating pod topology spread skew. Options
+ are: - Honor: nodes without taints, along with tainted nodes
+ for which the incoming pod has a toleration, are included.
+ - Ignore: node taints are ignored. All nodes are included.
+ \n If this value is nil, the behavior is equivalent to the
+ Ignore policy. This is a alpha-level feature enabled by the
+ NodeInclusionPolicyInPodTopologySpread feature flag."
+ type: string
+ topologyKey:
+ description: TopologyKey is the key of node labels. Nodes that
+ have a label with this key and identical values are considered
+ to be in the same topology. We consider each <key, value>
+ as a "bucket", and try to put balanced number of pods into
+ each bucket. We define a domain as a particular instance of
+ a topology. Also, we define an eligible domain as a domain
+ whose nodes meet the requirements of nodeAffinityPolicy and
+ nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname",
+ each Node is a domain of that topology. And, if TopologyKey
+ is "topology.kubernetes.io/zone", each zone is a domain of
+ that topology. It's a required field.
+ type: string
+ whenUnsatisfiable:
+ description: 'WhenUnsatisfiable indicates how to deal with a
+ pod if it doesn''t satisfy the spread constraint. - DoNotSchedule
+ (default) tells the scheduler not to schedule it. - ScheduleAnyway
+ tells the scheduler to schedule the pod in any location, but
+ giving higher precedence to topologies that would help reduce
+ the skew. A constraint is considered "Unsatisfiable" for an
+ incoming pod if and only if every possible node assignment
+ for that pod would violate "MaxSkew" on some topology. For
+ example, in a 3-zone cluster, MaxSkew is set to 1, and pods
+ with the same labelSelector spread as 3/1/1: | zone1 | zone2
+ | zone3 | | P P P | P | P | If WhenUnsatisfiable is
+ set to DoNotSchedule, incoming pod can only be scheduled to
+ zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on
+ zone2(zone3) satisfies MaxSkew(1). In other words, the cluster
+ can still be imbalanced, but scheduler won''t make it *more*
+ imbalanced. It''s a required field.'
+ type: string
+ required:
+ - maxSkew
+ - topologyKey
+ - whenUnsatisfiable
+ type: object
+ type: array
+ tracingConfig:
+ description: TracingConfig configures tracing in Thanos. This is an
+ experimental feature, it may change in any upcoming release in a
+ breaking way.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a
+ valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ tracingConfigFile:
+ description: TracingConfig specifies the path of the tracing configuration
+ file. When used alongside with TracingConfig, TracingConfigFile
+ takes precedence.
+ type: string
+ volumes:
+ description: Volumes allows configuration of additional volumes on
+ the output StatefulSet definition. Volumes specified will be appended
+ to other volumes that are generated as a result of StorageSpec objects.
+ items:
+ description: Volume represents a named volume in a pod that may
+ be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'awsElasticBlockStore represents an AWS Disk resource
+ that is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the volume that
+ you want to mount. If omitted, the default is to mount
+ by volume name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly value true will force the readOnly
+ setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'volumeID is unique ID of the persistent disk
+ resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: azureDisk represents an Azure Data Disk mount on
+ the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'cachingMode is the Host Caching mode: None,
+ Read Only, Read Write.'
+ type: string
+ diskName:
+ description: diskName is the Name of the data disk in the
+ blob storage
+ type: string
+ diskURI:
+ description: diskURI is the URI of data disk in the blob
+ storage
+ type: string
+ fsType:
+ description: fsType is Filesystem type to mount. Must be
+ a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ kind:
+ description: 'kind expected values are Shared: multiple
+ blob disks per storage account Dedicated: single blob
+ disk per storage account Managed: azure managed data
+ disk (only in managed availability set). defaults to shared'
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: azureFile represents an Azure File Service mount
+ on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: secretName is the name of secret that contains
+ Azure Storage Account Name and Key
+ type: string
+ shareName:
+ description: shareName is the azure share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: cephFS represents a Ceph FS mount on the host that
+ shares a pod's lifetime
+ properties:
+ monitors:
+ description: 'monitors is Required: Monitors is a collection
+ of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ path:
+ description: 'path is Optional: Used as the mounted root,
+ rather than the full Ceph tree, default is /'
+ type: string
+ readOnly:
+ description: 'readOnly is Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'secretFile is Optional: SecretFile is the
+ path to key ring for User, default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'secretRef is Optional: SecretRef is reference
+ to the authentication secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: 'user is optional: User is the rados user name,
+ default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'cinder represents a cinder volume attached and
+ mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to
+ be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'secretRef is optional: points to a secret
+ object containing parameters used to connect to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeID:
+ description: 'volumeID used to identify the volume in cinder.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: configMap represents a configMap that should populate
+ this volume
+ properties:
+ defaultMode:
+ description: 'defaultMode is optional: mode bits used to
+ set permissions on created files by default. Must be an
+ octal value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items if unspecified, each key-value pair in
+ the Data field of the referenced ConfigMap will be projected
+ into the volume as a file whose name is the key and content
+ is the value. If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in
+ the ConfigMap, the volume setup will error unless it is
+ marked optional. Paths must be relative and may not contain
+ the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits used to
+ set permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. If not
+ specified, the volume defaultMode will be used.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of the file
+ to map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap or its
+ keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ csi:
+ description: csi (Container Storage Interface) represents ephemeral
+ storage that is handled by certain external CSI drivers (Beta
+ feature).
+ properties:
+ driver:
+ description: driver is the name of the CSI driver that handles
+ this volume. Consult with your admin for the correct name
+ as registered in the cluster.
+ type: string
+ fsType:
+ description: fsType to mount. Ex. "ext4", "xfs", "ntfs".
+ If not provided, the empty value is passed to the associated
+ CSI driver which will determine the default filesystem
+ to apply.
+ type: string
+ nodePublishSecretRef:
+ description: nodePublishSecretRef is a reference to the
+ secret object containing sensitive information to pass
+ to the CSI driver to complete the CSI NodePublishVolume
+ and NodeUnpublishVolume calls. This field is optional,
+ and may be empty if no secret is required. If the secret
+ object contains more than one secret, all secret references
+ are passed.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ readOnly:
+ description: readOnly specifies a read-only configuration
+ for the volume. Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: volumeAttributes stores driver-specific properties
+ that are passed to the CSI driver. Consult your driver's
+ documentation for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: downwardAPI represents downward API about the pod
+ that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on created files
+ by default. Must be a Optional: mode bits used to set
+ permissions on created files by default. Must be an octal
+ value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API volume file
+ items:
+ description: DownwardAPIVolumeFile represents information
+ to create the file containing the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of the pod:
+ only annotations, labels, name and namespace are
+ supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: 'Optional: mode bits used to set permissions
+ on this file, must be an octal value between 0000
+ and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires
+ decimal values for mode bits. If not specified,
+ the volume defaultMode will be used. This might
+ be in conflict with other options that affect the
+ file mode, like fsGroup, and the result can be other
+ mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative path
+ name of the file to be created. Must not be absolute
+ or contain the ''..'' path. Must be utf-8 encoded.
+ The first item of the relative path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'emptyDir represents a temporary directory that
+ shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'medium represents what type of storage medium
+ should back this directory. The default is "" which means
+ to use the node''s default medium. Must be an empty string
+ (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'sizeLimit is the total amount of local storage
+ required for this EmptyDir volume. The size limit is also
+ applicable for memory medium. The maximum usage on memory
+ medium EmptyDir would be the minimum value between the
+ SizeLimit specified here and the sum of memory limits
+ of all containers in a pod. The default is nil which means
+ that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: "ephemeral represents a volume that is handled
+ by a cluster storage driver. The volume's lifecycle is tied
+ to the pod that defines it - it will be created before the
+ pod starts, and deleted when the pod is removed. \n Use this
+ if: a) the volume is only needed while the pod runs, b) features
+ of normal volumes like restoring from snapshot or capacity
+ tracking are needed, c) the storage driver is specified through
+ a storage class, and d) the storage driver supports dynamic
+ volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource
+ for more information on the connection between this volume
+ type and PersistentVolumeClaim). \n Use PersistentVolumeClaim
+ or one of the vendor-specific APIs for volumes that persist
+ for longer than the lifecycle of an individual pod. \n Use
+ CSI for light-weight local ephemeral volumes if the CSI driver
+ is meant to be used that way - see the documentation of the
+ driver for more information. \n A pod can use both types of
+ ephemeral volumes and persistent volumes at the same time."
+ properties:
+ volumeClaimTemplate:
+ description: "Will be used to create a stand-alone PVC to
+ provision the volume. The pod in which this EphemeralVolumeSource
+ is embedded will be the owner of the PVC, i.e. the PVC
+ will be deleted together with the pod. The name of the
+ PVC will be `<pod name>-<volume name>` where `<volume
+ name>` is the name from the `PodSpec.Volumes` array entry.
+ Pod validation will reject the pod if the concatenated
+ name is not valid for a PVC (for example, too long). \n
+ An existing PVC with that name that is not owned by the
+ pod will *not* be used for the pod to avoid using an unrelated
+ volume by mistake. Starting the pod is then blocked until
+ the unrelated PVC is removed. If such a pre-created PVC
+ is meant to be used by the pod, the PVC has to updated
+ with an owner reference to the pod once the pod exists.
+ Normally this should not be necessary, but it may be useful
+ when manually reconstructing a broken cluster. \n This
+ field is read-only and no changes will be made by Kubernetes
+ to the PVC after it has been created. \n Required, must
+ not be nil."
+ properties:
+ metadata:
+ description: May contain labels and annotations that
+ will be copied into the PVC when creating it. No other
+ fields are allowed and will be rejected during validation.
+ type: object
+ spec:
+ description: The specification for the PersistentVolumeClaim.
+ The entire content is copied unchanged into the PVC
+ that gets created from this template. The same fields
+ as in a PersistentVolumeClaim are also valid here.
+ properties:
+ accessModes:
+ description: 'accessModes contains the desired access
+ modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'dataSource field can be used to specify
+ either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim) If the
+ provisioner or an external controller can support
+ the specified data source, it will create a new
+ volume based on the contents of the specified
+ data source. If the AnyVolumeDataSource feature
+ gate is enabled, this field will always have the
+ same contents as the DataSourceRef field.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API
+ group. For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: 'dataSourceRef specifies the object
+ from which to populate the volume with data, if
+ a non-empty volume is desired. This may be any
+ local object from a non-empty API group (non core
+ object) or a PersistentVolumeClaim object. When
+ this field is specified, volume binding will only
+ succeed if the type of the specified object matches
+ some installed volume populator or dynamic provisioner.
+ This field will replace the functionality of the
+ DataSource field and as such if both fields are
+ non-empty, they must have the same value. For
+ backwards compatibility, both fields (DataSource
+ and DataSourceRef) will be set to the same value
+ automatically if one of them is empty and the
+ other is non-empty. There are two important differences
+ between DataSource and DataSourceRef: * While
+ DataSource only allows two specific types of objects,
+ DataSourceRef allows any non-core object, as well
+ as PersistentVolumeClaim objects. * While DataSource
+ ignores disallowed values (dropping them), DataSourceRef
+ preserves all values, and generates an error if
+ a disallowed value is specified. (Beta) Using
+ this field requires the AnyVolumeDataSource feature
+ gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API
+ group. For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ resources:
+ description: 'resources represents the minimum resources
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than previous
+ value but must still be higher than capacity recorded
+ in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum
+ amount of compute resources required. If Requests
+ is omitted for a container, it defaults to
+ Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info:
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes
+ to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: 'storageClassName is the name of the
+ StorageClass required by the claim. More info:
+ https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of volume
+ is required by the claim. Value of Filesystem
+ is implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference
+ to the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: fc represents a Fibre Channel resource that is
+ attached to a kubelet's host machine and then exposed to the
+ pod.
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. TODO: how do we prevent errors in the
+ filesystem from compromising the machine'
+ type: string
+ lun:
+ description: 'lun is Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly is Optional: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'targetWWNs is Optional: FC target worldwide
+ names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'wwids Optional: FC volume world wide identifiers
+ (wwids) Either wwids or combination of targetWWNs and
+ lun must be set, but not both simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: flexVolume represents a generic volume resource
+ that is provisioned/attached using an exec based plugin.
+ properties:
+ driver:
+ description: driver is the name of the driver to use for
+ this volume.
+ type: string
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". The default filesystem depends
+ on FlexVolume script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'options is Optional: this field holds extra
+ command options if any.'
+ type: object
+ readOnly:
+ description: 'readOnly is Optional: defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'secretRef is Optional: secretRef is reference
+ to the secret object containing sensitive information
+ to pass to the plugin scripts. This may be empty if no
+ secret object is specified. If the secret object contains
+ more than one secret, all secrets are passed to the plugin
+ scripts.'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - driver
+ type: object
+ flocker:
+ description: flocker represents a Flocker volume attached to
+ a kubelet's host machine. This depends on the Flocker control
+ service being running
+ properties:
+ datasetName:
+ description: datasetName is Name of the dataset stored as
+ metadata -> name on the dataset for Flocker should be
+ considered as deprecated
+ type: string
+ datasetUUID:
+ description: datasetUUID is the UUID of the dataset. This
+ is unique identifier of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: 'gcePersistentDisk represents a GCE Disk resource
+ that is attached to a kubelet''s host machine and then exposed
+ to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'fsType is filesystem type of the volume that
+ you want to mount. Tip: Ensure that the filesystem type
+ is supported by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the volume that
+ you want to mount. If omitted, the default is to mount
+ by volume name. Examples: For volume /dev/sda1, you specify
+ the partition as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can leave the property empty).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'pdName is unique name of the PD resource in
+ GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'gitRepo represents a git repository at a particular
+ revision. DEPRECATED: GitRepo is deprecated. To provision
+ a container with a git repo, mount an EmptyDir into an InitContainer
+ that clones the repo using git, then mount the EmptyDir into
+ the Pod''s container.'
+ properties:
+ directory:
+ description: directory is the target directory name. Must
+ not contain or start with '..'. If '.' is supplied, the
+ volume directory will be the git repository. Otherwise,
+ if specified, the volume will contain the git repository
+ in the subdirectory with the given name.
+ type: string
+ repository:
+ description: repository is the URL
+ type: string
+ revision:
+ description: revision is the commit hash for the specified
+ revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'glusterfs represents a Glusterfs mount on the
+ host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'endpoints is the endpoint name that details
+ Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'path is the Glusterfs volume path. More info:
+ https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the Glusterfs volume
+ to be mounted with read-only permissions. Defaults to
+ false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'hostPath represents a pre-existing file or directory
+ on the host machine that is directly exposed to the container.
+ This is generally used for system agents or other privileged
+ things that are allowed to see the host machine. Most containers
+ will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ --- TODO(jonesdl) We need to restrict who can use host directory
+ mounts and who can/can not mount host directories as read/write.'
+ properties:
+ path:
+ description: 'path of the directory on the host. If the
+ path is a symlink, it will follow the link to the real
+ path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'type for HostPath Volume Defaults to "" More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'iscsi represents an ISCSI Disk resource that is
+ attached to a kubelet''s host machine and then exposed to
+ the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: chapAuthDiscovery defines whether support iSCSI
+ Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: chapAuthSession defines whether support iSCSI
+ Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ initiatorName:
+ description: initiatorName is the custom iSCSI Initiator
+ Name. If initiatorName is specified with iscsiInterface
+ simultaneously, new iSCSI interface <target portal>:<volume
+ name> will be created for the connection.
+ type: string
+ iqn:
+ description: iqn is the target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ description: iscsiInterface is the interface Name that uses
+ an iSCSI transport. Defaults to 'default' (tcp).
+ type: string
+ lun:
+ description: lun represents iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: portals is the iSCSI Target Portal List. The
+ portal is either an IP or ip_addr:port if the port is
+ other than default (typically TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false.
+ type: boolean
+ secretRef:
+ description: secretRef is the CHAP Secret for iSCSI target
+ and initiator authentication
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ targetPortal:
+ description: targetPortal is iSCSI Target Portal. The Portal
+ is either an IP or ip_addr:port if the port is other than
+ default (typically TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'name of the volume. Must be a DNS_LABEL and unique
+ within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'nfs represents an NFS mount on the host that shares
+ a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'path that is exported by the NFS server. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the NFS export to
+ be mounted with read-only permissions. Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'server is the hostname or IP address of the
+ NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'persistentVolumeClaimVolumeSource represents a
+ reference to a PersistentVolumeClaim in the same namespace.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'claimName is the name of a PersistentVolumeClaim
+ in the same namespace as the pod using this volume. More
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: readOnly Will force the ReadOnly setting in
+ VolumeMounts. Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: photonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ pdID:
+ description: pdID is the ID that identifies Photon Controller
+ persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: portworxVolume represents a portworx volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fSType represents the filesystem type to mount
+ Must be a filesystem type supported by the host operating
+ system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: volumeID uniquely identifies a Portworx volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: projected items for all in one resources secrets,
+ configmaps, and downward API
+ properties:
+ defaultMode:
+ description: defaultMode are the mode bits used to set permissions
+ on created files by default. Must be an octal value between
+ 0000 and 0777 or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON requires decimal
+ values for mode bits. Directories within the path are
+ not affected by this setting. This might be in conflict
+ with other options that affect the file mode, like fsGroup,
+ and the result can be other mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: sources is the list of volume projections
+ items:
+ description: Projection that may be projected along with
+ other supported volume types
+ properties:
+ configMap:
+ description: configMap information about the configMap
+ data to project
+ properties:
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced ConfigMap
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified which
+ is not present in the ConfigMap, the volume
+ setup will error unless it is marked optional.
+ Paths must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and
+ 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for
+ mode bits. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of
+ the file to map the key to. May not be
+ an absolute path. May not contain the
+ path element '..'. May not start with
+ the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ downwardAPI:
+ description: downwardAPI information about the downwardAPI
+ data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field
+ of the pod: only annotations, labels,
+ name and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: 'Optional: mode bits used to
+ set permissions on this file, must be
+ an octal value between 0000 and 0777 or
+ a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values,
+ JSON requires decimal values for mode
+ bits. If not specified, the volume defaultMode
+ will be used. This might be in conflict
+ with other options that affect the file
+ mode, like fsGroup, and the result can
+ be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must
+ not be absolute or contain the ''..''
+ path. Must be utf-8 encoded. The first
+ item of the relative path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the
+ container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu
+ and requests.memory) are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults
+ to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: secret information about the secret data
+ to project
+ properties:
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced Secret
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified which
+ is not present in the Secret, the volume setup
+ will error unless it is marked optional. Paths
+ must be relative and may not contain the '..'
+ path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000 and
+ 0777 or a decimal value between 0 and
+ 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for
+ mode bits. If not specified, the volume
+ defaultMode will be used. This might be
+ in conflict with other options that affect
+ the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of
+ the file to map the key to. May not be
+ an absolute path. May not contain the
+ path element '..'. May not start with
+ the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: optional field specify whether the
+ Secret or its key must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ serviceAccountToken:
+ description: serviceAccountToken is information about
+ the serviceAccountToken data to project
+ properties:
+ audience:
+ description: audience is the intended audience
+ of the token. A recipient of a token must identify
+ itself with an identifier specified in the audience
+ of the token, and otherwise should reject the
+ token. The audience defaults to the identifier
+ of the apiserver.
+ type: string
+ expirationSeconds:
+ description: expirationSeconds is the requested
+ duration of validity of the service account
+ token. As the token approaches expiration, the
+ kubelet volume plugin will proactively rotate
+ the service account token. The kubelet will
+ start trying to rotate the token if the token
+ is older than 80 percent of its time to live
+ or if the token is older than 24 hours.Defaults
+ to 1 hour and must be at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: path is the path relative to the
+ mount point of the file to project the token
+ into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: quobyte represents a Quobyte mount on the host
+ that shares a pod's lifetime
+ properties:
+ group:
+ description: group to map volume access to Default is no
+ group
+ type: string
+ readOnly:
+ description: readOnly here will force the Quobyte volume
+ to be mounted with read-only permissions. Defaults to
+ false.
+ type: boolean
+ registry:
+ description: registry represents a single or multiple Quobyte
+ Registry services specified as a string as host:port pair
+ (multiple entries are separated with commas) which acts
+ as the central registry for volumes
+ type: string
+ tenant:
+ description: tenant owning the given Quobyte volume in the
+ Backend Used with dynamically provisioned Quobyte volumes,
+ value is set by the plugin
+ type: string
+ user:
+ description: user to map volume access to Defaults to serivceaccount
+ user
+ type: string
+ volume:
+ description: volume is a string that references an already
+ created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'rbd represents a Rados Block Device mount on the
+ host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem from
+ compromising the machine'
+ type: string
+ image:
+ description: 'image is the rados image name. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'monitors is a collection of Ceph monitors.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ pool:
+ description: 'pool is the rados pool name. Default is rbd.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly setting
+ in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'secretRef is name of the authentication secret
+ for RBDUser. If provided overrides keyring. Default is
+ nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: 'user is the rados user name. Default is admin.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: scaleIO represents a ScaleIO persistent volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Default is "xfs".
+ type: string
+ gateway:
+ description: gateway is the host address of the ScaleIO
+ API Gateway.
+ type: string
+ protectionDomain:
+ description: protectionDomain is the name of the ScaleIO
+ Protection Domain for the configured storage.
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef references to the secret for ScaleIO
+ user and other sensitive information. If this is not provided,
+ Login operation will fail.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ sslEnabled:
+ description: sslEnabled Flag enable/disable SSL communication
+ with Gateway, default false
+ type: boolean
+ storageMode:
+ description: storageMode indicates whether the storage for
+ a volume should be ThickProvisioned or ThinProvisioned.
+ Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: storagePool is the ScaleIO Storage Pool associated
+ with the protection domain.
+ type: string
+ system:
+ description: system is the name of the storage system as
+ configured in ScaleIO.
+ type: string
+ volumeName:
+ description: volumeName is the name of a volume already
+ created in the ScaleIO system that is associated with
+ this volume source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'secret represents a secret that should populate
+ this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'defaultMode is Optional: mode bits used to
+ set permissions on created files by default. Must be an
+ octal value between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. Defaults to
+ 0644. Directories within the path are not affected by
+ this setting. This might be in conflict with other options
+ that affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items If unspecified, each key-value pair in
+ the Data field of the referenced Secret will be projected
+ into the volume as a file whose name is the key and content
+ is the value. If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in
+ the Secret, the volume setup will error unless it is marked
+ optional. Paths must be relative and may not contain the
+ '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits used to
+ set permissions on this file. Must be an octal value
+ between 0000 and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and decimal values,
+ JSON requires decimal values for mode bits. If not
+ specified, the volume defaultMode will be used.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of the file
+ to map the key to. May not be an absolute path.
+ May not contain the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: optional field specify whether the Secret or
+ its keys must be defined
+ type: boolean
+ secretName:
+ description: 'secretName is the name of the secret in the
+ pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: storageOS represents a StorageOS volume attached
+ and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount. Must
+ be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write). ReadOnly
+ here will force the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef specifies the secret to use for obtaining
+ the StorageOS API credentials. If not specified, default
+ values will be attempted.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeName:
+ description: volumeName is the human-readable name of the
+ StorageOS volume. Volume names are only unique within
+ a namespace.
+ type: string
+ volumeNamespace:
+ description: volumeNamespace specifies the scope of the
+ volume within StorageOS. If no namespace is specified
+ then the Pod's namespace will be used. This allows the
+ Kubernetes name scoping to be mirrored within StorageOS
+ for tighter integration. Set VolumeName to any name to
+ override the default behaviour. Set to "default" if you
+ are not using namespaces within StorageOS. Namespaces
+ that do not pre-exist within StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: vsphereVolume represents a vSphere volume attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is filesystem type to mount. Must be
+ a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ storagePolicyID:
+ description: storagePolicyID is the storage Policy Based
+ Management (SPBM) profile ID associated with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: storagePolicyName is the storage Policy Based
+ Management (SPBM) profile name.
+ type: string
+ volumePath:
+ description: volumePath is the path that identifies vSphere
+ volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ type: object
+ status:
+ description: 'Most recent observed status of the ThanosRuler cluster.
+ Read-only. Not included when requesting from the apiserver, only from
+ the ThanosRuler Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+ properties:
+ availableReplicas:
+ description: Total number of available pods (ready for at least minReadySeconds)
+ targeted by this ThanosRuler deployment.
+ format: int32
+ type: integer
+ paused:
+ description: Represents whether any actions on the underlying managed
+ objects are being performed. Only delete actions will be performed.
+ type: boolean
+ replicas:
+ description: Total number of non-terminated pods targeted by this
+ ThanosRuler deployment (their labels match the selector).
+ format: int32
+ type: integer
+ unavailableReplicas:
+ description: Total number of unavailable pods targeted by this ThanosRuler
+ deployment.
+ format: int32
+ type: integer
+ updatedReplicas:
+ description: Total number of non-terminated pods targeted by this
+ ThanosRuler deployment that have the desired version spec.
+ format: int32
+ type: integer
+ required:
+ - availableReplicas
+ - paused
+ - replicas
+ - unavailableReplicas
+ - updatedReplicas
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources: {}
diff --git a/charts/kube-prometheus-stack/templates/NOTES.txt b/charts/kube-prometheus-stack/templates/NOTES.txt
new file mode 100644
index 0000000..371f3ae
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/NOTES.txt
@@ -0,0 +1,4 @@
+{{ $.Chart.Name }} has been installed. Check its status by running:
+ kubectl --namespace {{ template "kube-prometheus-stack.namespace" . }} get pods -l "release={{ $.Release.Name }}"
+
+Visit https://github.com/prometheus-operator/kube-prometheus for instructions on how to create & configure Alertmanager and Prometheus instances using the Operator.
diff --git a/charts/kube-prometheus-stack/templates/_helpers.tpl b/charts/kube-prometheus-stack/templates/_helpers.tpl
new file mode 100644
index 0000000..b01fe6d
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/_helpers.tpl
@@ -0,0 +1,254 @@
+{{/* vim: set filetype=mustache: */}}
+{{/* Expand the name of the chart. This is suffixed with -alertmanager, which means subtract 13 from longest 63 available */}}
+{{- define "kube-prometheus-stack.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 50 | trimSuffix "-" -}}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+The components in this chart create additional resources that expand the longest created name strings.
+The longest name that gets created adds and extra 37 characters, so truncation should be 63-35=26.
+*/}}
+{{- define "kube-prometheus-stack.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 26 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 26 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 26 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Fullname suffixed with operator */}}
+{{- define "kube-prometheus-stack.operator.fullname" -}}
+{{- printf "%s-operator" (include "kube-prometheus-stack.fullname" .) -}}
+{{- end }}
+
+{{/* Prometheus custom resource instance name */}}
+{{- define "kube-prometheus-stack.prometheus.crname" -}}
+{{- if .Values.cleanPrometheusOperatorObjectNames }}
+{{- include "kube-prometheus-stack.fullname" . }}
+{{- else }}
+{{- print (include "kube-prometheus-stack.fullname" .) "-prometheus" }}
+{{- end }}
+{{- end }}
+
+{{/* Prometheus apiVersion for networkpolicy */}}
+{{- define "kube-prometheus-stack.prometheus.networkPolicy.apiVersion" -}}
+{{- print "networking.k8s.io/v1" -}}
+{{- end }}
+
+{{/* Alertmanager custom resource instance name */}}
+{{- define "kube-prometheus-stack.alertmanager.crname" -}}
+{{- if .Values.cleanPrometheusOperatorObjectNames }}
+{{- include "kube-prometheus-stack.fullname" . }}
+{{- else }}
+{{- print (include "kube-prometheus-stack.fullname" .) "-alertmanager" -}}
+{{- end }}
+{{- end }}
+
+{{/* Fullname suffixed with thanos-ruler */}}
+{{- define "kube-prometheus-stack.thanosRuler.fullname" -}}
+{{- printf "%s-thanos-ruler" (include "kube-prometheus-stack.fullname" .) -}}
+{{- end }}
+
+{{/* Create chart name and version as used by the chart label. */}}
+{{- define "kube-prometheus-stack.chartref" -}}
+{{- replace "+" "_" .Chart.Version | printf "%s-%s" .Chart.Name -}}
+{{- end }}
+
+{{/* Generate basic labels */}}
+{{- define "kube-prometheus-stack.labels" }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}"
+app.kubernetes.io/part-of: {{ template "kube-prometheus-stack.name" . }}
+chart: {{ template "kube-prometheus-stack.chartref" . }}
+release: {{ $.Release.Name | quote }}
+heritage: {{ $.Release.Service | quote }}
+{{- if .Values.commonLabels}}
+{{ toYaml .Values.commonLabels }}
+{{- end }}
+{{- end }}
+
+{{/* Create the name of kube-prometheus-stack service account to use */}}
+{{- define "kube-prometheus-stack.operator.serviceAccountName" -}}
+{{- if .Values.prometheusOperator.serviceAccount.create -}}
+ {{ default (include "kube-prometheus-stack.operator.fullname" .) .Values.prometheusOperator.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.prometheusOperator.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/* Create the name of prometheus service account to use */}}
+{{- define "kube-prometheus-stack.prometheus.serviceAccountName" -}}
+{{- if .Values.prometheus.serviceAccount.create -}}
+ {{ default (print (include "kube-prometheus-stack.fullname" .) "-prometheus") .Values.prometheus.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.prometheus.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/* Create the name of alertmanager service account to use */}}
+{{- define "kube-prometheus-stack.alertmanager.serviceAccountName" -}}
+{{- if .Values.alertmanager.serviceAccount.create -}}
+ {{ default (print (include "kube-prometheus-stack.fullname" .) "-alertmanager") .Values.alertmanager.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.alertmanager.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/* Create the name of thanosRuler service account to use */}}
+{{- define "kube-prometheus-stack.thanosRuler.serviceAccountName" -}}
+{{- if .Values.thanosRuler.serviceAccount.create -}}
+ {{ default (include "kube-prometheus-stack.thanosRuler.fullname" .) .Values.thanosRuler.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.thanosRuler.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Allow the release namespace to be overridden for multi-namespace deployments in combined charts
+*/}}
+{{- define "kube-prometheus-stack.namespace" -}}
+ {{- if .Values.namespaceOverride -}}
+ {{- .Values.namespaceOverride -}}
+ {{- else -}}
+ {{- .Release.Namespace -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Use the grafana namespace override for multi-namespace deployments in combined charts
+*/}}
+{{- define "kube-prometheus-stack-grafana.namespace" -}}
+ {{- if .Values.grafana.namespaceOverride -}}
+ {{- .Values.grafana.namespaceOverride -}}
+ {{- else -}}
+ {{- .Release.Namespace -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Use the kube-state-metrics namespace override for multi-namespace deployments in combined charts
+*/}}
+{{- define "kube-prometheus-stack-kube-state-metrics.namespace" -}}
+ {{- if index .Values "kube-state-metrics" "namespaceOverride" -}}
+ {{- index .Values "kube-state-metrics" "namespaceOverride" -}}
+ {{- else -}}
+ {{- .Release.Namespace -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Use the prometheus-node-exporter namespace override for multi-namespace deployments in combined charts
+*/}}
+{{- define "kube-prometheus-stack-prometheus-node-exporter.namespace" -}}
+ {{- if index .Values "prometheus-node-exporter" "namespaceOverride" -}}
+ {{- index .Values "prometheus-node-exporter" "namespaceOverride" -}}
+ {{- else -}}
+ {{- .Release.Namespace -}}
+ {{- end -}}
+{{- end -}}
+
+{{/* Allow KubeVersion to be overridden. */}}
+{{- define "kube-prometheus-stack.kubeVersion" -}}
+ {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride -}}
+{{- end -}}
+
+{{/* Get Ingress API Version */}}
+{{- define "kube-prometheus-stack.ingress.apiVersion" -}}
+ {{- if and (.Capabilities.APIVersions.Has "networking.k8s.io/v1") (semverCompare ">= 1.19-0" (include "kube-prometheus-stack.kubeVersion" .)) -}}
+ {{- print "networking.k8s.io/v1" -}}
+ {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}}
+ {{- print "networking.k8s.io/v1beta1" -}}
+ {{- else -}}
+ {{- print "extensions/v1beta1" -}}
+ {{- end -}}
+{{- end -}}
+
+{{/* Check Ingress stability */}}
+{{- define "kube-prometheus-stack.ingress.isStable" -}}
+ {{- eq (include "kube-prometheus-stack.ingress.apiVersion" .) "networking.k8s.io/v1" -}}
+{{- end -}}
+
+{{/* Check Ingress supports pathType */}}
+{{/* pathType was added to networking.k8s.io/v1beta1 in Kubernetes 1.18 */}}
+{{- define "kube-prometheus-stack.ingress.supportsPathType" -}}
+ {{- or (eq (include "kube-prometheus-stack.ingress.isStable" .) "true") (and (eq (include "kube-prometheus-stack.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" (include "kube-prometheus-stack.kubeVersion" .))) -}}
+{{- end -}}
+
+{{/* Get Policy API Version */}}
+{{- define "kube-prometheus-stack.pdb.apiVersion" -}}
+ {{- if and (.Capabilities.APIVersions.Has "policy/v1") (semverCompare ">= 1.21-0" (include "kube-prometheus-stack.kubeVersion" .)) -}}
+ {{- print "policy/v1" -}}
+ {{- else -}}
+ {{- print "policy/v1beta1" -}}
+ {{- end -}}
+ {{- end -}}
+
+{{/* Get value based on current Kubernetes version */}}
+{{- define "kube-prometheus-stack.kubeVersionDefaultValue" -}}
+ {{- $values := index . 0 -}}
+ {{- $kubeVersion := index . 1 -}}
+ {{- $old := index . 2 -}}
+ {{- $new := index . 3 -}}
+ {{- $default := index . 4 -}}
+ {{- if kindIs "invalid" $default -}}
+ {{- if semverCompare $kubeVersion (include "kube-prometheus-stack.kubeVersion" $values) -}}
+ {{- print $new -}}
+ {{- else -}}
+ {{- print $old -}}
+ {{- end -}}
+ {{- else -}}
+ {{- print $default }}
+ {{- end -}}
+{{- end -}}
+
+{{/* Get value for kube-controller-manager depending on insecure scraping availability */}}
+{{- define "kube-prometheus-stack.kubeControllerManager.insecureScrape" -}}
+ {{- $values := index . 0 -}}
+ {{- $insecure := index . 1 -}}
+ {{- $secure := index . 2 -}}
+ {{- $userValue := index . 3 -}}
+ {{- include "kube-prometheus-stack.kubeVersionDefaultValue" (list $values ">= 1.22-0" $insecure $secure $userValue) -}}
+{{- end -}}
+
+{{/* Get value for kube-scheduler depending on insecure scraping availability */}}
+{{- define "kube-prometheus-stack.kubeScheduler.insecureScrape" -}}
+ {{- $values := index . 0 -}}
+ {{- $insecure := index . 1 -}}
+ {{- $secure := index . 2 -}}
+ {{- $userValue := index . 3 -}}
+ {{- include "kube-prometheus-stack.kubeVersionDefaultValue" (list $values ">= 1.23-0" $insecure $secure $userValue) -}}
+{{- end -}}
+
+{{/*
+To help compatibility with other charts which use global.imagePullSecrets.
+Allow either an array of {name: pullSecret} maps (k8s-style), or an array of strings (more common helm-style).
+global:
+ imagePullSecrets:
+ - name: pullSecret1
+ - name: pullSecret2
+
+or
+
+global:
+ imagePullSecrets:
+ - pullSecret1
+ - pullSecret2
+*/}}
+{{- define "kube-prometheus-stack.imagePullSecrets" -}}
+{{- range .Values.global.imagePullSecrets }}
+ {{- if eq (typeOf .) "map[string]interface {}" }}
+- {{ toYaml . | trim }}
+ {{- else }}
+- name: {{ . }}
+ {{- end }}
+{{- end }}
+{{- end -}}
diff --git a/charts/kube-prometheus-stack/templates/alertmanager/alertmanager.yaml b/charts/kube-prometheus-stack/templates/alertmanager/alertmanager.yaml
new file mode 100644
index 0000000..a1e4749
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/alertmanager/alertmanager.yaml
@@ -0,0 +1,168 @@
+{{- if .Values.alertmanager.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: Alertmanager
+metadata:
+ name: {{ template "kube-prometheus-stack.alertmanager.crname" . }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.alertmanager.annotations }}
+ annotations:
+{{ toYaml .Values.alertmanager.annotations | indent 4 }}
+{{- end }}
+spec:
+{{- if .Values.alertmanager.alertmanagerSpec.image }}
+ {{- if and .Values.alertmanager.alertmanagerSpec.image.tag .Values.alertmanager.alertmanagerSpec.image.sha }}
+ image: "{{ .Values.alertmanager.alertmanagerSpec.image.repository }}:{{ .Values.alertmanager.alertmanagerSpec.image.tag }}@sha256:{{ .Values.alertmanager.alertmanagerSpec.image.sha }}"
+ {{- else if .Values.alertmanager.alertmanagerSpec.image.sha }}
+ image: "{{ .Values.alertmanager.alertmanagerSpec.image.repository }}@sha256:{{ .Values.alertmanager.alertmanagerSpec.image.sha }}"
+ {{- else if .Values.alertmanager.alertmanagerSpec.image.tag }}
+ image: "{{ .Values.alertmanager.alertmanagerSpec.image.repository }}:{{ .Values.alertmanager.alertmanagerSpec.image.tag }}"
+ {{- else }}
+ image: "{{ .Values.alertmanager.alertmanagerSpec.image.repository }}"
+ {{- end }}
+ version: {{ .Values.alertmanager.alertmanagerSpec.image.tag }}
+ {{- if .Values.alertmanager.alertmanagerSpec.image.sha }}
+ sha: {{ .Values.alertmanager.alertmanagerSpec.image.sha }}
+ {{- end }}
+{{- end }}
+ replicas: {{ .Values.alertmanager.alertmanagerSpec.replicas }}
+ listenLocal: {{ .Values.alertmanager.alertmanagerSpec.listenLocal }}
+ serviceAccountName: {{ template "kube-prometheus-stack.alertmanager.serviceAccountName" . }}
+{{- if .Values.alertmanager.alertmanagerSpec.externalUrl }}
+ externalUrl: "{{ tpl .Values.alertmanager.alertmanagerSpec.externalUrl . }}"
+{{- else if and .Values.alertmanager.ingress.enabled .Values.alertmanager.ingress.hosts }}
+ externalUrl: "http://{{ tpl (index .Values.alertmanager.ingress.hosts 0) . }}{{ .Values.alertmanager.alertmanagerSpec.routePrefix }}"
+{{- else }}
+ externalUrl: http://{{ template "kube-prometheus-stack.fullname" . }}-alertmanager.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.alertmanager.service.port }}
+{{- end }}
+{{- if .Values.alertmanager.alertmanagerSpec.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.alertmanager.alertmanagerSpec.nodeSelector | indent 4 }}
+{{- end }}
+ paused: {{ .Values.alertmanager.alertmanagerSpec.paused }}
+ logFormat: {{ .Values.alertmanager.alertmanagerSpec.logFormat | quote }}
+ logLevel: {{ .Values.alertmanager.alertmanagerSpec.logLevel | quote }}
+ retention: {{ .Values.alertmanager.alertmanagerSpec.retention | quote }}
+{{- if .Values.alertmanager.alertmanagerSpec.secrets }}
+ secrets:
+{{ toYaml .Values.alertmanager.alertmanagerSpec.secrets | indent 4 }}
+{{- end }}
+{{- if .Values.alertmanager.alertmanagerSpec.configSecret }}
+ configSecret: {{ .Values.alertmanager.alertmanagerSpec.configSecret }}
+{{- end }}
+{{- if .Values.alertmanager.alertmanagerSpec.configMaps }}
+ configMaps:
+{{ toYaml .Values.alertmanager.alertmanagerSpec.configMaps | indent 4 }}
+{{- end }}
+{{- if .Values.alertmanager.alertmanagerSpec.alertmanagerConfigSelector }}
+ alertmanagerConfigSelector:
+{{ toYaml .Values.alertmanager.alertmanagerSpec.alertmanagerConfigSelector | indent 4}}
+{{ else }}
+ alertmanagerConfigSelector: {}
+{{- end }}
+{{- if .Values.alertmanager.alertmanagerSpec.alertmanagerConfigNamespaceSelector }}
+ alertmanagerConfigNamespaceSelector:
+{{ toYaml .Values.alertmanager.alertmanagerSpec.alertmanagerConfigNamespaceSelector | indent 4}}
+{{ else }}
+ alertmanagerConfigNamespaceSelector: {}
+{{- end }}
+{{- if .Values.alertmanager.alertmanagerSpec.web }}
+ web:
+{{ toYaml .Values.alertmanager.alertmanagerSpec.web | indent 4 }}
+{{- end }}
+{{- if .Values.alertmanager.alertmanagerSpec.alertmanagerConfiguration }}
+ alertmanagerConfiguration:
+{{ toYaml .Values.alertmanager.alertmanagerSpec.alertmanagerConfiguration | indent 4 }}
+{{- end }}
+{{- if .Values.alertmanager.alertmanagerSpec.resources }}
+ resources:
+{{ toYaml .Values.alertmanager.alertmanagerSpec.resources | indent 4 }}
+{{- end }}
+{{- if .Values.alertmanager.alertmanagerSpec.routePrefix }}
+ routePrefix: "{{ .Values.alertmanager.alertmanagerSpec.routePrefix }}"
+{{- end }}
+{{- if .Values.alertmanager.alertmanagerSpec.securityContext }}
+ securityContext:
+{{ toYaml .Values.alertmanager.alertmanagerSpec.securityContext | indent 4 }}
+{{- end }}
+{{- if .Values.alertmanager.alertmanagerSpec.storage }}
+ storage:
+{{ tpl (toYaml .Values.alertmanager.alertmanagerSpec.storage | indent 4) . }}
+{{- end }}
+{{- if .Values.alertmanager.alertmanagerSpec.podMetadata }}
+ podMetadata:
+{{ toYaml .Values.alertmanager.alertmanagerSpec.podMetadata | indent 4 }}
+{{- end }}
+{{- if or .Values.alertmanager.alertmanagerSpec.podAntiAffinity .Values.alertmanager.alertmanagerSpec.affinity }}
+ affinity:
+{{- end }}
+{{- if .Values.alertmanager.alertmanagerSpec.affinity }}
+{{ toYaml .Values.alertmanager.alertmanagerSpec.affinity | indent 4 }}
+{{- end }}
+{{- if eq .Values.alertmanager.alertmanagerSpec.podAntiAffinity "hard" }}
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - topologyKey: {{ .Values.alertmanager.alertmanagerSpec.podAntiAffinityTopologyKey }}
+ labelSelector:
+ matchExpressions:
+ - {key: app.kubernetes.io/name, operator: In, values: [alertmanager]}
+ - {key: alertmanager, operator: In, values: [{{ template "kube-prometheus-stack.alertmanager.crname" . }}]}
+{{- else if eq .Values.alertmanager.alertmanagerSpec.podAntiAffinity "soft" }}
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 100
+ podAffinityTerm:
+ topologyKey: {{ .Values.alertmanager.alertmanagerSpec.podAntiAffinityTopologyKey }}
+ labelSelector:
+ matchExpressions:
+ - {key: app.kubernetes.io/name, operator: In, values: [alertmanager]}
+ - {key: alertmanager, operator: In, values: [{{ template "kube-prometheus-stack.alertmanager.crname" . }}]}
+{{- end }}
+{{- if .Values.alertmanager.alertmanagerSpec.tolerations }}
+ tolerations:
+{{ toYaml .Values.alertmanager.alertmanagerSpec.tolerations | indent 4 }}
+{{- end }}
+{{- if .Values.alertmanager.alertmanagerSpec.topologySpreadConstraints }}
+ topologySpreadConstraints:
+{{ toYaml .Values.alertmanager.alertmanagerSpec.topologySpreadConstraints | indent 4 }}
+{{- end }}
+{{- if .Values.global.imagePullSecrets }}
+ imagePullSecrets:
+{{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 4 }}
+{{- end }}
+{{- if .Values.alertmanager.alertmanagerSpec.containers }}
+ containers:
+{{ toYaml .Values.alertmanager.alertmanagerSpec.containers | indent 4 }}
+{{- end }}
+{{- if .Values.alertmanager.alertmanagerSpec.initContainers }}
+ initContainers:
+{{ toYaml .Values.alertmanager.alertmanagerSpec.initContainers | indent 4 }}
+{{- end }}
+{{- if .Values.alertmanager.alertmanagerSpec.priorityClassName }}
+ priorityClassName: {{.Values.alertmanager.alertmanagerSpec.priorityClassName }}
+{{- end }}
+{{- if .Values.alertmanager.alertmanagerSpec.additionalPeers }}
+ additionalPeers:
+{{ toYaml .Values.alertmanager.alertmanagerSpec.additionalPeers | indent 4 }}
+{{- end }}
+{{- if .Values.alertmanager.alertmanagerSpec.volumes }}
+ volumes:
+{{ toYaml .Values.alertmanager.alertmanagerSpec.volumes | indent 4 }}
+{{- end }}
+{{- if .Values.alertmanager.alertmanagerSpec.volumeMounts }}
+ volumeMounts:
+{{ toYaml .Values.alertmanager.alertmanagerSpec.volumeMounts | indent 4 }}
+{{- end }}
+ portName: {{ .Values.alertmanager.alertmanagerSpec.portName }}
+{{- if .Values.alertmanager.alertmanagerSpec.clusterAdvertiseAddress }}
+ clusterAdvertiseAddress: {{ .Values.alertmanager.alertmanagerSpec.clusterAdvertiseAddress }}
+{{- end }}
+{{- if .Values.alertmanager.alertmanagerSpec.forceEnableClusterMode }}
+ forceEnableClusterMode: {{ .Values.alertmanager.alertmanagerSpec.forceEnableClusterMode }}
+{{- end }}
+{{- if .Values.alertmanager.alertmanagerSpec.minReadySeconds }}
+ minReadySeconds: {{ .Values.alertmanager.alertmanagerSpec.minReadySeconds }}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/alertmanager/extrasecret.yaml b/charts/kube-prometheus-stack/templates/alertmanager/extrasecret.yaml
new file mode 100644
index 0000000..ecd8f47
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/alertmanager/extrasecret.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.alertmanager.extraSecret.data -}}
+{{- $secretName := printf "alertmanager-%s-extra" (include "kube-prometheus-stack.fullname" . ) -}}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ default $secretName .Values.alertmanager.extraSecret.name }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+{{- if .Values.alertmanager.extraSecret.annotations }}
+ annotations:
+{{ toYaml .Values.alertmanager.extraSecret.annotations | indent 4 }}
+{{- end }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
+ app.kubernetes.io/component: alertmanager
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+data:
+{{- range $key, $val := .Values.alertmanager.extraSecret.data }}
+ {{ $key }}: {{ $val | b64enc | quote }}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/alertmanager/ingress.yaml b/charts/kube-prometheus-stack/templates/alertmanager/ingress.yaml
new file mode 100644
index 0000000..29c9cbc
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/alertmanager/ingress.yaml
@@ -0,0 +1,77 @@
+{{- if and .Values.alertmanager.enabled .Values.alertmanager.ingress.enabled }}
+{{- $pathType := .Values.alertmanager.ingress.pathType | default "ImplementationSpecific" }}
+{{- $serviceName := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager" }}
+{{- $servicePort := .Values.alertmanager.ingress.servicePort | default .Values.alertmanager.service.port -}}
+{{- $routePrefix := list .Values.alertmanager.alertmanagerSpec.routePrefix }}
+{{- $paths := .Values.alertmanager.ingress.paths | default $routePrefix -}}
+{{- $apiIsStable := eq (include "kube-prometheus-stack.ingress.isStable" .) "true" -}}
+{{- $ingressSupportsPathType := eq (include "kube-prometheus-stack.ingress.supportsPathType" .) "true" -}}
+apiVersion: {{ include "kube-prometheus-stack.ingress.apiVersion" . }}
+kind: Ingress
+metadata:
+ name: {{ $serviceName }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+{{- if .Values.alertmanager.ingress.annotations }}
+ annotations:
+{{ toYaml .Values.alertmanager.ingress.annotations | indent 4 }}
+{{- end }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
+{{- if .Values.alertmanager.ingress.labels }}
+{{ toYaml .Values.alertmanager.ingress.labels | indent 4 }}
+{{- end }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+spec:
+ {{- if $apiIsStable }}
+ {{- if .Values.alertmanager.ingress.ingressClassName }}
+ ingressClassName: {{ .Values.alertmanager.ingress.ingressClassName }}
+ {{- end }}
+ {{- end }}
+ rules:
+ {{- if .Values.alertmanager.ingress.hosts }}
+ {{- range $host := .Values.alertmanager.ingress.hosts }}
+ - host: {{ tpl $host $ }}
+ http:
+ paths:
+ {{- range $p := $paths }}
+ - path: {{ tpl $p $ }}
+ {{- if and $pathType $ingressSupportsPathType }}
+ pathType: {{ $pathType }}
+ {{- end }}
+ backend:
+ {{- if $apiIsStable }}
+ service:
+ name: {{ $serviceName }}
+ port:
+ number: {{ $servicePort }}
+ {{- else }}
+ serviceName: {{ $serviceName }}
+ servicePort: {{ $servicePort }}
+ {{- end }}
+ {{- end -}}
+ {{- end -}}
+ {{- else }}
+ - http:
+ paths:
+ {{- range $p := $paths }}
+ - path: {{ tpl $p $ }}
+ {{- if and $pathType $ingressSupportsPathType }}
+ pathType: {{ $pathType }}
+ {{- end }}
+ backend:
+ {{- if $apiIsStable }}
+ service:
+ name: {{ $serviceName }}
+ port:
+ number: {{ $servicePort }}
+ {{- else }}
+ serviceName: {{ $serviceName }}
+ servicePort: {{ $servicePort }}
+ {{- end }}
+ {{- end -}}
+ {{- end -}}
+ {{- if .Values.alertmanager.ingress.tls }}
+ tls:
+{{ tpl (toYaml .Values.alertmanager.ingress.tls | indent 4) . }}
+ {{- end -}}
+{{- end -}}
diff --git a/charts/kube-prometheus-stack/templates/alertmanager/ingressperreplica.yaml b/charts/kube-prometheus-stack/templates/alertmanager/ingressperreplica.yaml
new file mode 100644
index 0000000..f21bf96
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/alertmanager/ingressperreplica.yaml
@@ -0,0 +1,67 @@
+{{- if and .Values.alertmanager.enabled .Values.alertmanager.servicePerReplica.enabled .Values.alertmanager.ingressPerReplica.enabled }}
+{{- $pathType := .Values.alertmanager.ingressPerReplica.pathType | default "" }}
+{{- $count := .Values.alertmanager.alertmanagerSpec.replicas | int -}}
+{{- $servicePort := .Values.alertmanager.service.port -}}
+{{- $ingressValues := .Values.alertmanager.ingressPerReplica -}}
+{{- $apiIsStable := eq (include "kube-prometheus-stack.ingress.isStable" .) "true" -}}
+{{- $ingressSupportsPathType := eq (include "kube-prometheus-stack.ingress.supportsPathType" .) "true" -}}
+apiVersion: v1
+kind: List
+metadata:
+ name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-ingressperreplica
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+items:
+{{ range $i, $e := until $count }}
+ - kind: Ingress
+ apiVersion: {{ include "kube-prometheus-stack.ingress.apiVersion" $ }}
+ metadata:
+ name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }}
+ namespace: {{ template "kube-prometheus-stack.namespace" $ }}
+ labels:
+ app: {{ include "kube-prometheus-stack.name" $ }}-alertmanager
+ {{ include "kube-prometheus-stack.labels" $ | indent 8 }}
+ {{- if $ingressValues.labels }}
+{{ toYaml $ingressValues.labels | indent 8 }}
+ {{- end }}
+ {{- if $ingressValues.annotations }}
+ annotations:
+{{ toYaml $ingressValues.annotations | indent 8 }}
+ {{- end }}
+ spec:
+ {{- if $apiIsStable }}
+ {{- if $ingressValues.ingressClassName }}
+ ingressClassName: {{ $ingressValues.ingressClassName }}
+ {{- end }}
+ {{- end }}
+ rules:
+ - host: {{ $ingressValues.hostPrefix }}-{{ $i }}.{{ $ingressValues.hostDomain }}
+ http:
+ paths:
+ {{- range $p := $ingressValues.paths }}
+ - path: {{ tpl $p $ }}
+ {{- if and $pathType $ingressSupportsPathType }}
+ pathType: {{ $pathType }}
+ {{- end }}
+ backend:
+ {{- if $apiIsStable }}
+ service:
+ name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }}
+ port:
+ number: {{ $servicePort }}
+ {{- else }}
+ serviceName: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }}
+ servicePort: {{ $servicePort }}
+ {{- end }}
+ {{- end -}}
+ {{- if or $ingressValues.tlsSecretName $ingressValues.tlsSecretPerReplica.enabled }}
+ tls:
+ - hosts:
+ - {{ $ingressValues.hostPrefix }}-{{ $i }}.{{ $ingressValues.hostDomain }}
+ {{- if $ingressValues.tlsSecretPerReplica.enabled }}
+ secretName: {{ $ingressValues.tlsSecretPerReplica.prefix }}-{{ $i }}
+ {{- else }}
+ secretName: {{ $ingressValues.tlsSecretName }}
+ {{- end }}
+ {{- end }}
+{{- end -}}
+{{- end -}}
diff --git a/charts/kube-prometheus-stack/templates/alertmanager/podDisruptionBudget.yaml b/charts/kube-prometheus-stack/templates/alertmanager/podDisruptionBudget.yaml
new file mode 100644
index 0000000..b183403
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/alertmanager/podDisruptionBudget.yaml
@@ -0,0 +1,21 @@
+{{- if and .Values.alertmanager.enabled .Values.alertmanager.podDisruptionBudget.enabled }}
+apiVersion: {{ include "kube-prometheus-stack.pdb.apiVersion" . }}
+kind: PodDisruptionBudget
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+spec:
+ {{- if .Values.alertmanager.podDisruptionBudget.minAvailable }}
+ minAvailable: {{ .Values.alertmanager.podDisruptionBudget.minAvailable }}
+ {{- end }}
+ {{- if .Values.alertmanager.podDisruptionBudget.maxUnavailable }}
+ maxUnavailable: {{ .Values.alertmanager.podDisruptionBudget.maxUnavailable }}
+ {{- end }}
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: alertmanager
+ alertmanager: {{ template "kube-prometheus-stack.alertmanager.crname" . }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/alertmanager/psp-role.yaml b/charts/kube-prometheus-stack/templates/alertmanager/psp-role.yaml
new file mode 100644
index 0000000..e8da52e
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/alertmanager/psp-role.yaml
@@ -0,0 +1,23 @@
+{{- if and .Values.alertmanager.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
+{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+rules:
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }}
+- apiGroups: ['policy']
+{{- else }}
+- apiGroups: ['extensions']
+{{- end }}
+ resources: ['podsecuritypolicies']
+ verbs: ['use']
+ resourceNames:
+ - {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/alertmanager/psp-rolebinding.yaml b/charts/kube-prometheus-stack/templates/alertmanager/psp-rolebinding.yaml
new file mode 100644
index 0000000..71a8ec4
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/alertmanager/psp-rolebinding.yaml
@@ -0,0 +1,20 @@
+{{- if and .Values.alertmanager.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
+{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
+subjects:
+ - kind: ServiceAccount
+ name: {{ template "kube-prometheus-stack.alertmanager.serviceAccountName" . }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/alertmanager/psp.yaml b/charts/kube-prometheus-stack/templates/alertmanager/psp.yaml
new file mode 100644
index 0000000..5a940af
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/alertmanager/psp.yaml
@@ -0,0 +1,47 @@
+{{- if and .Values.alertmanager.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
+{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
+{{- if .Values.global.rbac.pspAnnotations }}
+ annotations:
+{{ toYaml .Values.global.rbac.pspAnnotations | indent 4 }}
+{{- end }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+spec:
+ privileged: false
+ # Allow core volume types.
+ volumes:
+ - 'configMap'
+ - 'emptyDir'
+ - 'projected'
+ - 'secret'
+ - 'downwardAPI'
+ - 'persistentVolumeClaim'
+ hostNetwork: false
+ hostIPC: false
+ hostPID: false
+ runAsUser:
+ # Permits the container to run with root privileges as well.
+ rule: 'RunAsAny'
+ seLinux:
+ # This policy assumes the nodes are using AppArmor rather than SELinux.
+ rule: 'RunAsAny'
+ supplementalGroups:
+ rule: 'MustRunAs'
+ ranges:
+ # Allow adding the root group.
+ - min: 0
+ max: 65535
+ fsGroup:
+ rule: 'MustRunAs'
+ ranges:
+ # Allow adding the root group.
+ - min: 0
+ max: 65535
+ readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/alertmanager/secret.yaml b/charts/kube-prometheus-stack/templates/alertmanager/secret.yaml
new file mode 100644
index 0000000..0a354a3
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/alertmanager/secret.yaml
@@ -0,0 +1,27 @@
+{{- if and (.Values.alertmanager.enabled) (not .Values.alertmanager.alertmanagerSpec.useExistingSecret) }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: alertmanager-{{ template "kube-prometheus-stack.alertmanager.crname" . }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+{{- if .Values.alertmanager.secret.annotations }}
+ annotations:
+{{ toYaml .Values.alertmanager.secret.annotations | indent 4 }}
+{{- end }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+data:
+{{- if .Values.alertmanager.tplConfig }}
+{{- if eq (typeOf .Values.alertmanager.config) "string" }}
+ alertmanager.yaml: {{ tpl (.Values.alertmanager.config) . | b64enc | quote }}
+{{- else }}
+ alertmanager.yaml: {{ tpl (toYaml .Values.alertmanager.config) . | b64enc | quote }}
+{{- end }}
+{{- else }}
+ alertmanager.yaml: {{ toYaml .Values.alertmanager.config | b64enc | quote }}
+{{- end}}
+{{- range $key, $val := .Values.alertmanager.templateFiles }}
+ {{ $key }}: {{ $val | b64enc | quote }}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/alertmanager/service.yaml b/charts/kube-prometheus-stack/templates/alertmanager/service.yaml
new file mode 100644
index 0000000..44100ec
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/alertmanager/service.yaml
@@ -0,0 +1,53 @@
+{{- if .Values.alertmanager.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
+ self-monitor: {{ .Values.alertmanager.serviceMonitor.selfMonitor | quote }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.alertmanager.service.labels }}
+{{ toYaml .Values.alertmanager.service.labels | indent 4 }}
+{{- end }}
+{{- if .Values.alertmanager.service.annotations }}
+ annotations:
+{{ toYaml .Values.alertmanager.service.annotations | indent 4 }}
+{{- end }}
+spec:
+{{- if .Values.alertmanager.service.clusterIP }}
+ clusterIP: {{ .Values.alertmanager.service.clusterIP }}
+{{- end }}
+{{- if .Values.alertmanager.service.externalIPs }}
+ externalIPs:
+{{ toYaml .Values.alertmanager.service.externalIPs | indent 4 }}
+{{- end }}
+{{- if .Values.alertmanager.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.alertmanager.service.loadBalancerIP }}
+{{- end }}
+{{- if .Values.alertmanager.service.loadBalancerSourceRanges }}
+ loadBalancerSourceRanges:
+ {{- range $cidr := .Values.alertmanager.service.loadBalancerSourceRanges }}
+ - {{ $cidr }}
+ {{- end }}
+{{- end }}
+{{- if ne .Values.alertmanager.service.type "ClusterIP" }}
+ externalTrafficPolicy: {{ .Values.alertmanager.service.externalTrafficPolicy }}
+{{- end }}
+ ports:
+ - name: {{ .Values.alertmanager.alertmanagerSpec.portName }}
+ {{- if eq .Values.alertmanager.service.type "NodePort" }}
+ nodePort: {{ .Values.alertmanager.service.nodePort }}
+ {{- end }}
+ port: {{ .Values.alertmanager.service.port }}
+ targetPort: {{ .Values.alertmanager.service.targetPort }}
+ protocol: TCP
+{{- if .Values.alertmanager.service.additionalPorts }}
+{{ toYaml .Values.alertmanager.service.additionalPorts | indent 2 }}
+{{- end }}
+ selector:
+ app.kubernetes.io/name: alertmanager
+ alertmanager: {{ template "kube-prometheus-stack.alertmanager.crname" . }}
+ type: "{{ .Values.alertmanager.service.type }}"
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/alertmanager/serviceaccount.yaml b/charts/kube-prometheus-stack/templates/alertmanager/serviceaccount.yaml
new file mode 100644
index 0000000..ae433d5
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/alertmanager/serviceaccount.yaml
@@ -0,0 +1,20 @@
+{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ template "kube-prometheus-stack.alertmanager.serviceAccountName" . }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
+ app.kubernetes.io/name: {{ template "kube-prometheus-stack.name" . }}-alertmanager
+ app.kubernetes.io/component: alertmanager
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.alertmanager.serviceAccount.annotations }}
+ annotations:
+{{ toYaml .Values.alertmanager.serviceAccount.annotations | indent 4 }}
+{{- end }}
+{{- if .Values.global.imagePullSecrets }}
+imagePullSecrets:
+{{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 2}}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/alertmanager/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/alertmanager/servicemonitor.yaml
new file mode 100644
index 0000000..350ebe8
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/alertmanager/servicemonitor.yaml
@@ -0,0 +1,46 @@
+{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceMonitor.selfMonitor }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
+ release: {{ $.Release.Name | quote }}
+ self-monitor: "true"
+ namespaceSelector:
+ matchNames:
+ - {{ printf "%s" (include "kube-prometheus-stack.namespace" .) | quote }}
+ endpoints:
+ - port: {{ .Values.alertmanager.alertmanagerSpec.portName }}
+ enableHttp2: {{ .Values.alertmanager.serviceMonitor.enableHttp2 }}
+ {{- if .Values.alertmanager.serviceMonitor.interval }}
+ interval: {{ .Values.alertmanager.serviceMonitor.interval }}
+ {{- end }}
+ {{- if .Values.alertmanager.serviceMonitor.proxyUrl }}
+ proxyUrl: {{ .Values.alertmanager.serviceMonitor.proxyUrl}}
+ {{- end }}
+ {{- if .Values.alertmanager.serviceMonitor.scheme }}
+ scheme: {{ .Values.alertmanager.serviceMonitor.scheme }}
+ {{- end }}
+ {{- if .Values.alertmanager.serviceMonitor.bearerTokenFile }}
+ bearerTokenFile: {{ .Values.alertmanager.serviceMonitor.bearerTokenFile }}
+ {{- end }}
+ {{- if .Values.alertmanager.serviceMonitor.tlsConfig }}
+ tlsConfig: {{ toYaml .Values.alertmanager.serviceMonitor.tlsConfig | nindent 6 }}
+ {{- end }}
+ path: "{{ trimSuffix "/" .Values.alertmanager.alertmanagerSpec.routePrefix }}/metrics"
+{{- if .Values.alertmanager.serviceMonitor.metricRelabelings }}
+ metricRelabelings:
+{{ tpl (toYaml .Values.alertmanager.serviceMonitor.metricRelabelings | indent 6) . }}
+{{- end }}
+{{- if .Values.alertmanager.serviceMonitor.relabelings }}
+ relabelings:
+{{ toYaml .Values.alertmanager.serviceMonitor.relabelings | indent 6 }}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/alertmanager/serviceperreplica.yaml b/charts/kube-prometheus-stack/templates/alertmanager/serviceperreplica.yaml
new file mode 100644
index 0000000..75a13bd
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/alertmanager/serviceperreplica.yaml
@@ -0,0 +1,49 @@
+{{- if and .Values.alertmanager.enabled .Values.alertmanager.servicePerReplica.enabled }}
+{{- $count := .Values.alertmanager.alertmanagerSpec.replicas | int -}}
+{{- $serviceValues := .Values.alertmanager.servicePerReplica -}}
+apiVersion: v1
+kind: List
+metadata:
+ name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-serviceperreplica
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+items:
+{{- range $i, $e := until $count }}
+ - apiVersion: v1
+ kind: Service
+ metadata:
+ name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }}
+ namespace: {{ template "kube-prometheus-stack.namespace" $ }}
+ labels:
+ app: {{ include "kube-prometheus-stack.name" $ }}-alertmanager
+{{ include "kube-prometheus-stack.labels" $ | indent 8 }}
+ {{- if $serviceValues.annotations }}
+ annotations:
+{{ toYaml $serviceValues.annotations | indent 8 }}
+ {{- end }}
+ spec:
+ {{- if $serviceValues.clusterIP }}
+ clusterIP: {{ $serviceValues.clusterIP }}
+ {{- end }}
+ {{- if $serviceValues.loadBalancerSourceRanges }}
+ loadBalancerSourceRanges:
+ {{- range $cidr := $serviceValues.loadBalancerSourceRanges }}
+ - {{ $cidr }}
+ {{- end }}
+ {{- end }}
+ {{- if ne $serviceValues.type "ClusterIP" }}
+ externalTrafficPolicy: {{ $serviceValues.externalTrafficPolicy }}
+ {{- end }}
+ ports:
+ - name: {{ $.Values.alertmanager.alertmanagerSpec.portName }}
+ {{- if eq $serviceValues.type "NodePort" }}
+ nodePort: {{ $serviceValues.nodePort }}
+ {{- end }}
+ port: {{ $serviceValues.port }}
+ targetPort: {{ $serviceValues.targetPort }}
+ selector:
+ app.kubernetes.io/name: alertmanager
+ alertmanager: {{ template "kube-prometheus-stack.alertmanager.crname" $ }}
+ statefulset.kubernetes.io/pod-name: alertmanager-{{ include "kube-prometheus-stack.alertmanager.crname" $ }}-{{ $i }}
+ type: "{{ $serviceValues.type }}"
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/exporters/core-dns/service.yaml b/charts/kube-prometheus-stack/templates/exporters/core-dns/service.yaml
new file mode 100644
index 0000000..f77db41
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/exporters/core-dns/service.yaml
@@ -0,0 +1,24 @@
+{{- if .Values.coreDns.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-coredns
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-coredns
+ jobLabel: coredns
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+ namespace: kube-system
+spec:
+ clusterIP: None
+ ports:
+ - name: http-metrics
+ port: {{ .Values.coreDns.service.port }}
+ protocol: TCP
+ targetPort: {{ .Values.coreDns.service.targetPort }}
+ selector:
+ {{- if .Values.coreDns.service.selector }}
+{{ toYaml .Values.coreDns.service.selector | indent 4 }}
+ {{- else}}
+ k8s-app: kube-dns
+ {{- end}}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/exporters/core-dns/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/exporters/core-dns/servicemonitor.yaml
new file mode 100644
index 0000000..8d50137
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/exporters/core-dns/servicemonitor.yaml
@@ -0,0 +1,39 @@
+{{- if .Values.coreDns.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-coredns
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-coredns
+ {{- with .Values.coreDns.serviceMonitor.additionalLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+spec:
+ jobLabel: jobLabel
+ selector:
+ matchLabels:
+ app: {{ template "kube-prometheus-stack.name" . }}-coredns
+ release: {{ $.Release.Name | quote }}
+ namespaceSelector:
+ matchNames:
+ - "kube-system"
+ endpoints:
+ - port: http-metrics
+ {{- if .Values.coreDns.serviceMonitor.interval}}
+ interval: {{ .Values.coreDns.serviceMonitor.interval }}
+ {{- end }}
+ {{- if .Values.coreDns.serviceMonitor.proxyUrl }}
+ proxyUrl: {{ .Values.coreDns.serviceMonitor.proxyUrl}}
+ {{- end }}
+ bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+{{- if .Values.coreDns.serviceMonitor.metricRelabelings }}
+ metricRelabelings:
+{{ tpl (toYaml .Values.coreDns.serviceMonitor.metricRelabelings | indent 4) . }}
+{{- end }}
+{{- if .Values.coreDns.serviceMonitor.relabelings }}
+ relabelings:
+{{ tpl (toYaml .Values.coreDns.serviceMonitor.relabelings | indent 4) . }}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/exporters/kube-api-server/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-api-server/servicemonitor.yaml
new file mode 100644
index 0000000..6f83c9b
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/exporters/kube-api-server/servicemonitor.yaml
@@ -0,0 +1,42 @@
+{{- if .Values.kubeApiServer.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-apiserver
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-apiserver
+ {{- with .Values.kubeApiServer.serviceMonitor.additionalLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+spec:
+ endpoints:
+ - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+ {{- if .Values.kubeApiServer.serviceMonitor.interval }}
+ interval: {{ .Values.kubeApiServer.serviceMonitor.interval }}
+ {{- end }}
+ {{- if .Values.kubeApiServer.serviceMonitor.proxyUrl }}
+ proxyUrl: {{ .Values.kubeApiServer.serviceMonitor.proxyUrl}}
+ {{- end }}
+ port: https
+ scheme: https
+{{- if .Values.kubeApiServer.serviceMonitor.metricRelabelings }}
+ metricRelabelings:
+{{ tpl (toYaml .Values.kubeApiServer.serviceMonitor.metricRelabelings | indent 6) . }}
+{{- end }}
+{{- if .Values.kubeApiServer.serviceMonitor.relabelings }}
+ relabelings:
+{{ tpl (toYaml .Values.kubeApiServer.serviceMonitor.relabelings | indent 6) . }}
+{{- end }}
+ tlsConfig:
+ caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+ serverName: {{ .Values.kubeApiServer.tlsConfig.serverName }}
+ insecureSkipVerify: {{ .Values.kubeApiServer.tlsConfig.insecureSkipVerify }}
+ jobLabel: {{ .Values.kubeApiServer.serviceMonitor.jobLabel }}
+ namespaceSelector:
+ matchNames:
+ - default
+ selector:
+{{ toYaml .Values.kubeApiServer.serviceMonitor.selector | indent 4 }}
+{{- end}}
diff --git a/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/endpoints.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/endpoints.yaml
new file mode 100644
index 0000000..eca337d
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/endpoints.yaml
@@ -0,0 +1,22 @@
+{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.endpoints }}
+apiVersion: v1
+kind: Endpoints
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-kube-controller-manager
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager
+ k8s-app: kube-controller-manager
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+ namespace: kube-system
+subsets:
+ - addresses:
+ {{- range .Values.kubeControllerManager.endpoints }}
+ - ip: {{ . }}
+ {{- end }}
+ ports:
+ - name: http-metrics
+ {{- $kubeControllerManagerDefaultInsecurePort := 10252 }}
+ {{- $kubeControllerManagerDefaultSecurePort := 10257 }}
+ port: {{ include "kube-prometheus-stack.kubeControllerManager.insecureScrape" (list . $kubeControllerManagerDefaultInsecurePort $kubeControllerManagerDefaultSecurePort .Values.kubeControllerManager.service.port) }}
+ protocol: TCP
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/service.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/service.yaml
new file mode 100644
index 0000000..197f0f4
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/service.yaml
@@ -0,0 +1,29 @@
+{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.service.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-kube-controller-manager
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager
+ jobLabel: kube-controller-manager
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+ namespace: kube-system
+spec:
+ clusterIP: None
+ ports:
+ - name: http-metrics
+ {{- $kubeControllerManagerDefaultInsecurePort := 10252 }}
+ {{- $kubeControllerManagerDefaultSecurePort := 10257 }}
+ port: {{ include "kube-prometheus-stack.kubeControllerManager.insecureScrape" (list . $kubeControllerManagerDefaultInsecurePort $kubeControllerManagerDefaultSecurePort .Values.kubeControllerManager.service.port) }}
+ protocol: TCP
+ targetPort: {{ include "kube-prometheus-stack.kubeControllerManager.insecureScrape" (list . $kubeControllerManagerDefaultInsecurePort $kubeControllerManagerDefaultSecurePort .Values.kubeControllerManager.service.targetPort) }}
+{{- if .Values.kubeControllerManager.endpoints }}{{- else }}
+ selector:
+ {{- if .Values.kubeControllerManager.service.selector }}
+{{ toYaml .Values.kubeControllerManager.service.selector | indent 4 }}
+ {{- else}}
+ component: kube-controller-manager
+ {{- end}}
+{{- end }}
+ type: ClusterIP
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/servicemonitor.yaml
new file mode 100644
index 0000000..65556e1
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/servicemonitor.yaml
@@ -0,0 +1,50 @@
+{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-kube-controller-manager
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager
+ {{- with .Values.kubeControllerManager.serviceMonitor.additionalLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+spec:
+ jobLabel: jobLabel
+ selector:
+ matchLabels:
+ app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager
+ release: {{ $.Release.Name | quote }}
+ namespaceSelector:
+ matchNames:
+ - "kube-system"
+ endpoints:
+ - port: http-metrics
+ {{- if .Values.kubeControllerManager.serviceMonitor.interval }}
+ interval: {{ .Values.kubeControllerManager.serviceMonitor.interval }}
+ {{- end }}
+ bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+ {{- if .Values.kubeControllerManager.serviceMonitor.proxyUrl }}
+ proxyUrl: {{ .Values.kubeControllerManager.serviceMonitor.proxyUrl}}
+ {{- end }}
+ {{- if eq (include "kube-prometheus-stack.kubeControllerManager.insecureScrape" (list . false true .Values.kubeControllerManager.serviceMonitor.https )) "true" }}
+ scheme: https
+ tlsConfig:
+ caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+ {{- if eq (include "kube-prometheus-stack.kubeControllerManager.insecureScrape" (list . nil true .Values.kubeControllerManager.serviceMonitor.insecureSkipVerify)) "true" }}
+ insecureSkipVerify: true
+ {{- end }}
+ {{- if .Values.kubeControllerManager.serviceMonitor.serverName }}
+ serverName: {{ .Values.kubeControllerManager.serviceMonitor.serverName }}
+ {{- end }}
+ {{- end }}
+{{- if .Values.kubeControllerManager.serviceMonitor.metricRelabelings }}
+ metricRelabelings:
+{{ tpl (toYaml .Values.kubeControllerManager.serviceMonitor.metricRelabelings | indent 4) . }}
+{{- end }}
+{{- if .Values.kubeControllerManager.serviceMonitor.relabelings }}
+ relabelings:
+{{ tpl (toYaml .Values.kubeControllerManager.serviceMonitor.relabelings | indent 4) . }}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/exporters/kube-dns/service.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-dns/service.yaml
new file mode 100644
index 0000000..c7bf142
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/exporters/kube-dns/service.yaml
@@ -0,0 +1,28 @@
+{{- if .Values.kubeDns.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-kube-dns
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-kube-dns
+ jobLabel: kube-dns
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+ namespace: kube-system
+spec:
+ clusterIP: None
+ ports:
+ - name: http-metrics-dnsmasq
+ port: {{ .Values.kubeDns.service.dnsmasq.port }}
+ protocol: TCP
+ targetPort: {{ .Values.kubeDns.service.dnsmasq.targetPort }}
+ - name: http-metrics-skydns
+ port: {{ .Values.kubeDns.service.skydns.port }}
+ protocol: TCP
+ targetPort: {{ .Values.kubeDns.service.skydns.targetPort }}
+ selector:
+ {{- if .Values.kubeDns.service.selector }}
+{{ toYaml .Values.kubeDns.service.selector | indent 4 }}
+ {{- else}}
+ k8s-app: kube-dns
+ {{- end}}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/exporters/kube-dns/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-dns/servicemonitor.yaml
new file mode 100644
index 0000000..5c4afc9
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/exporters/kube-dns/servicemonitor.yaml
@@ -0,0 +1,52 @@
+{{- if .Values.kubeDns.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-kube-dns
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-kube-dns
+ {{- with .Values.kubeDns.serviceMonitor.additionalLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+spec:
+ jobLabel: jobLabel
+ selector:
+ matchLabels:
+ app: {{ template "kube-prometheus-stack.name" . }}-kube-dns
+ release: {{ $.Release.Name | quote }}
+ namespaceSelector:
+ matchNames:
+ - "kube-system"
+ endpoints:
+ - port: http-metrics-dnsmasq
+ {{- if .Values.kubeDns.serviceMonitor.interval }}
+ interval: {{ .Values.kubeDns.serviceMonitor.interval }}
+ {{- end }}
+ bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+ {{- if .Values.kubeDns.serviceMonitor.proxyUrl }}
+ proxyUrl: {{ .Values.kubeDns.serviceMonitor.proxyUrl}}
+ {{- end }}
+{{- if .Values.kubeDns.serviceMonitor.dnsmasqMetricRelabelings }}
+ metricRelabelings:
+{{ tpl (toYaml .Values.kubeDns.serviceMonitor.dnsmasqMetricRelabelings | indent 4) . }}
+{{- end }}
+{{- if .Values.kubeDns.serviceMonitor.dnsmasqRelabelings }}
+ relabelings:
+{{ toYaml .Values.kubeDns.serviceMonitor.dnsmasqRelabelings | indent 4 }}
+{{- end }}
+ - port: http-metrics-skydns
+ {{- if .Values.kubeDns.serviceMonitor.interval }}
+ interval: {{ .Values.kubeDns.serviceMonitor.interval }}
+ {{- end }}
+ bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+{{- if .Values.kubeDns.serviceMonitor.metricRelabelings }}
+ metricRelabelings:
+{{ tpl (toYaml .Values.kubeDns.serviceMonitor.metricRelabelings | indent 4) . }}
+{{- end }}
+{{- if .Values.kubeDns.serviceMonitor.relabelings }}
+ relabelings:
+{{ tpl (toYaml .Values.kubeDns.serviceMonitor.relabelings | indent 4) . }}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/exporters/kube-etcd/endpoints.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-etcd/endpoints.yaml
new file mode 100644
index 0000000..8f07a5c
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/exporters/kube-etcd/endpoints.yaml
@@ -0,0 +1,20 @@
+{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.endpoints }}
+apiVersion: v1
+kind: Endpoints
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-kube-etcd
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd
+ k8s-app: etcd-server
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+ namespace: kube-system
+subsets:
+ - addresses:
+ {{- range .Values.kubeEtcd.endpoints }}
+ - ip: {{ . }}
+ {{- end }}
+ ports:
+ - name: http-metrics
+ port: {{ .Values.kubeEtcd.service.port }}
+ protocol: TCP
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/exporters/kube-etcd/service.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-etcd/service.yaml
new file mode 100644
index 0000000..b2677e2
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/exporters/kube-etcd/service.yaml
@@ -0,0 +1,27 @@
+{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.service.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-kube-etcd
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd
+ jobLabel: kube-etcd
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+ namespace: kube-system
+spec:
+ clusterIP: None
+ ports:
+ - name: http-metrics
+ port: {{ .Values.kubeEtcd.service.port }}
+ protocol: TCP
+ targetPort: {{ .Values.kubeEtcd.service.targetPort }}
+{{- if .Values.kubeEtcd.endpoints }}{{- else }}
+ selector:
+ {{- if .Values.kubeEtcd.service.selector }}
+{{ toYaml .Values.kubeEtcd.service.selector | indent 4 }}
+ {{- else}}
+ component: etcd
+ {{- end}}
+{{- end }}
+ type: ClusterIP
+{{- end -}}
diff --git a/charts/kube-prometheus-stack/templates/exporters/kube-etcd/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-etcd/servicemonitor.yaml
new file mode 100644
index 0000000..8418c00
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/exporters/kube-etcd/servicemonitor.yaml
@@ -0,0 +1,56 @@
+{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-kube-etcd
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd
+ {{- with .Values.kubeEtcd.serviceMonitor.additionalLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+spec:
+ jobLabel: jobLabel
+ selector:
+ matchLabels:
+ app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd
+ release: {{ $.Release.Name | quote }}
+ namespaceSelector:
+ matchNames:
+ - "kube-system"
+ endpoints:
+ - port: http-metrics
+ {{- if .Values.kubeEtcd.serviceMonitor.interval }}
+ interval: {{ .Values.kubeEtcd.serviceMonitor.interval }}
+ {{- end }}
+ bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+ {{- if .Values.kubeEtcd.serviceMonitor.proxyUrl }}
+ proxyUrl: {{ .Values.kubeEtcd.serviceMonitor.proxyUrl}}
+ {{- end }}
+ {{- if eq .Values.kubeEtcd.serviceMonitor.scheme "https" }}
+ scheme: https
+ tlsConfig:
+ {{- if .Values.kubeEtcd.serviceMonitor.serverName }}
+ serverName: {{ .Values.kubeEtcd.serviceMonitor.serverName }}
+ {{- end }}
+ {{- if .Values.kubeEtcd.serviceMonitor.caFile }}
+ caFile: {{ .Values.kubeEtcd.serviceMonitor.caFile }}
+ {{- end }}
+ {{- if .Values.kubeEtcd.serviceMonitor.certFile }}
+ certFile: {{ .Values.kubeEtcd.serviceMonitor.certFile }}
+ {{- end }}
+ {{- if .Values.kubeEtcd.serviceMonitor.keyFile }}
+ keyFile: {{ .Values.kubeEtcd.serviceMonitor.keyFile }}
+ {{- end}}
+ insecureSkipVerify: {{ .Values.kubeEtcd.serviceMonitor.insecureSkipVerify }}
+ {{- end }}
+{{- if .Values.kubeEtcd.serviceMonitor.metricRelabelings }}
+ metricRelabelings:
+{{ tpl (toYaml .Values.kubeEtcd.serviceMonitor.metricRelabelings | indent 4) . }}
+{{- end }}
+{{- if .Values.kubeEtcd.serviceMonitor.relabelings }}
+ relabelings:
+{{ tpl (toYaml .Values.kubeEtcd.serviceMonitor.relabelings | indent 4) . }}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/exporters/kube-proxy/endpoints.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-proxy/endpoints.yaml
new file mode 100644
index 0000000..2cb756d
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/exporters/kube-proxy/endpoints.yaml
@@ -0,0 +1,20 @@
+{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.endpoints }}
+apiVersion: v1
+kind: Endpoints
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-kube-proxy
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy
+ k8s-app: kube-proxy
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+ namespace: kube-system
+subsets:
+ - addresses:
+ {{- range .Values.kubeProxy.endpoints }}
+ - ip: {{ . }}
+ {{- end }}
+ ports:
+ - name: http-metrics
+ port: {{ .Values.kubeProxy.service.port }}
+ protocol: TCP
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/exporters/kube-proxy/service.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-proxy/service.yaml
new file mode 100644
index 0000000..6a93319
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/exporters/kube-proxy/service.yaml
@@ -0,0 +1,27 @@
+{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.service.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-kube-proxy
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy
+ jobLabel: kube-proxy
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+ namespace: kube-system
+spec:
+ clusterIP: None
+ ports:
+ - name: http-metrics
+ port: {{ .Values.kubeProxy.service.port }}
+ protocol: TCP
+ targetPort: {{ .Values.kubeProxy.service.targetPort }}
+{{- if .Values.kubeProxy.endpoints }}{{- else }}
+ selector:
+ {{- if .Values.kubeProxy.service.selector }}
+{{ toYaml .Values.kubeProxy.service.selector | indent 4 }}
+ {{- else}}
+ k8s-app: kube-proxy
+ {{- end}}
+{{- end }}
+ type: ClusterIP
+{{- end -}}
diff --git a/charts/kube-prometheus-stack/templates/exporters/kube-proxy/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-proxy/servicemonitor.yaml
new file mode 100644
index 0000000..329b37b
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/exporters/kube-proxy/servicemonitor.yaml
@@ -0,0 +1,44 @@
+{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-kube-proxy
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy
+ {{- with .Values.kubeProxy.serviceMonitor.additionalLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+spec:
+ jobLabel: jobLabel
+ selector:
+ matchLabels:
+ app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy
+ release: {{ $.Release.Name | quote }}
+ namespaceSelector:
+ matchNames:
+ - "kube-system"
+ endpoints:
+ - port: http-metrics
+ {{- if .Values.kubeProxy.serviceMonitor.interval }}
+ interval: {{ .Values.kubeProxy.serviceMonitor.interval }}
+ {{- end }}
+ bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+ {{- if .Values.kubeProxy.serviceMonitor.proxyUrl }}
+ proxyUrl: {{ .Values.kubeProxy.serviceMonitor.proxyUrl}}
+ {{- end }}
+ {{- if .Values.kubeProxy.serviceMonitor.https }}
+ scheme: https
+ tlsConfig:
+ caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+ {{- end}}
+{{- if .Values.kubeProxy.serviceMonitor.metricRelabelings }}
+ metricRelabelings:
+{{ tpl (toYaml .Values.kubeProxy.serviceMonitor.metricRelabelings | indent 4) . }}
+{{- end }}
+{{- if .Values.kubeProxy.serviceMonitor.relabelings }}
+ relabelings:
+{{ tpl (toYaml .Values.kubeProxy.serviceMonitor.relabelings | indent 4) . }}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/endpoints.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/endpoints.yaml
new file mode 100644
index 0000000..84a14ae
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/endpoints.yaml
@@ -0,0 +1,22 @@
+{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.endpoints }}
+apiVersion: v1
+kind: Endpoints
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-kube-scheduler
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler
+ k8s-app: kube-scheduler
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+ namespace: kube-system
+subsets:
+ - addresses:
+ {{- range .Values.kubeScheduler.endpoints }}
+ - ip: {{ . }}
+ {{- end }}
+ ports:
+ - name: http-metrics
+ {{- $kubeSchedulerDefaultInsecurePort := 10251 }}
+ {{- $kubeSchedulerDefaultSecurePort := 10259 }}
+ port: {{ include "kube-prometheus-stack.kubeScheduler.insecureScrape" (list . $kubeSchedulerDefaultInsecurePort $kubeSchedulerDefaultSecurePort .Values.kubeScheduler.service.port) }}
+ protocol: TCP
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/service.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/service.yaml
new file mode 100644
index 0000000..eef9df0
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/service.yaml
@@ -0,0 +1,29 @@
+{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.service.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-kube-scheduler
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler
+ jobLabel: kube-scheduler
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+ namespace: kube-system
+spec:
+ clusterIP: None
+ ports:
+ - name: http-metrics
+ {{- $kubeSchedulerDefaultInsecurePort := 10251 }}
+ {{- $kubeSchedulerDefaultSecurePort := 10259 }}
+ port: {{ include "kube-prometheus-stack.kubeScheduler.insecureScrape" (list . $kubeSchedulerDefaultInsecurePort $kubeSchedulerDefaultSecurePort .Values.kubeScheduler.service.port) }}
+ protocol: TCP
+ targetPort: {{ include "kube-prometheus-stack.kubeScheduler.insecureScrape" (list . $kubeSchedulerDefaultInsecurePort $kubeSchedulerDefaultSecurePort .Values.kubeScheduler.service.targetPort) }}
+{{- if .Values.kubeScheduler.endpoints }}{{- else }}
+ selector:
+ {{- if .Values.kubeScheduler.service.selector }}
+{{ toYaml .Values.kubeScheduler.service.selector | indent 4 }}
+ {{- else}}
+ component: kube-scheduler
+ {{- end}}
+{{- end }}
+ type: ClusterIP
+{{- end -}}
diff --git a/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/servicemonitor.yaml
new file mode 100644
index 0000000..6d43bf6
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/servicemonitor.yaml
@@ -0,0 +1,50 @@
+{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-kube-scheduler
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler
+ {{- with .Values.kubeScheduler.serviceMonitor.additionalLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+spec:
+ jobLabel: jobLabel
+ selector:
+ matchLabels:
+ app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler
+ release: {{ $.Release.Name | quote }}
+ namespaceSelector:
+ matchNames:
+ - "kube-system"
+ endpoints:
+ - port: http-metrics
+ {{- if .Values.kubeScheduler.serviceMonitor.interval }}
+ interval: {{ .Values.kubeScheduler.serviceMonitor.interval }}
+ {{- end }}
+ bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+ {{- if .Values.kubeScheduler.serviceMonitor.proxyUrl }}
+ proxyUrl: {{ .Values.kubeScheduler.serviceMonitor.proxyUrl}}
+ {{- end }}
+ {{- if eq (include "kube-prometheus-stack.kubeScheduler.insecureScrape" (list . false true .Values.kubeScheduler.serviceMonitor.https )) "true" }}
+ scheme: https
+ tlsConfig:
+ caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+ {{- if eq (include "kube-prometheus-stack.kubeScheduler.insecureScrape" (list . nil true .Values.kubeScheduler.serviceMonitor.insecureSkipVerify)) "true" }}
+ insecureSkipVerify: true
+ {{- end }}
+ {{- if .Values.kubeScheduler.serviceMonitor.serverName }}
+ serverName: {{ .Values.kubeScheduler.serviceMonitor.serverName }}
+ {{- end}}
+ {{- end}}
+{{- if .Values.kubeScheduler.serviceMonitor.metricRelabelings }}
+ metricRelabelings:
+{{ tpl (toYaml .Values.kubeScheduler.serviceMonitor.metricRelabelings | indent 4) . }}
+{{- end }}
+{{- if .Values.kubeScheduler.serviceMonitor.relabelings }}
+ relabelings:
+{{ tpl (toYaml .Values.kubeScheduler.serviceMonitor.relabelings | indent 4) . }}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/exporters/kubelet/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/exporters/kubelet/servicemonitor.yaml
new file mode 100644
index 0000000..52700bc
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/exporters/kubelet/servicemonitor.yaml
@@ -0,0 +1,216 @@
+{{- if .Values.kubelet.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-kubelet
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-kubelet
+ {{- with .Values.kubelet.serviceMonitor.additionalLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- include "kube-prometheus-stack.labels" . | indent 4 }}
+spec:
+ endpoints:
+ {{- if .Values.kubelet.serviceMonitor.https }}
+ - port: https-metrics
+ scheme: https
+ {{- if .Values.kubelet.serviceMonitor.interval }}
+ interval: {{ .Values.kubelet.serviceMonitor.interval }}
+ {{- end }}
+ {{- if .Values.kubelet.serviceMonitor.proxyUrl }}
+ proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }}
+ {{- end }}
+ {{- if .Values.kubelet.serviceMonitor.scrapeTimeout }}
+ scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }}
+ {{- end }}
+ tlsConfig:
+ caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+ insecureSkipVerify: true
+ bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+ honorLabels: true
+{{- if .Values.kubelet.serviceMonitor.metricRelabelings }}
+ metricRelabelings:
+{{ tpl (toYaml .Values.kubelet.serviceMonitor.metricRelabelings | indent 4) . }}
+{{- end }}
+{{- if .Values.kubelet.serviceMonitor.relabelings }}
+ relabelings:
+{{ tpl (toYaml .Values.kubelet.serviceMonitor.relabelings | indent 4) . }}
+{{- end }}
+{{- if .Values.kubelet.serviceMonitor.cAdvisor }}
+ - port: https-metrics
+ scheme: https
+ path: /metrics/cadvisor
+ {{- if .Values.kubelet.serviceMonitor.interval }}
+ interval: {{ .Values.kubelet.serviceMonitor.interval }}
+ {{- end }}
+ {{- if .Values.kubelet.serviceMonitor.proxyUrl }}
+ proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }}
+ {{- end }}
+ {{- if .Values.kubelet.serviceMonitor.scrapeTimeout }}
+ scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }}
+ {{- end }}
+ honorLabels: true
+ tlsConfig:
+ caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+ insecureSkipVerify: true
+ bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+{{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }}
+ metricRelabelings:
+{{ tpl (toYaml .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings | indent 4) . }}
+{{- end }}
+{{- if .Values.kubelet.serviceMonitor.cAdvisorRelabelings }}
+ relabelings:
+{{ tpl (toYaml .Values.kubelet.serviceMonitor.cAdvisorRelabelings | indent 4) . }}
+{{- end }}
+{{- end }}
+{{- if .Values.kubelet.serviceMonitor.probes }}
+ - port: https-metrics
+ scheme: https
+ path: /metrics/probes
+ {{- if .Values.kubelet.serviceMonitor.interval }}
+ interval: {{ .Values.kubelet.serviceMonitor.interval }}
+ {{- end }}
+ {{- if .Values.kubelet.serviceMonitor.proxyUrl }}
+ proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }}
+ {{- end }}
+ {{- if .Values.kubelet.serviceMonitor.scrapeTimeout }}
+ scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }}
+ {{- end }}
+ honorLabels: true
+ tlsConfig:
+ caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+ insecureSkipVerify: true
+ bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+{{- if .Values.kubelet.serviceMonitor.probesMetricRelabelings }}
+ metricRelabelings:
+{{ tpl (toYaml .Values.kubelet.serviceMonitor.probesMetricRelabelings | indent 4) . }}
+{{- end }}
+{{- if .Values.kubelet.serviceMonitor.probesRelabelings }}
+ relabelings:
+{{ tpl (toYaml .Values.kubelet.serviceMonitor.probesRelabelings | indent 4) . }}
+{{- end }}
+{{- end }}
+{{- if .Values.kubelet.serviceMonitor.resource }}
+ - port: https-metrics
+ scheme: https
+ path: {{ .Values.kubelet.serviceMonitor.resourcePath }}
+ {{- if .Values.kubelet.serviceMonitor.interval }}
+ interval: {{ .Values.kubelet.serviceMonitor.interval }}
+ {{- end }}
+ {{- if .Values.kubelet.serviceMonitor.proxyUrl }}
+ proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }}
+ {{- end }}
+ {{- if .Values.kubelet.serviceMonitor.scrapeTimeout }}
+ scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }}
+ {{- end }}
+ honorLabels: true
+ tlsConfig:
+ caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+ insecureSkipVerify: true
+ bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+{{- if .Values.kubelet.serviceMonitor.resourceMetricRelabelings }}
+ metricRelabelings:
+{{ tpl (toYaml .Values.kubelet.serviceMonitor.resourceMetricRelabelings | indent 4) . }}
+{{- end }}
+{{- if .Values.kubelet.serviceMonitor.resourceRelabelings }}
+ relabelings:
+{{ tpl (toYaml .Values.kubelet.serviceMonitor.resourceRelabelings | indent 4) . }}
+{{- end }}
+{{- end }}
+ {{- else }}
+ - port: http-metrics
+ {{- if .Values.kubelet.serviceMonitor.interval }}
+ interval: {{ .Values.kubelet.serviceMonitor.interval }}
+ {{- end }}
+ {{- if .Values.kubelet.serviceMonitor.proxyUrl }}
+ proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }}
+ {{- end }}
+ {{- if .Values.kubelet.serviceMonitor.scrapeTimeout }}
+ scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }}
+ {{- end }}
+ honorLabels: true
+{{- if .Values.kubelet.serviceMonitor.metricRelabelings }}
+ metricRelabelings:
+{{ tpl (toYaml .Values.kubelet.serviceMonitor.metricRelabelings | indent 4) . }}
+{{- end }}
+{{- if .Values.kubelet.serviceMonitor.relabelings }}
+ relabelings:
+{{ tpl (toYaml .Values.kubelet.serviceMonitor.relabelings | indent 4) . }}
+{{- end }}
+{{- if .Values.kubelet.serviceMonitor.cAdvisor }}
+ - port: http-metrics
+ path: /metrics/cadvisor
+ {{- if .Values.kubelet.serviceMonitor.interval }}
+ interval: {{ .Values.kubelet.serviceMonitor.interval }}
+ {{- end }}
+ {{- if .Values.kubelet.serviceMonitor.proxyUrl }}
+ proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }}
+ {{- end }}
+ {{- if .Values.kubelet.serviceMonitor.scrapeTimeout }}
+ scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }}
+ {{- end }}
+ honorLabels: true
+{{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }}
+ metricRelabelings:
+{{ tpl (toYaml .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings | indent 4) . }}
+{{- end }}
+{{- if .Values.kubelet.serviceMonitor.cAdvisorRelabelings }}
+ relabelings:
+{{ tpl (toYaml .Values.kubelet.serviceMonitor.cAdvisorRelabelings | indent 4) . }}
+{{- end }}
+{{- if .Values.kubelet.serviceMonitor.probes }}
+ - port: http-metrics
+ path: /metrics/probes
+ {{- if .Values.kubelet.serviceMonitor.interval }}
+ interval: {{ .Values.kubelet.serviceMonitor.interval }}
+ {{- end }}
+ {{- if .Values.kubelet.serviceMonitor.proxyUrl }}
+ proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }}
+ {{- end }}
+ {{- if .Values.kubelet.serviceMonitor.scrapeTimeout }}
+ scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }}
+ {{- end }}
+ honorLabels: true
+{{- if .Values.kubelet.serviceMonitor.probesMetricRelabelings }}
+ metricRelabelings:
+{{ tpl (toYaml .Values.kubelet.serviceMonitor.probesMetricRelabelings | indent 4) . }}
+{{- end }}
+{{- if .Values.kubelet.serviceMonitor.probesRelabelings }}
+ relabelings:
+{{ tpl (toYaml .Values.kubelet.serviceMonitor.probesRelabelings | indent 4) . }}
+{{- end }}
+{{- end }}
+{{- if .Values.kubelet.serviceMonitor.resource }}
+ - port: http-metrics
+ path: {{ .Values.kubelet.serviceMonitor.resourcePath }}
+ {{- if .Values.kubelet.serviceMonitor.interval }}
+ interval: {{ .Values.kubelet.serviceMonitor.interval }}
+ {{- end }}
+ {{- if .Values.kubelet.serviceMonitor.proxyUrl }}
+ proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }}
+ {{- end }}
+ {{- if .Values.kubelet.serviceMonitor.scrapeTimeout }}
+ scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }}
+ {{- end }}
+ honorLabels: true
+{{- if .Values.kubelet.serviceMonitor.resourceMetricRelabelings }}
+ metricRelabelings:
+{{ tpl (toYaml .Values.kubelet.serviceMonitor.resourceMetricRelabelings | indent 4) . }}
+{{- end }}
+{{- if .Values.kubelet.serviceMonitor.resourceRelabelings }}
+ relabelings:
+{{ tpl (toYaml .Values.kubelet.serviceMonitor.resourceRelabelings | indent 4) . }}
+{{- end }}
+{{- end }}
+{{- end }}
+ {{- end }}
+ jobLabel: k8s-app
+ namespaceSelector:
+ matchNames:
+ - {{ .Values.kubelet.namespace }}
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: kubelet
+ k8s-app: kubelet
+{{- end}}
diff --git a/charts/kube-prometheus-stack/templates/grafana/configmap-dashboards.yaml b/charts/kube-prometheus-stack/templates/grafana/configmap-dashboards.yaml
new file mode 100644
index 0000000..c04efc4
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/grafana/configmap-dashboards.yaml
@@ -0,0 +1,24 @@
+{{- if or (and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled) .Values.grafana.forceDeployDashboards }}
+{{- $files := .Files.Glob "dashboards-1.14/*.json" }}
+{{- if $files }}
+apiVersion: v1
+kind: ConfigMapList
+items:
+{{- range $path, $fileContents := $files }}
+{{- $dashboardName := regexReplaceAll "(^.*/)(.*)\\.json$" $path "${2}" }}
+- apiVersion: v1
+ kind: ConfigMap
+ metadata:
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) $dashboardName | trunc 63 | trimSuffix "-" }}
+ namespace: {{ template "kube-prometheus-stack-grafana.namespace" $ }}
+ labels:
+ {{- if $.Values.grafana.sidecar.dashboards.label }}
+ {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }}
+ {{- end }}
+ app: {{ template "kube-prometheus-stack.name" $ }}-grafana
+{{ include "kube-prometheus-stack.labels" $ | indent 6 }}
+ data:
+ {{ $dashboardName }}.json: {{ $.Files.Get $path | toJson }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/grafana/configmaps-datasources.yaml b/charts/kube-prometheus-stack/templates/grafana/configmaps-datasources.yaml
new file mode 100644
index 0000000..b5f0bf8
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/grafana/configmaps-datasources.yaml
@@ -0,0 +1,63 @@
+{{- if or (and .Values.grafana.enabled .Values.grafana.sidecar.datasources.enabled) .Values.grafana.forceDeployDatasources }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-grafana-datasource
+ namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }}
+{{- if .Values.grafana.sidecar.datasources.annotations }}
+ annotations:
+{{ toYaml .Values.grafana.sidecar.datasources.annotations | indent 4 }}
+{{- end }}
+ labels:
+ {{ $.Values.grafana.sidecar.datasources.label }}: {{ $.Values.grafana.sidecar.datasources.labelValue | quote }}
+ app: {{ template "kube-prometheus-stack.name" $ }}-grafana
+{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
+data:
+ datasource.yaml: |-
+ apiVersion: 1
+{{- if .Values.grafana.deleteDatasources }}
+ deleteDatasources:
+{{ tpl (toYaml .Values.grafana.deleteDatasources | indent 6) . }}
+{{- end }}
+ datasources:
+{{- $scrapeInterval := .Values.grafana.sidecar.datasources.defaultDatasourceScrapeInterval | default .Values.prometheus.prometheusSpec.scrapeInterval | default "30s" }}
+{{- if .Values.grafana.sidecar.datasources.defaultDatasourceEnabled }}
+ - name: Prometheus
+ type: prometheus
+ uid: {{ .Values.grafana.sidecar.datasources.uid }}
+ {{- if .Values.grafana.sidecar.datasources.url }}
+ url: {{ .Values.grafana.sidecar.datasources.url }}
+ {{- else }}
+ url: http://{{ template "kube-prometheus-stack.fullname" . }}-prometheus.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.prometheus.service.port }}/{{ trimPrefix "/" .Values.prometheus.prometheusSpec.routePrefix }}
+ {{- end }}
+ access: proxy
+ isDefault: true
+ jsonData:
+ timeInterval: {{ $scrapeInterval }}
+{{- if .Values.grafana.sidecar.datasources.exemplarTraceIdDestinations }}
+ exemplarTraceIdDestinations:
+ - datasourceUid: {{ .Values.grafana.sidecar.datasources.exemplarTraceIdDestinations.datasourceUid }}
+ name: {{ .Values.grafana.sidecar.datasources.exemplarTraceIdDestinations.traceIdLabelName }}
+{{- end }}
+{{- if .Values.grafana.sidecar.datasources.createPrometheusReplicasDatasources }}
+{{- range until (int .Values.prometheus.prometheusSpec.replicas) }}
+ - name: Prometheus-{{ . }}
+ type: prometheus
+ uid: {{ $.Values.grafana.sidecar.datasources.uid }}-replica-{{ . }}
+ url: http://prometheus-{{ template "kube-prometheus-stack.prometheus.crname" $ }}-{{ . }}.prometheus-operated:9090/{{ trimPrefix "/" $.Values.prometheus.prometheusSpec.routePrefix }}
+ access: proxy
+ isDefault: false
+ jsonData:
+ timeInterval: {{ $scrapeInterval }}
+{{- if $.Values.grafana.sidecar.datasources.exemplarTraceIdDestinations }}
+ exemplarTraceIdDestinations:
+ - datasourceUid: {{ .Values.grafana.sidecar.datasources.exemplarTraceIdDestinations.datasourceUid }}
+ name: {{ .Values.grafana.sidecar.datasources.exemplarTraceIdDestinations.traceIdLabelName }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- if .Values.grafana.additionalDataSources }}
+{{ tpl (toYaml .Values.grafana.additionalDataSources | indent 4) . }}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/alertmanager-overview.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/alertmanager-overview.yaml
new file mode 100644
index 0000000..7236239
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/alertmanager-overview.yaml
@@ -0,0 +1,614 @@
+{{- /*
+Generated from 'alertmanager-overview' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }}
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "alertmanager-overview" | trunc 63 | trimSuffix "-" }}
+ annotations:
+{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
+ labels:
+ {{- if $.Values.grafana.sidecar.dashboards.label }}
+ {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }}
+ {{- end }}
+ app: {{ template "kube-prometheus-stack.name" $ }}-grafana
+{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
+data:
+ alertmanager-overview.json: |-
+ {
+ "__inputs": [
+
+ ],
+ "__requires": [
+
+ ],
+ "annotations": {
+ "list": [
+
+ ]
+ },
+ "editable": false,
+ "gnetId": null,
+ "graphTooltip": 1,
+ "hideControls": false,
+ "id": null,
+ "links": [
+
+ ],
+ "refresh": "30s",
+ "rows": [
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "description": "current set of alerts stored in the Alertmanager",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 2,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": false,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(alertmanager_alerts{namespace=~\"$namespace\",service=~\"$service\"}) by (namespace,service,instance)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Alerts",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "none",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "none",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "description": "rate of successful and invalid alerts received by the Alertmanager",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 3,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": false,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(alertmanager_alerts_received_total{namespace=~\"$namespace\",service=~\"$service\"}[$__rate_interval])) by (namespace,service,instance)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} Received",
+ "refId": "A"
+ },
+ {
+ "expr": "sum(rate(alertmanager_alerts_invalid_total{namespace=~\"$namespace\",service=~\"$service\"}[$__rate_interval])) by (namespace,service,instance)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} Invalid",
+ "refId": "B"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Alerts receive rate",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Alerts",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "description": "rate of successful and invalid notifications sent by the Alertmanager",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 4,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": false,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": "integration",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(alertmanager_notifications_total{namespace=~\"$namespace\",service=~\"$service\", integration=\"$integration\"}[$__rate_interval])) by (integration,namespace,service,instance)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} Total",
+ "refId": "A"
+ },
+ {
+ "expr": "sum(rate(alertmanager_notifications_failed_total{namespace=~\"$namespace\",service=~\"$service\", integration=\"$integration\"}[$__rate_interval])) by (integration,namespace,service,instance)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} Failed",
+ "refId": "B"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "$integration: Notifications Send Rate",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "description": "latency of notifications sent by the Alertmanager",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 5,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": false,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": "integration",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "histogram_quantile(0.99,\n sum(rate(alertmanager_notification_latency_seconds_bucket{namespace=~\"$namespace\",service=~\"$service\", integration=\"$integration\"}[$__rate_interval])) by (le,namespace,service,instance)\n) \n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} 99th Percentile",
+ "refId": "A"
+ },
+ {
+ "expr": "histogram_quantile(0.50,\n sum(rate(alertmanager_notification_latency_seconds_bucket{namespace=~\"$namespace\",service=~\"$service\", integration=\"$integration\"}[$__rate_interval])) by (le,namespace,service,instance)\n) \n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} Median",
+ "refId": "B"
+ },
+ {
+ "expr": "sum(rate(alertmanager_notification_latency_seconds_sum{namespace=~\"$namespace\",service=~\"$service\", integration=\"$integration\"}[$__rate_interval])) by (namespace,service,instance)\n/\nsum(rate(alertmanager_notification_latency_seconds_count{namespace=~\"$namespace\",service=~\"$service\", integration=\"$integration\"}[$__rate_interval])) by (namespace,service,instance)\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} Average",
+ "refId": "C"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "$integration: Notification Duration",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Notifications",
+ "titleSize": "h6",
+ "type": "row"
+ }
+ ],
+ "schemaVersion": 14,
+ "style": "dark",
+ "tags": [
+ "alertmanager-mixin"
+ ],
+ "templating": {
+ "list": [
+ {
+ "current": {
+ "text": "Prometheus",
+ "value": "Prometheus"
+ },
+ "hide": 0,
+ "label": "Data Source",
+ "name": "datasource",
+ "options": [
+
+ ],
+ "query": "prometheus",
+ "refresh": 1,
+ "regex": "",
+ "type": "datasource"
+ },
+ {
+ "allValue": null,
+ "current": {
+ "text": "",
+ "value": ""
+ },
+ "datasource": "$datasource",
+ "hide": 0,
+ "includeAll": false,
+ "label": "namespace",
+ "multi": false,
+ "name": "namespace",
+ "options": [
+
+ ],
+ "query": "label_values(alertmanager_alerts, namespace)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "current": {
+ "text": "",
+ "value": ""
+ },
+ "datasource": "$datasource",
+ "hide": 0,
+ "includeAll": false,
+ "label": "service",
+ "multi": false,
+ "name": "service",
+ "options": [
+
+ ],
+ "query": "label_values(alertmanager_alerts, service)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "current": {
+ "text": "all",
+ "value": "$__all"
+ },
+ "datasource": "$datasource",
+ "hide": 2,
+ "includeAll": true,
+ "label": null,
+ "multi": false,
+ "name": "integration",
+ "options": [
+
+ ],
+ "query": "label_values(alertmanager_notifications_total{integration=~\".*\"}, integration)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ }
+ ]
+ },
+ "time": {
+ "from": "now-1h",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}",
+ "title": "Alertmanager / Overview",
+ "uid": "alertmanager-overview",
+ "version": 0
+ }
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/apiserver.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/apiserver.yaml
new file mode 100644
index 0000000..4b9fe4b
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/apiserver.yaml
@@ -0,0 +1,1772 @@
+{{- /*
+Generated from 'apiserver' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.kubeApiServer.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }}
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "apiserver" | trunc 63 | trimSuffix "-" }}
+ annotations:
+{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
+ labels:
+ {{- if $.Values.grafana.sidecar.dashboards.label }}
+ {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }}
+ {{- end }}
+ app: {{ template "kube-prometheus-stack.name" $ }}-grafana
+{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
+data:
+ apiserver.json: |-
+ {
+ "__inputs": [
+
+ ],
+ "__requires": [
+
+ ],
+ "annotations": {
+ "list": [
+
+ ]
+ },
+ "editable": false,
+ "gnetId": null,
+ "graphTooltip": 0,
+ "hideControls": false,
+ "id": null,
+ "links": [
+
+ ],
+ "panels": [
+ {
+ "content": "The SLO (service level objective) and other metrics displayed on this dashboard are for informational purposes only.",
+ "datasource": null,
+ "description": "The SLO (service level objective) and other metrics displayed on this dashboard are for informational purposes only.",
+ "gridPos": {
+ "h": 2,
+ "w": 24,
+ "x": 0,
+ "y": 0
+ },
+ "id": 2,
+ "mode": "markdown",
+ "span": 12,
+ "title": "Notice",
+ "type": "text"
+ }
+ ],
+ "refresh": "10s",
+ "rows": [
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": "$datasource",
+ "decimals": 3,
+ "description": "How many percent of requests (both read and write) in 30 days have been answered successfully and fast enough?",
+ "format": "percentunit",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+
+ },
+ "id": 3,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "rightSide": true
+ },
+ "links": [
+
+ ],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 4,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "apiserver_request:availability30d{verb=\"all\", cluster=\"$cluster\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A"
+ }
+ ],
+ "thresholds": "",
+ "title": "Availability (30d) > 99.000%",
+ "tooltip": {
+ "shared": false
+ },
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "avg"
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "decimals": 3,
+ "description": "How much error budget is left looking at our 0.990% availability guarantees?",
+ "fill": 10,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 4,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 8,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "100 * (apiserver_request:availability30d{verb=\"all\", cluster=\"$cluster\"} - 0.990000)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "errorbudget",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "ErrorBudget (30d) > 99.000%",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "decimals": 3,
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "decimals": 3,
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": false,
+ "title": "Dashboard Row",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": "$datasource",
+ "decimals": 3,
+ "description": "How many percent of read requests (LIST,GET) in 30 days have been answered successfully and fast enough?",
+ "format": "percentunit",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+
+ },
+ "id": 5,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "rightSide": true
+ },
+ "links": [
+
+ ],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 3,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "apiserver_request:availability30d{verb=\"read\", cluster=\"$cluster\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A"
+ }
+ ],
+ "thresholds": "",
+ "title": "Read Availability (30d)",
+ "tooltip": {
+ "shared": false
+ },
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "avg"
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "description": "How many read requests (LIST,GET) per second do the apiservers get by code?",
+ "fill": 10,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 6,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+ {
+ "alias": "/2../i",
+ "color": "#56A64B"
+ },
+ {
+ "alias": "/3../i",
+ "color": "#F2CC0C"
+ },
+ {
+ "alias": "/4../i",
+ "color": "#3274D9"
+ },
+ {
+ "alias": "/5../i",
+ "color": "#E02F44"
+ }
+ ],
+ "spaceLength": 10,
+ "span": 3,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum by (code) (code_resource:apiserver_request_total:rate5m{verb=\"read\", cluster=\"$cluster\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}} code {{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Read SLI - Requests",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "reqps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "reqps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "description": "How many percent of read requests (LIST,GET) per second are returned with errors (5xx)?",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 7,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 3,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum by (resource) (code_resource:apiserver_request_total:rate5m{verb=\"read\",code=~\"5..\", cluster=\"$cluster\"}) / sum by (resource) (code_resource:apiserver_request_total:rate5m{verb=\"read\", cluster=\"$cluster\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}} resource {{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Read SLI - Errors",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "description": "How many seconds is the 99th percentile for reading (LIST|GET) a given resource?",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 8,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 3,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "cluster_quantile:apiserver_request_slo_duration_seconds:histogram_quantile{verb=\"read\", cluster=\"$cluster\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}} resource {{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Read SLI - Duration",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": false,
+ "title": "Dashboard Row",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": "$datasource",
+ "decimals": 3,
+ "description": "How many percent of write requests (POST|PUT|PATCH|DELETE) in 30 days have been answered successfully and fast enough?",
+ "format": "percentunit",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+
+ },
+ "id": 9,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "rightSide": true
+ },
+ "links": [
+
+ ],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 3,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "apiserver_request:availability30d{verb=\"write\", cluster=\"$cluster\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A"
+ }
+ ],
+ "thresholds": "",
+ "title": "Write Availability (30d)",
+ "tooltip": {
+ "shared": false
+ },
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "avg"
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "description": "How many write requests (POST|PUT|PATCH|DELETE) per second do the apiservers get by code?",
+ "fill": 10,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 10,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+ {
+ "alias": "/2../i",
+ "color": "#56A64B"
+ },
+ {
+ "alias": "/3../i",
+ "color": "#F2CC0C"
+ },
+ {
+ "alias": "/4../i",
+ "color": "#3274D9"
+ },
+ {
+ "alias": "/5../i",
+ "color": "#E02F44"
+ }
+ ],
+ "spaceLength": 10,
+ "span": 3,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum by (code) (code_resource:apiserver_request_total:rate5m{verb=\"write\", cluster=\"$cluster\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}} code {{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Write SLI - Requests",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "reqps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "reqps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "description": "How many percent of write requests (POST|PUT|PATCH|DELETE) per second are returned with errors (5xx)?",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 11,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 3,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum by (resource) (code_resource:apiserver_request_total:rate5m{verb=\"write\",code=~\"5..\", cluster=\"$cluster\"}) / sum by (resource) (code_resource:apiserver_request_total:rate5m{verb=\"write\", cluster=\"$cluster\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}} resource {{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Write SLI - Errors",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "description": "How many seconds is the 99th percentile for writing (POST|PUT|PATCH|DELETE) a given resource?",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 12,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 3,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "cluster_quantile:apiserver_request_slo_duration_seconds:histogram_quantile{verb=\"write\", cluster=\"$cluster\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}} resource {{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Write SLI - Duration",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": false,
+ "title": "Dashboard Row",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 13,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": false,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(workqueue_adds_total{job=\"apiserver\", instance=~\"$instance\", cluster=\"$cluster\"}[$__rate_interval])) by (instance, name)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Work Queue Add Rate",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 14,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": false,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(workqueue_depth{job=\"apiserver\", instance=~\"$instance\", cluster=\"$cluster\"}[$__rate_interval])) by (instance, name)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Work Queue Depth",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 15,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "histogram_quantile(0.99, sum(rate(workqueue_queue_duration_seconds_bucket{job=\"apiserver\", instance=~\"$instance\", cluster=\"$cluster\"}[$__rate_interval])) by (instance, name, le))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Work Queue Latency",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": false,
+ "title": "Dashboard Row",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 16,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 4,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "process_resident_memory_bytes{job=\"apiserver\",instance=~\"$instance\", cluster=\"$cluster\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Memory",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "bytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "bytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 17,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 4,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "rate(process_cpu_seconds_total{job=\"apiserver\",instance=~\"$instance\", cluster=\"$cluster\"}[$__rate_interval])",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "CPU usage",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 18,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 4,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "go_goroutines{job=\"apiserver\",instance=~\"$instance\", cluster=\"$cluster\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Goroutines",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": false,
+ "title": "Dashboard Row",
+ "titleSize": "h6",
+ "type": "row"
+ }
+ ],
+ "schemaVersion": 14,
+ "style": "dark",
+ "tags": [
+ "kubernetes-mixin"
+ ],
+ "templating": {
+ "list": [
+ {
+ "current": {
+ "text": "default",
+ "value": "default"
+ },
+ "hide": 0,
+ "label": "Data Source",
+ "name": "datasource",
+ "options": [
+
+ ],
+ "query": "prometheus",
+ "refresh": 1,
+ "regex": "",
+ "type": "datasource"
+ },
+ {
+ "allValue": null,
+ "current": {
+
+ },
+ "datasource": "$datasource",
+ "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }},
+ "includeAll": false,
+ "label": "cluster",
+ "multi": false,
+ "name": "cluster",
+ "options": [
+
+ ],
+ "query": "label_values(up{job=\"apiserver\"}, cluster)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "current": {
+
+ },
+ "datasource": "$datasource",
+ "hide": 0,
+ "includeAll": true,
+ "label": null,
+ "multi": false,
+ "name": "instance",
+ "options": [
+
+ ],
+ "query": "label_values(up{job=\"apiserver\", cluster=\"$cluster\"}, instance)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ }
+ ]
+ },
+ "time": {
+ "from": "now-1h",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}",
+ "title": "Kubernetes / API server",
+ "uid": "09ec8aa1e996d6ffcd6817bbaff4db1b",
+ "version": 0
+ }
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/cluster-total.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/cluster-total.yaml
new file mode 100644
index 0000000..16c1872
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/cluster-total.yaml
@@ -0,0 +1,1882 @@
+{{- /*
+Generated from 'cluster-total' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }}
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "cluster-total" | trunc 63 | trimSuffix "-" }}
+ annotations:
+{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
+ labels:
+ {{- if $.Values.grafana.sidecar.dashboards.label }}
+ {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }}
+ {{- end }}
+ app: {{ template "kube-prometheus-stack.name" $ }}-grafana
+{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
+data:
+ cluster-total.json: |-
+ {
+ "__inputs": [
+
+ ],
+ "__requires": [
+
+ ],
+ "annotations": {
+ "list": [
+ {
+ "builtIn": 1,
+ "datasource": "-- Grafana --",
+ "enable": true,
+ "hide": true,
+ "iconColor": "rgba(0, 211, 255, 1)",
+ "name": "Annotations & Alerts",
+ "type": "dashboard"
+ }
+ ]
+ },
+ "editable": true,
+ "gnetId": null,
+ "graphTooltip": 0,
+ "hideControls": false,
+ "id": null,
+ "links": [
+
+ ],
+ "panels": [
+ {
+ "collapse": false,
+ "collapsed": false,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 0
+ },
+ "id": 2,
+ "panels": [
+
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Current Bandwidth",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": true,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 0,
+ "y": 1
+ },
+ "id": 3,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "sort": "current",
+ "sortDesc": true,
+ "total": false,
+ "values": true
+ },
+ "lines": false,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "minSpan": 24,
+ "nullPointMode": "null",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 24,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}namespace{{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Current Rate of Bytes Received",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "series",
+ "name": null,
+ "show": false,
+ "values": [
+ "current"
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": true,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 12,
+ "y": 1
+ },
+ "id": 4,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "sort": "current",
+ "sortDesc": true,
+ "total": false,
+ "values": true
+ },
+ "lines": false,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "minSpan": 24,
+ "nullPointMode": "null",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 24,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}namespace{{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Current Rate of Bytes Transmitted",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "series",
+ "name": null,
+ "show": false,
+ "values": [
+ "current"
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "columns": [
+ {
+ "text": "Time",
+ "value": "Time"
+ },
+ {
+ "text": "Value #A",
+ "value": "Value #A"
+ },
+ {
+ "text": "Value #B",
+ "value": "Value #B"
+ },
+ {
+ "text": "Value #C",
+ "value": "Value #C"
+ },
+ {
+ "text": "Value #D",
+ "value": "Value #D"
+ },
+ {
+ "text": "Value #E",
+ "value": "Value #E"
+ },
+ {
+ "text": "Value #F",
+ "value": "Value #F"
+ },
+ {
+ "text": "Value #G",
+ "value": "Value #G"
+ },
+ {
+ "text": "Value #H",
+ "value": "Value #H"
+ },
+ {
+ "text": "namespace",
+ "value": "namespace"
+ }
+ ],
+ "datasource": "$datasource",
+ "fill": 1,
+ "fontSize": "90%",
+ "gridPos": {
+ "h": 9,
+ "w": 24,
+ "x": 0,
+ "y": 10
+ },
+ "id": 5,
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "minSpan": 24,
+ "nullPointMode": "null as zero",
+ "renderer": "flot",
+ "scroll": true,
+ "showHeader": true,
+ "sort": {
+ "col": 0,
+ "desc": false
+ },
+ "spaceLength": 10,
+ "span": 24,
+ "styles": [
+ {
+ "alias": "Time",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Time",
+ "thresholds": [
+
+ ],
+ "type": "hidden",
+ "unit": "short"
+ },
+ {
+ "alias": "Current Bandwidth Received",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #A",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "Bps"
+ },
+ {
+ "alias": "Current Bandwidth Transmitted",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #B",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "Bps"
+ },
+ {
+ "alias": "Average Bandwidth Received",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #C",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "Bps"
+ },
+ {
+ "alias": "Average Bandwidth Transmitted",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #D",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "Bps"
+ },
+ {
+ "alias": "Rate of Received Packets",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #E",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "pps"
+ },
+ {
+ "alias": "Rate of Transmitted Packets",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #F",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "pps"
+ },
+ {
+ "alias": "Rate of Received Packets Dropped",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #G",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "pps"
+ },
+ {
+ "alias": "Rate of Transmitted Packets Dropped",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #H",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "pps"
+ },
+ {
+ "alias": "Namespace",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": true,
+ "linkTooltip": "Drill down",
+ "linkUrl": "d/8b7a8b326d7a6f1f04244066368c67af/kubernetes-networking-namespace-pods?orgId=1&refresh=30s&var-namespace=$__cell",
+ "pattern": "namespace",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ }
+ ],
+ "targets": [
+ {
+ "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 10
+ },
+ {
+ "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "B",
+ "step": 10
+ },
+ {
+ "expr": "sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "C",
+ "step": 10
+ },
+ {
+ "expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "D",
+ "step": 10
+ },
+ {
+ "expr": "sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "E",
+ "step": 10
+ },
+ {
+ "expr": "sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "F",
+ "step": 10
+ },
+ {
+ "expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "G",
+ "step": 10
+ },
+ {
+ "expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "H",
+ "step": 10
+ }
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Current Status",
+ "type": "table"
+ },
+ {
+ "collapse": true,
+ "collapsed": true,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 10
+ },
+ "id": 6,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": true,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 0,
+ "y": 11
+ },
+ "id": 7,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "sort": "current",
+ "sortDesc": true,
+ "total": false,
+ "values": true
+ },
+ "lines": false,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "minSpan": 24,
+ "nullPointMode": "null",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 24,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}namespace{{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Average Rate of Bytes Received",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "series",
+ "name": null,
+ "show": false,
+ "values": [
+ "current"
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": true,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 12,
+ "y": 11
+ },
+ "id": 8,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "sort": "current",
+ "sortDesc": true,
+ "total": false,
+ "values": true
+ },
+ "lines": false,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "minSpan": 24,
+ "nullPointMode": "null",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 24,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}namespace{{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Average Rate of Bytes Transmitted",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "series",
+ "name": null,
+ "show": false,
+ "values": [
+ "current"
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Average Bandwidth",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 11
+ },
+ "id": 9,
+ "panels": [
+
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Bandwidth History",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 9,
+ "w": 24,
+ "x": 0,
+ "y": 12
+ },
+ "id": 10,
+ "legend": {
+ "alignAsTable": true,
+ "avg": true,
+ "current": true,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": true,
+ "min": true,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [
+
+ ],
+ "minSpan": 24,
+ "nullPointMode": "connected",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 24,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}namespace{{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Receive Bandwidth",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 9,
+ "w": 24,
+ "x": 0,
+ "y": 21
+ },
+ "id": 11,
+ "legend": {
+ "alignAsTable": true,
+ "avg": true,
+ "current": true,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": true,
+ "min": true,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [
+
+ ],
+ "minSpan": 24,
+ "nullPointMode": "connected",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 24,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}namespace{{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Transmit Bandwidth",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "collapse": true,
+ "collapsed": true,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 30
+ },
+ "id": 12,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 9,
+ "w": 24,
+ "x": 0,
+ "y": 31
+ },
+ "id": 13,
+ "legend": {
+ "alignAsTable": true,
+ "avg": true,
+ "current": true,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": true,
+ "min": true,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [
+
+ ],
+ "minSpan": 24,
+ "nullPointMode": "connected",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 24,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}namespace{{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Received Packets",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 9,
+ "w": 24,
+ "x": 0,
+ "y": 40
+ },
+ "id": 14,
+ "legend": {
+ "alignAsTable": true,
+ "avg": true,
+ "current": true,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": true,
+ "min": true,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [
+
+ ],
+ "minSpan": 24,
+ "nullPointMode": "connected",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 24,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}namespace{{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Transmitted Packets",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Packets",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": true,
+ "collapsed": true,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 31
+ },
+ "id": 15,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 9,
+ "w": 24,
+ "x": 0,
+ "y": 50
+ },
+ "id": 16,
+ "legend": {
+ "alignAsTable": true,
+ "avg": true,
+ "current": true,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": true,
+ "min": true,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [
+
+ ],
+ "minSpan": 24,
+ "nullPointMode": "connected",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 24,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}namespace{{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Received Packets Dropped",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 9,
+ "w": 24,
+ "x": 0,
+ "y": 59
+ },
+ "id": 17,
+ "legend": {
+ "alignAsTable": true,
+ "avg": true,
+ "current": true,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": true,
+ "min": true,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [
+
+ ],
+ "minSpan": 24,
+ "nullPointMode": "connected",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 24,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}namespace{{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Transmitted Packets Dropped",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 9,
+ "w": 24,
+ "x": 0,
+ "y": 59
+ },
+ "id": 18,
+ "legend": {
+ "alignAsTable": true,
+ "avg": true,
+ "current": true,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": true,
+ "min": true,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [
+ {
+ "targetBlank": true,
+ "title": "What is TCP Retransmit?",
+ "url": "https://accedian.com/enterprises/blog/network-packet-loss-retransmissions-and-duplicate-acknowledgements/"
+ }
+ ],
+ "minSpan": 24,
+ "nullPointMode": "connected",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 24,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sort_desc(sum(rate(node_netstat_Tcp_RetransSegs{cluster=\"$cluster\"}[$interval:$resolution]) / rate(node_netstat_Tcp_OutSegs{cluster=\"$cluster\"}[$interval:$resolution])) by (instance))",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}instance{{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of TCP Retransmits out of all sent segments",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 9,
+ "w": 24,
+ "x": 0,
+ "y": 59
+ },
+ "id": 19,
+ "legend": {
+ "alignAsTable": true,
+ "avg": true,
+ "current": true,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": true,
+ "min": true,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [
+ {
+ "targetBlank": true,
+ "title": "Why monitor SYN retransmits?",
+ "url": "https://github.com/prometheus/node_exporter/issues/1023#issuecomment-408128365"
+ }
+ ],
+ "minSpan": 24,
+ "nullPointMode": "connected",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 24,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sort_desc(sum(rate(node_netstat_TcpExt_TCPSynRetrans{cluster=\"$cluster\"}[$interval:$resolution]) / rate(node_netstat_Tcp_RetransSegs{cluster=\"$cluster\"}[$interval:$resolution])) by (instance))",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}instance{{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of TCP SYN Retransmits out of all retransmits",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Errors",
+ "titleSize": "h6",
+ "type": "row"
+ }
+ ],
+ "refresh": "10s",
+ "rows": [
+
+ ],
+ "schemaVersion": 18,
+ "style": "dark",
+ "tags": [
+ "kubernetes-mixin"
+ ],
+ "templating": {
+ "list": [
+ {
+ "allValue": null,
+ "auto": false,
+ "auto_count": 30,
+ "auto_min": "10s",
+ "current": {
+ "text": "5m",
+ "value": "5m"
+ },
+ "datasource": "$datasource",
+ "hide": 0,
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "resolution",
+ "options": [
+ {
+ "selected": false,
+ "text": "30s",
+ "value": "30s"
+ },
+ {
+ "selected": true,
+ "text": "5m",
+ "value": "5m"
+ },
+ {
+ "selected": false,
+ "text": "1h",
+ "value": "1h"
+ }
+ ],
+ "query": "30s,5m,1h",
+ "refresh": 2,
+ "regex": "",
+ "skipUrlSync": false,
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "interval",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "auto": false,
+ "auto_count": 30,
+ "auto_min": "10s",
+ "current": {
+ "text": "5m",
+ "value": "5m"
+ },
+ "datasource": "$datasource",
+ "hide": 2,
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "interval",
+ "options": [
+ {
+ "selected": true,
+ "text": "4h",
+ "value": "4h"
+ }
+ ],
+ "query": "4h",
+ "refresh": 2,
+ "regex": "",
+ "skipUrlSync": false,
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "interval",
+ "useTags": false
+ },
+ {
+ "current": {
+ "text": "default",
+ "value": "default"
+ },
+ "hide": 0,
+ "label": "Data Source",
+ "name": "datasource",
+ "options": [
+
+ ],
+ "query": "prometheus",
+ "refresh": 1,
+ "regex": "",
+ "type": "datasource"
+ },
+ {
+ "allValue": null,
+ "current": {
+
+ },
+ "datasource": "$datasource",
+ "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }},
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "cluster",
+ "options": [
+
+ ],
+ "query": "label_values(up{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\"}, cluster)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 0,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ }
+ ]
+ },
+ "time": {
+ "from": "now-1h",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}",
+ "title": "Kubernetes / Networking / Cluster",
+ "uid": "ff635a025bcfea7bc3dd4f508990a3e9",
+ "version": 0
+ }
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/controller-manager.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/controller-manager.yaml
new file mode 100644
index 0000000..5d687e8
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/controller-manager.yaml
@@ -0,0 +1,1190 @@
+{{- /*
+Generated from 'controller-manager' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.kubeControllerManager.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }}
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "controller-manager" | trunc 63 | trimSuffix "-" }}
+ annotations:
+{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
+ labels:
+ {{- if $.Values.grafana.sidecar.dashboards.label }}
+ {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }}
+ {{- end }}
+ app: {{ template "kube-prometheus-stack.name" $ }}-grafana
+{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
+data:
+ controller-manager.json: |-
+ {
+ "__inputs": [
+
+ ],
+ "__requires": [
+
+ ],
+ "annotations": {
+ "list": [
+
+ ]
+ },
+ "editable": false,
+ "gnetId": null,
+ "graphTooltip": 0,
+ "hideControls": false,
+ "id": null,
+ "links": [
+
+ ],
+ "refresh": "10s",
+ "rows": [
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": "$datasource",
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+
+ },
+ "id": 2,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "rightSide": true
+ },
+ "links": [
+
+ ],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "sum(up{cluster=\"$cluster\", job=\"kube-controller-manager\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A"
+ }
+ ],
+ "thresholds": "",
+ "title": "Up",
+ "tooltip": {
+ "shared": false
+ },
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "min"
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 3,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(workqueue_adds_total{cluster=\"$cluster\", job=\"kube-controller-manager\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, name)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Work Queue Add Rate",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": false,
+ "title": "Dashboard Row",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 4,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(workqueue_depth{cluster=\"$cluster\", job=\"kube-controller-manager\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, name)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Work Queue Depth",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": false,
+ "title": "Dashboard Row",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 5,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "histogram_quantile(0.99, sum(rate(workqueue_queue_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-controller-manager\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, name, le))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Work Queue Latency",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": false,
+ "title": "Dashboard Row",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 6,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 4,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(rest_client_requests_total{job=\"kube-controller-manager\", instance=~\"$instance\",code=~\"2..\"}[$__rate_interval]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "2xx",
+ "refId": "A"
+ },
+ {
+ "expr": "sum(rate(rest_client_requests_total{job=\"kube-controller-manager\", instance=~\"$instance\",code=~\"3..\"}[$__rate_interval]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "3xx",
+ "refId": "B"
+ },
+ {
+ "expr": "sum(rate(rest_client_requests_total{job=\"kube-controller-manager\", instance=~\"$instance\",code=~\"4..\"}[$__rate_interval]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "4xx",
+ "refId": "C"
+ },
+ {
+ "expr": "sum(rate(rest_client_requests_total{job=\"kube-controller-manager\", instance=~\"$instance\",code=~\"5..\"}[$__rate_interval]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "5xx",
+ "refId": "D"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Kube API Request Rate",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 7,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 8,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-controller-manager\", instance=~\"$instance\", verb=\"POST\"}[$__rate_interval])) by (verb, url, le))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Post Request Latency 99th Quantile",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": false,
+ "title": "Dashboard Row",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 8,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-controller-manager\", instance=~\"$instance\", verb=\"GET\"}[$__rate_interval])) by (verb, url, le))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Get Request Latency 99th Quantile",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": false,
+ "title": "Dashboard Row",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 9,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 4,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "process_resident_memory_bytes{cluster=\"$cluster\", job=\"kube-controller-manager\",instance=~\"$instance\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Memory",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "bytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "bytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 10,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 4,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "rate(process_cpu_seconds_total{cluster=\"$cluster\", job=\"kube-controller-manager\",instance=~\"$instance\"}[$__rate_interval])",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "CPU usage",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 11,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 4,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "go_goroutines{cluster=\"$cluster\", job=\"kube-controller-manager\",instance=~\"$instance\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Goroutines",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": false,
+ "title": "Dashboard Row",
+ "titleSize": "h6",
+ "type": "row"
+ }
+ ],
+ "schemaVersion": 14,
+ "style": "dark",
+ "tags": [
+ "kubernetes-mixin"
+ ],
+ "templating": {
+ "list": [
+ {
+ "current": {
+ "text": "default",
+ "value": "default"
+ },
+ "hide": 0,
+ "label": "Data Source",
+ "name": "datasource",
+ "options": [
+
+ ],
+ "query": "prometheus",
+ "refresh": 1,
+ "regex": "",
+ "type": "datasource"
+ },
+ {
+ "allValue": null,
+ "current": {
+
+ },
+ "datasource": "$datasource",
+ "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }},
+ "includeAll": false,
+ "label": "cluster",
+ "multi": false,
+ "name": "cluster",
+ "options": [
+
+ ],
+ "query": "label_values(up{job=\"kube-controller-manager\"}, cluster)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "current": {
+
+ },
+ "datasource": "$datasource",
+ "hide": 0,
+ "includeAll": true,
+ "label": null,
+ "multi": false,
+ "name": "instance",
+ "options": [
+
+ ],
+ "query": "label_values(up{cluster=\"$cluster\", job=\"kube-controller-manager\"}, instance)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ }
+ ]
+ },
+ "time": {
+ "from": "now-1h",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}",
+ "title": "Kubernetes / Controller Manager",
+ "uid": "72e0e05bef5099e5f049b05fdc429ed4",
+ "version": 0
+ }
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/etcd.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/etcd.yaml
new file mode 100644
index 0000000..aeda533
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/etcd.yaml
@@ -0,0 +1,1227 @@
+{{- /*
+Generated from 'etcd' from https://raw.githubusercontent.com/etcd-io/etcd/main/contrib/mixin/mixin.libsonnet
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.kubeEtcd.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }}
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "etcd" | trunc 63 | trimSuffix "-" }}
+ annotations:
+{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
+ labels:
+ {{- if $.Values.grafana.sidecar.dashboards.label }}
+ {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }}
+ {{- end }}
+ app: {{ template "kube-prometheus-stack.name" $ }}-grafana
+{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
+data:
+ etcd.json: |-
+ {
+ "annotations": {
+ "list": []
+ },
+ "description": "etcd sample Grafana dashboard with Prometheus",
+ "editable": true,
+ "gnetId": null,
+ "hideControls": false,
+ "links": [],
+ "refresh": "10s",
+ "rows": [
+ {
+ "collapse": false,
+ "editable": true,
+ "height": "250px",
+ "panels": [
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "datasource": "$datasource",
+ "editable": true,
+ "error": false,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "id": 28,
+ "interval": null,
+ "isNew": true,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 3,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "targets": [
+ {
+ "expr": "sum(etcd_server_has_leader{job=\"$cluster\"})",
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "metric": "etcd_server_has_leader",
+ "refId": "A",
+ "step": 20
+ }
+ ],
+ "thresholds": "",
+ "title": "Up",
+ "type": "singlestat",
+ "valueFontSize": "200%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "avg"
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "datasource": "$datasource",
+ "editable": true,
+ "error": false,
+ "fill": 0,
+ "id": 23,
+ "isNew": true,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": false,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "connected",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "span": 5,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(grpc_server_started_total{job=\"$cluster\",grpc_type=\"unary\"}[$__rate_interval]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "RPC Rate",
+ "metric": "grpc_server_started_total",
+ "refId": "A",
+ "step": 2
+ },
+ {
+ "expr": "sum(rate(grpc_server_handled_total{job=\"$cluster\",grpc_type=\"unary\",grpc_code=~\"Unknown|FailedPrecondition|ResourceExhausted|Internal|Unavailable|DataLoss|DeadlineExceeded\"}[$__rate_interval]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "RPC Failed Rate",
+ "metric": "grpc_server_handled_total",
+ "refId": "B",
+ "step": 2
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "RPC Rate",
+ "tooltip": {
+ "msResolution": false,
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "datasource": "$datasource",
+ "editable": true,
+ "error": false,
+ "fill": 0,
+ "id": 41,
+ "isNew": true,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": false,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "connected",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "span": 4,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(grpc_server_started_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"}) - sum(grpc_server_handled_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"})",
+ "intervalFactor": 2,
+ "legendFormat": "Watch Streams",
+ "metric": "grpc_server_handled_total",
+ "refId": "A",
+ "step": 4
+ },
+ {
+ "expr": "sum(grpc_server_started_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"}) - sum(grpc_server_handled_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"})",
+ "intervalFactor": 2,
+ "legendFormat": "Lease Streams",
+ "metric": "grpc_server_handled_total",
+ "refId": "B",
+ "step": 4
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Active Streams",
+ "tooltip": {
+ "msResolution": false,
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": "",
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "showTitle": false,
+ "title": "Row"
+ },
+ {
+ "collapse": false,
+ "editable": true,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {},
+ "bars": false,
+ "datasource": "$datasource",
+ "decimals": null,
+ "editable": true,
+ "error": false,
+ "fill": 0,
+ "grid": {},
+ "id": 1,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": false,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "connected",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "span": 4,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "etcd_mvcc_db_total_size_in_bytes{job=\"$cluster\"}",
+ "hide": false,
+ "interval": "",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} DB Size",
+ "metric": "",
+ "refId": "A",
+ "step": 4
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "DB Size",
+ "tooltip": {
+ "msResolution": false,
+ "shared": true,
+ "sort": 0,
+ "value_type": "cumulative"
+ },
+ "type": "graph",
+ "xaxis": {
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "bytes",
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "datasource": "$datasource",
+ "editable": true,
+ "error": false,
+ "fill": 0,
+ "grid": {},
+ "id": 3,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": false,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "connected",
+ "percentage": false,
+ "pointradius": 1,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "span": 4,
+ "stack": false,
+ "steppedLine": true,
+ "targets": [
+ {
+ "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_wal_fsync_duration_seconds_bucket{job=\"$cluster\"}[$__rate_interval])) by (instance, le))",
+ "hide": false,
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} WAL fsync",
+ "metric": "etcd_disk_wal_fsync_duration_seconds_bucket",
+ "refId": "A",
+ "step": 4
+ },
+ {
+ "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_backend_commit_duration_seconds_bucket{job=\"$cluster\"}[$__rate_interval])) by (instance, le))",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} DB fsync",
+ "metric": "etcd_disk_backend_commit_duration_seconds_bucket",
+ "refId": "B",
+ "step": 4
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Disk Sync Duration",
+ "tooltip": {
+ "msResolution": false,
+ "shared": true,
+ "sort": 0,
+ "value_type": "cumulative"
+ },
+ "type": "graph",
+ "xaxis": {
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "s",
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "datasource": "$datasource",
+ "editable": true,
+ "error": false,
+ "fill": 0,
+ "id": 29,
+ "isNew": true,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": false,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "connected",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "span": 4,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "process_resident_memory_bytes{job=\"$cluster\"}",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} Resident Memory",
+ "metric": "process_resident_memory_bytes",
+ "refId": "A",
+ "step": 4
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Memory",
+ "tooltip": {
+ "msResolution": false,
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "bytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "title": "New row"
+ },
+ {
+ "collapse": false,
+ "editable": true,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {},
+ "bars": false,
+ "datasource": "$datasource",
+ "editable": true,
+ "error": false,
+ "fill": 5,
+ "id": 22,
+ "isNew": true,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": false,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "connected",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "span": 3,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "rate(etcd_network_client_grpc_received_bytes_total{job=\"$cluster\"}[$__rate_interval])",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} Client Traffic In",
+ "metric": "etcd_network_client_grpc_received_bytes_total",
+ "refId": "A",
+ "step": 4
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Client Traffic In",
+ "tooltip": {
+ "msResolution": false,
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "datasource": "$datasource",
+ "editable": true,
+ "error": false,
+ "fill": 5,
+ "id": 21,
+ "isNew": true,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": false,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "connected",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "span": 3,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "rate(etcd_network_client_grpc_sent_bytes_total{job=\"$cluster\"}[$__rate_interval])",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} Client Traffic Out",
+ "metric": "etcd_network_client_grpc_sent_bytes_total",
+ "refId": "A",
+ "step": 4
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Client Traffic Out",
+ "tooltip": {
+ "msResolution": false,
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "datasource": "$datasource",
+ "editable": true,
+ "error": false,
+ "fill": 0,
+ "id": 20,
+ "isNew": true,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": false,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "connected",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "span": 3,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(etcd_network_peer_received_bytes_total{job=\"$cluster\"}[$__rate_interval])) by (instance)",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} Peer Traffic In",
+ "metric": "etcd_network_peer_received_bytes_total",
+ "refId": "A",
+ "step": 4
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Peer Traffic In",
+ "tooltip": {
+ "msResolution": false,
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "datasource": "$datasource",
+ "decimals": null,
+ "editable": true,
+ "error": false,
+ "fill": 0,
+ "grid": {},
+ "id": 16,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": false,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "connected",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "span": 3,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(etcd_network_peer_sent_bytes_total{job=\"$cluster\"}[$__rate_interval])) by (instance)",
+ "hide": false,
+ "interval": "",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} Peer Traffic Out",
+ "metric": "etcd_network_peer_sent_bytes_total",
+ "refId": "A",
+ "step": 4
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Peer Traffic Out",
+ "tooltip": {
+ "msResolution": false,
+ "shared": true,
+ "sort": 0,
+ "value_type": "cumulative"
+ },
+ "type": "graph",
+ "xaxis": {
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "title": "New row"
+ },
+ {
+ "collapse": false,
+ "editable": true,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {},
+ "bars": false,
+ "datasource": "$datasource",
+ "editable": true,
+ "error": false,
+ "fill": 0,
+ "id": 40,
+ "isNew": true,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": false,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "connected",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "span": 6,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(etcd_server_proposals_failed_total{job=\"$cluster\"}[$__rate_interval]))",
+ "intervalFactor": 2,
+ "legendFormat": "Proposal Failure Rate",
+ "metric": "etcd_server_proposals_failed_total",
+ "refId": "A",
+ "step": 2
+ },
+ {
+ "expr": "sum(etcd_server_proposals_pending{job=\"$cluster\"})",
+ "intervalFactor": 2,
+ "legendFormat": "Proposal Pending Total",
+ "metric": "etcd_server_proposals_pending",
+ "refId": "B",
+ "step": 2
+ },
+ {
+ "expr": "sum(rate(etcd_server_proposals_committed_total{job=\"$cluster\"}[$__rate_interval]))",
+ "intervalFactor": 2,
+ "legendFormat": "Proposal Commit Rate",
+ "metric": "etcd_server_proposals_committed_total",
+ "refId": "C",
+ "step": 2
+ },
+ {
+ "expr": "sum(rate(etcd_server_proposals_applied_total{job=\"$cluster\"}[$__rate_interval]))",
+ "intervalFactor": 2,
+ "legendFormat": "Proposal Apply Rate",
+ "refId": "D",
+ "step": 2
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Raft Proposals",
+ "tooltip": {
+ "msResolution": false,
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": "",
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "datasource": "$datasource",
+ "decimals": 0,
+ "editable": true,
+ "error": false,
+ "fill": 0,
+ "id": 19,
+ "isNew": true,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": false,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "connected",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "span": 6,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "changes(etcd_server_leader_changes_seen_total{job=\"$cluster\"}[1d])",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} Total Leader Elections Per Day",
+ "metric": "etcd_server_leader_changes_seen_total",
+ "refId": "A",
+ "step": 2
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Total Leader Elections Per Day",
+ "tooltip": {
+ "msResolution": false,
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "decimals": 0,
+ "editable": true,
+ "error": false,
+ "fieldConfig": {
+ "defaults": {
+ "custom": {}
+ },
+ "overrides": []
+ },
+ "fill": 0,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 7,
+ "w": 12,
+ "x": 0,
+ "y": 28
+ },
+ "hiddenSeries": false,
+ "id": 42,
+ "isNew": true,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": false,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "alertThreshold": true
+ },
+ "percentage": false,
+ "pluginVersion": "7.4.3",
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "histogram_quantile(0.99, sum by (instance, le) (rate(etcd_network_peer_round_trip_time_seconds_bucket{job=\"$cluster\"}[$__rate_interval])))",
+ "interval": "",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} Peer round trip time",
+ "metric": "etcd_network_peer_round_trip_time_seconds_bucket",
+ "refId": "A",
+ "step": 2
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "Peer round trip time",
+ "tooltip": {
+ "msResolution": false,
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "$$hashKey": "object:925",
+ "decimals": null,
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "$$hashKey": "object:926",
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ }
+ ],
+ "title": "New row"
+ }
+ ],
+ "schemaVersion": 13,
+ "sharedCrosshair": false,
+ "style": "dark",
+ "tags": [
+ "etcd-mixin"
+ ],
+ "templating": {
+ "list": [
+ {
+ "current": {
+ "text": "Prometheus",
+ "value": "Prometheus"
+ },
+ "hide": 0,
+ "label": "Data Source",
+ "name": "datasource",
+ "options": [],
+ "query": "prometheus",
+ "refresh": 1,
+ "regex": "",
+ "type": "datasource"
+ },
+ {
+ "allValue": null,
+ "current": {
+ "text": "prod",
+ "value": "prod"
+ },
+ "datasource": "$datasource",
+ "hide": {{ if (or .Values.grafana.sidecar.dashboards.multicluster.global.enabled .Values.grafana.sidecar.dashboards.multicluster.etcd.enabled) }}0{{ else }}2{{ end }},
+ "includeAll": false,
+ "label": "cluster",
+ "multi": false,
+ "name": "cluster",
+ "options": [],
+ "query": "label_values(etcd_server_has_leader, job)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 2,
+ "tagValuesQuery": "",
+ "tags": [],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ }
+ ]
+ },
+ "time": {
+ "from": "now-15m",
+ "to": "now"
+ },
+ "timepicker": {
+ "now": true,
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}",
+ "title": "etcd",
+ "uid": "c2f4e12cdf69feb95caa41a5a1b423d9",
+ "version": 215
+ }
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/grafana-overview.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/grafana-overview.yaml
new file mode 100644
index 0000000..decbf0b
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/grafana-overview.yaml
@@ -0,0 +1,636 @@
+{{- /*
+Generated from 'grafana-overview' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }}
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "grafana-overview" | trunc 63 | trimSuffix "-" }}
+ annotations:
+{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
+ labels:
+ {{- if $.Values.grafana.sidecar.dashboards.label }}
+ {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }}
+ {{- end }}
+ app: {{ template "kube-prometheus-stack.name" $ }}-grafana
+{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
+data:
+ grafana-overview.json: |-
+ {
+ "annotations": {
+ "list": [
+ {
+ "builtIn": 1,
+ "datasource": "-- Grafana --",
+ "enable": true,
+ "hide": true,
+ "iconColor": "rgba(0, 211, 255, 1)",
+ "name": "Annotations & Alerts",
+ "target": {
+ "limit": 100,
+ "matchAny": false,
+ "tags": [
+
+ ],
+ "type": "dashboard"
+ },
+ "type": "dashboard"
+ }
+ ]
+ },
+ "editable": true,
+ "gnetId": null,
+ "graphTooltip": 0,
+ "id": 3085,
+ "iteration": 1631554945276,
+ "links": [
+
+ ],
+ "panels": [
+ {
+ "datasource": "$datasource",
+ "fieldConfig": {
+ "defaults": {
+ "mappings": [
+
+ ],
+ "noValue": "0",
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "red",
+ "value": 80
+ }
+ ]
+ }
+ },
+ "overrides": [
+
+ ]
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 6,
+ "x": 0,
+ "y": 0
+ },
+ "id": 6,
+ "options": {
+ "colorMode": "value",
+ "graphMode": "area",
+ "justifyMode": "auto",
+ "orientation": "auto",
+ "reduceOptions": {
+ "calcs": [
+ "mean"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "text": {
+
+ },
+ "textMode": "auto"
+ },
+ "pluginVersion": "8.1.3",
+ "targets": [
+ {
+ "expr": "grafana_alerting_result_total{job=~\"$job\", instance=~\"$instance\", state=\"alerting\"}",
+ "instant": true,
+ "interval": "",
+ "legendFormat": "",
+ "refId": "A"
+ }
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Firing Alerts",
+ "type": "stat"
+ },
+ {
+ "datasource": "$datasource",
+ "fieldConfig": {
+ "defaults": {
+ "mappings": [
+
+ ],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "red",
+ "value": 80
+ }
+ ]
+ }
+ },
+ "overrides": [
+
+ ]
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 6,
+ "x": 6,
+ "y": 0
+ },
+ "id": 8,
+ "options": {
+ "colorMode": "value",
+ "graphMode": "area",
+ "justifyMode": "auto",
+ "orientation": "auto",
+ "reduceOptions": {
+ "calcs": [
+ "mean"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "text": {
+
+ },
+ "textMode": "auto"
+ },
+ "pluginVersion": "8.1.3",
+ "targets": [
+ {
+ "expr": "sum(grafana_stat_totals_dashboard{job=~\"$job\", instance=~\"$instance\"})",
+ "interval": "",
+ "legendFormat": "",
+ "refId": "A"
+ }
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Dashboards",
+ "type": "stat"
+ },
+ {
+ "datasource": "$datasource",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {
+ "align": null,
+ "displayMode": "auto"
+ },
+ "mappings": [
+
+ ],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "red",
+ "value": 80
+ }
+ ]
+ }
+ },
+ "overrides": [
+
+ ]
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 12,
+ "x": 12,
+ "y": 0
+ },
+ "id": 10,
+ "options": {
+ "showHeader": true
+ },
+ "pluginVersion": "8.1.3",
+ "targets": [
+ {
+ "expr": "grafana_build_info{job=~\"$job\", instance=~\"$instance\"}",
+ "instant": true,
+ "interval": "",
+ "legendFormat": "",
+ "refId": "A"
+ }
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Build Info",
+ "transformations": [
+ {
+ "id": "labelsToFields",
+ "options": {
+
+ }
+ },
+ {
+ "id": "organize",
+ "options": {
+ "excludeByName": {
+ "Time": true,
+ "Value": true,
+ "branch": true,
+ "container": true,
+ "goversion": true,
+ "namespace": true,
+ "pod": true,
+ "revision": true
+ },
+ "indexByName": {
+ "Time": 7,
+ "Value": 11,
+ "branch": 4,
+ "container": 8,
+ "edition": 2,
+ "goversion": 6,
+ "instance": 1,
+ "job": 0,
+ "namespace": 9,
+ "pod": 10,
+ "revision": 5,
+ "version": 3
+ },
+ "renameByName": {
+
+ }
+ }
+ }
+ ],
+ "type": "table"
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fieldConfig": {
+ "defaults": {
+ "links": [
+
+ ]
+ },
+ "overrides": [
+
+ ]
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 8,
+ "w": 12,
+ "x": 0,
+ "y": 5
+ },
+ "hiddenSeries": false,
+ "id": 2,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "nullPointMode": "null",
+ "options": {
+ "alertThreshold": true
+ },
+ "percentage": false,
+ "pluginVersion": "8.1.3",
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum by (status_code) (irate(grafana_http_request_duration_seconds_count{job=~\"$job\", instance=~\"$instance\"}[1m])) ",
+ "interval": "",
+ "legendFormat": "{{`{{`}}status_code{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeRegions": [
+
+ ],
+ "timeShift": null,
+ "title": "RPS",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "$$hashKey": "object:157",
+ "format": "reqps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "$$hashKey": "object:158",
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fieldConfig": {
+ "defaults": {
+ "links": [
+
+ ]
+ },
+ "overrides": [
+
+ ]
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 8,
+ "w": 12,
+ "x": 12,
+ "y": 5
+ },
+ "hiddenSeries": false,
+ "id": 4,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "nullPointMode": "null",
+ "options": {
+ "alertThreshold": true
+ },
+ "percentage": false,
+ "pluginVersion": "8.1.3",
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "exemplar": true,
+ "expr": "histogram_quantile(0.99, sum(irate(grafana_http_request_duration_seconds_bucket{instance=~\"$instance\", job=~\"$job\"}[$__rate_interval])) by (le)) * 1",
+ "interval": "",
+ "legendFormat": "99th Percentile",
+ "refId": "A"
+ },
+ {
+ "exemplar": true,
+ "expr": "histogram_quantile(0.50, sum(irate(grafana_http_request_duration_seconds_bucket{instance=~\"$instance\", job=~\"$job\"}[$__rate_interval])) by (le)) * 1",
+ "interval": "",
+ "legendFormat": "50th Percentile",
+ "refId": "B"
+ },
+ {
+ "exemplar": true,
+ "expr": "sum(irate(grafana_http_request_duration_seconds_sum{instance=~\"$instance\", job=~\"$job\"}[$__rate_interval])) * 1 / sum(irate(grafana_http_request_duration_seconds_count{instance=~\"$instance\", job=~\"$job\"}[$__rate_interval]))",
+ "interval": "",
+ "legendFormat": "Average",
+ "refId": "C"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeRegions": [
+
+ ],
+ "timeShift": null,
+ "title": "Request Latency",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "$$hashKey": "object:210",
+ "format": "ms",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "$$hashKey": "object:211",
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ }
+ ],
+ "schemaVersion": 30,
+ "style": "dark",
+ "tags": [
+
+ ],
+ "templating": {
+ "list": [
+ {
+ "current": {
+ "selected": true,
+ "text": "dev-cortex",
+ "value": "dev-cortex"
+ },
+ "description": null,
+ "error": null,
+ "hide": 0,
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "datasource",
+ "options": [
+
+ ],
+ "query": "prometheus",
+ "queryValue": "",
+ "refresh": 1,
+ "regex": "",
+ "skipUrlSync": false,
+ "type": "datasource"
+ },
+ {
+ "allValue": ".*",
+ "current": {
+ "selected": false,
+ "text": [
+ "default/grafana"
+ ],
+ "value": [
+ "default/grafana"
+ ]
+ },
+ "datasource": "$datasource",
+ "definition": "label_values(grafana_build_info, job)",
+ "description": null,
+ "error": null,
+ "hide": 0,
+ "includeAll": true,
+ "label": null,
+ "multi": true,
+ "name": "job",
+ "options": [
+
+ ],
+ "query": {
+ "query": "label_values(grafana_build_info, job)",
+ "refId": "Billing Admin-job-Variable-Query"
+ },
+ "refresh": 1,
+ "regex": "",
+ "skipUrlSync": false,
+ "sort": 0,
+ "tagValuesQuery": "",
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": ".*",
+ "current": {
+ "selected": false,
+ "text": "All",
+ "value": "$__all"
+ },
+ "datasource": "$datasource",
+ "definition": "label_values(grafana_build_info, instance)",
+ "description": null,
+ "error": null,
+ "hide": 0,
+ "includeAll": true,
+ "label": null,
+ "multi": true,
+ "name": "instance",
+ "options": [
+
+ ],
+ "query": {
+ "query": "label_values(grafana_build_info, instance)",
+ "refId": "Billing Admin-instance-Variable-Query"
+ },
+ "refresh": 1,
+ "regex": "",
+ "skipUrlSync": false,
+ "sort": 0,
+ "tagValuesQuery": "",
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ }
+ ]
+ },
+ "time": {
+ "from": "now-6h",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ]
+ },
+ "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}",
+ "title": "Grafana Overview",
+ "uid": "6be0s85Mk",
+ "version": 2
+ }
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-coredns.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-coredns.yaml
new file mode 100644
index 0000000..4a1846c
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-coredns.yaml
@@ -0,0 +1,1531 @@
+{{- /* Added manually, can be changed in-place. */ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.coreDns.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }}
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-coredns" | trunc 63 | trimSuffix "-" }}
+ annotations:
+{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
+ labels:
+ {{- if $.Values.grafana.sidecar.dashboards.label }}
+ {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }}
+ {{- end }}
+ app: {{ template "kube-prometheus-stack.name" $ }}-grafana
+{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
+data:
+ k8s-coredns.json: |-
+ {
+ "annotations": {
+ "list": [
+ {
+ "builtIn": 1,
+ "datasource": "-- Grafana --",
+ "enable": true,
+ "hide": true,
+ "iconColor": "rgba(0, 211, 255, 1)",
+ "name": "Annotations & Alerts",
+ "type": "dashboard"
+ }
+ ]
+ },
+ "description": "A dashboard for the CoreDNS DNS server with updated metrics for version 1.7.0+. Based on the CoreDNS dashboard by buhay.",
+ "editable": true,
+ "gnetId": 12539,
+ "graphTooltip": 0,
+ "iteration": 1603798405693,
+ "links": [
+ {
+ "icon": "external link",
+ "tags": [],
+ "targetBlank": true,
+ "title": "CoreDNS.io",
+ "type": "link",
+ "url": "https://coredns.io"
+ }
+ ],
+ "panels": [
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "editable": true,
+ "error": false,
+ "fieldConfig": {
+ "defaults": {
+ "custom": {},
+ "links": [],
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "red",
+ "value": 80
+ }
+ ]
+ }
+ },
+ "overrides": []
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "grid": {},
+ "gridPos": {
+ "h": 7,
+ "w": 8,
+ "x": 0,
+ "y": 0
+ },
+ "hiddenSeries": false,
+ "id": 2,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "alertThreshold": true
+ },
+ "percentage": false,
+ "pluginVersion": "7.2.0",
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+ {
+ "alias": "total",
+ "yaxis": 2
+ }
+ ],
+ "spaceLength": 10,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(coredns_dns_request_count_total{job=\"coredns\",instance=~\"$instance\"}[5m])) by (proto) or\nsum(rate(coredns_dns_requests_total{job=\"coredns\",instance=~\"$instance\"}[5m])) by (proto)",
+ "format": "time_series",
+ "interval": "",
+ "intervalFactor": 2,
+ "legendFormat": "{{"{{proto}}"}}",
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "Requests (total)",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "pps",
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "editable": true,
+ "error": false,
+ "fieldConfig": {
+ "defaults": {
+ "custom": {},
+ "links": []
+ },
+ "overrides": []
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "grid": {},
+ "gridPos": {
+ "h": 7,
+ "w": 8,
+ "x": 8,
+ "y": 0
+ },
+ "hiddenSeries": false,
+ "id": 4,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "alertThreshold": true
+ },
+ "percentage": false,
+ "pluginVersion": "7.2.0",
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+ {
+ "alias": "total",
+ "yaxis": 2
+ },
+ {
+ "alias": "other",
+ "yaxis": 2
+ }
+ ],
+ "spaceLength": 10,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(coredns_dns_request_type_count_total{job=\"coredns\",instance=~\"$instance\"}[5m])) by (type) or \nsum(rate(coredns_dns_requests_total{job=\"coredns\",instance=~\"$instance\"}[5m])) by (type)",
+ "interval": "",
+ "intervalFactor": 2,
+ "legendFormat": "{{"{{type}}"}}",
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "Requests (by qtype)",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "pps",
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "editable": true,
+ "error": false,
+ "fieldConfig": {
+ "defaults": {
+ "custom": {},
+ "links": []
+ },
+ "overrides": []
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "grid": {},
+ "gridPos": {
+ "h": 7,
+ "w": 8,
+ "x": 16,
+ "y": 0
+ },
+ "hiddenSeries": false,
+ "id": 6,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "alertThreshold": true
+ },
+ "percentage": false,
+ "pluginVersion": "7.2.0",
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+ {
+ "alias": "total",
+ "yaxis": 2
+ }
+ ],
+ "spaceLength": 10,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(coredns_dns_request_count_total{job=\"coredns\",instance=~\"$instance\"}[5m])) by (zone) or\nsum(rate(coredns_dns_requests_total{job=\"coredns\",instance=~\"$instance\"}[5m])) by (zone)",
+ "interval": "",
+ "intervalFactor": 2,
+ "legendFormat": "{{"{{zone}}"}}",
+ "refId": "A",
+ "step": 60
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "Requests (by zone)",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "pps",
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "editable": true,
+ "error": false,
+ "fieldConfig": {
+ "defaults": {
+ "custom": {},
+ "links": []
+ },
+ "overrides": []
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "grid": {},
+ "gridPos": {
+ "h": 7,
+ "w": 12,
+ "x": 0,
+ "y": 7
+ },
+ "hiddenSeries": false,
+ "id": 8,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "alertThreshold": true
+ },
+ "percentage": false,
+ "pluginVersion": "7.2.0",
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+ {
+ "alias": "total",
+ "yaxis": 2
+ }
+ ],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(coredns_dns_request_do_count_total{job=\"coredns\",instance=~\"$instance\"}[5m])) or\nsum(rate(coredns_dns_do_requests_total{job=\"coredns\",instance=~\"$instance\"}[5m]))",
+ "interval": "",
+ "intervalFactor": 2,
+ "legendFormat": "DO",
+ "refId": "A",
+ "step": 40
+ },
+ {
+ "expr": "sum(rate(coredns_dns_request_count_total{job=\"coredns\",instance=~\"$instance\"}[5m])) or\nsum(rate(coredns_dns_requests_total{job=\"coredns\",instance=~\"$instance\"}[5m]))",
+ "interval": "",
+ "intervalFactor": 2,
+ "legendFormat": "total",
+ "refId": "B",
+ "step": 40
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "Requests (DO bit)",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "cumulative"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "pps",
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "editable": true,
+ "error": false,
+ "fieldConfig": {
+ "defaults": {
+ "custom": {},
+ "links": []
+ },
+ "overrides": []
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "grid": {},
+ "gridPos": {
+ "h": 7,
+ "w": 6,
+ "x": 12,
+ "y": 7
+ },
+ "hiddenSeries": false,
+ "id": 10,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "alertThreshold": true
+ },
+ "percentage": false,
+ "pluginVersion": "7.2.0",
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+ {
+ "alias": "tcp:90",
+ "yaxis": 2
+ },
+ {
+ "alias": "tcp:99 ",
+ "yaxis": 2
+ },
+ {
+ "alias": "tcp:50",
+ "yaxis": 2
+ }
+ ],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "histogram_quantile(0.99, sum(rate(coredns_dns_request_size_bytes_bucket{job=\"coredns\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto))",
+ "interval": "",
+ "intervalFactor": 2,
+ "legendFormat": "{{"{{proto}}"}}:99 ",
+ "refId": "A",
+ "step": 60
+ },
+ {
+ "expr": "histogram_quantile(0.90, sum(rate(coredns_dns_request_size_bytes_bucket{job=\"coredns\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto))",
+ "intervalFactor": 2,
+ "legendFormat": "{{"{{proto}}"}}:90",
+ "refId": "B",
+ "step": 60
+ },
+ {
+ "expr": "histogram_quantile(0.50, sum(rate(coredns_dns_request_size_bytes_bucket{job=\"coredns\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto))",
+ "intervalFactor": 2,
+ "legendFormat": "{{"{{proto}}"}}:50",
+ "refId": "C",
+ "step": 60
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "Requests (size, udp)",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "cumulative"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "bytes",
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "editable": true,
+ "error": false,
+ "fieldConfig": {
+ "defaults": {
+ "custom": {},
+ "links": []
+ },
+ "overrides": []
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "grid": {},
+ "gridPos": {
+ "h": 7,
+ "w": 6,
+ "x": 18,
+ "y": 7
+ },
+ "hiddenSeries": false,
+ "id": 12,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "alertThreshold": true
+ },
+ "percentage": false,
+ "pluginVersion": "7.2.0",
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+ {
+ "alias": "tcp:90",
+ "yaxis": 1
+ },
+ {
+ "alias": "tcp:99 ",
+ "yaxis": 1
+ },
+ {
+ "alias": "tcp:50",
+ "yaxis": 1
+ }
+ ],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "histogram_quantile(0.99, sum(rate(coredns_dns_request_size_bytes_bucket{job=\"coredns\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto))",
+ "format": "time_series",
+ "interval": "",
+ "intervalFactor": 2,
+ "legendFormat": "{{"{{proto}}"}}:99 ",
+ "refId": "A",
+ "step": 60
+ },
+ {
+ "expr": "histogram_quantile(0.90, sum(rate(coredns_dns_request_size_bytes_bucket{job=\"coredns\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto))",
+ "format": "time_series",
+ "interval": "",
+ "intervalFactor": 2,
+ "legendFormat": "{{"{{proto}}"}}:90",
+ "refId": "B",
+ "step": 60
+ },
+ {
+ "expr": "histogram_quantile(0.50, sum(rate(coredns_dns_request_size_bytes_bucket{job=\"coredns\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto))",
+ "format": "time_series",
+ "interval": "",
+ "intervalFactor": 2,
+ "legendFormat": "{{"{{proto}}"}}:50",
+ "refId": "C",
+ "step": 60
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "Requests (size,tcp)",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "cumulative"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "bytes",
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "editable": true,
+ "error": false,
+ "fieldConfig": {
+ "defaults": {
+ "custom": {},
+ "links": []
+ },
+ "overrides": []
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "grid": {},
+ "gridPos": {
+ "h": 7,
+ "w": 12,
+ "x": 0,
+ "y": 14
+ },
+ "hiddenSeries": false,
+ "id": 14,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "alertThreshold": true
+ },
+ "percentage": false,
+ "pluginVersion": "7.2.0",
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(coredns_dns_response_rcode_count_total{job=\"coredns\",instance=~\"$instance\"}[5m])) by (rcode) or\nsum(rate(coredns_dns_responses_total{job=\"coredns\",instance=~\"$instance\"}[5m])) by (rcode)",
+ "interval": "",
+ "intervalFactor": 2,
+ "legendFormat": "{{"{{rcode}}"}}",
+ "refId": "A",
+ "step": 40
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "Responses (by rcode)",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "editable": true,
+ "error": false,
+ "fieldConfig": {
+ "defaults": {
+ "custom": {},
+ "links": []
+ },
+ "overrides": []
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "grid": {},
+ "gridPos": {
+ "h": 7,
+ "w": 12,
+ "x": 12,
+ "y": 14
+ },
+ "hiddenSeries": false,
+ "id": 32,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "alertThreshold": true
+ },
+ "percentage": false,
+ "pluginVersion": "7.2.0",
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "histogram_quantile(0.99, sum(rate(coredns_dns_request_duration_seconds_bucket{job=\"coredns\",instance=~\"$instance\"}[5m])) by (le, job))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "99%",
+ "refId": "A",
+ "step": 40
+ },
+ {
+ "expr": "histogram_quantile(0.90, sum(rate(coredns_dns_request_duration_seconds_bucket{job=\"coredns\",instance=~\"$instance\"}[5m])) by (le))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "90%",
+ "refId": "B",
+ "step": 40
+ },
+ {
+ "expr": "histogram_quantile(0.50, sum(rate(coredns_dns_request_duration_seconds_bucket{job=\"coredns\",instance=~\"$instance\"}[5m])) by (le))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "50%",
+ "refId": "C",
+ "step": 40
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "Responses (duration)",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "cumulative"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "s",
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "editable": true,
+ "error": false,
+ "fieldConfig": {
+ "defaults": {
+ "custom": {},
+ "links": []
+ },
+ "overrides": []
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "grid": {},
+ "gridPos": {
+ "h": 7,
+ "w": 12,
+ "x": 0,
+ "y": 21
+ },
+ "hiddenSeries": false,
+ "id": 18,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "alertThreshold": true
+ },
+ "percentage": false,
+ "pluginVersion": "7.2.0",
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+ {
+ "alias": "udp:50%",
+ "yaxis": 1
+ },
+ {
+ "alias": "tcp:50%",
+ "yaxis": 2
+ },
+ {
+ "alias": "tcp:90%",
+ "yaxis": 2
+ },
+ {
+ "alias": "tcp:99%",
+ "yaxis": 2
+ }
+ ],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "histogram_quantile(0.99, sum(rate(coredns_dns_response_size_bytes_bucket{job=\"coredns\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto)) ",
+ "interval": "",
+ "intervalFactor": 2,
+ "legendFormat": "{{"{{proto}}"}}:99%",
+ "refId": "A",
+ "step": 40
+ },
+ {
+ "expr": "histogram_quantile(0.90, sum(rate(coredns_dns_response_size_bytes_bucket{job=\"coredns\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto)) ",
+ "interval": "",
+ "intervalFactor": 2,
+ "legendFormat": "{{"{{proto}}"}}:90%",
+ "refId": "B",
+ "step": 40
+ },
+ {
+ "expr": "histogram_quantile(0.50, sum(rate(coredns_dns_response_size_bytes_bucket{job=\"coredns\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto)) ",
+ "hide": false,
+ "intervalFactor": 2,
+ "legendFormat": "{{"{{proto}}"}}:50%",
+ "metric": "",
+ "refId": "C",
+ "step": 40
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "Responses (size, udp)",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "cumulative"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "bytes",
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "editable": true,
+ "error": false,
+ "fieldConfig": {
+ "defaults": {
+ "custom": {},
+ "links": []
+ },
+ "overrides": []
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "grid": {},
+ "gridPos": {
+ "h": 7,
+ "w": 12,
+ "x": 12,
+ "y": 21
+ },
+ "hiddenSeries": false,
+ "id": 20,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "alertThreshold": true
+ },
+ "percentage": false,
+ "pluginVersion": "7.2.0",
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+ {
+ "alias": "udp:50%",
+ "yaxis": 1
+ },
+ {
+ "alias": "tcp:50%",
+ "yaxis": 1
+ },
+ {
+ "alias": "tcp:90%",
+ "yaxis": 1
+ },
+ {
+ "alias": "tcp:99%",
+ "yaxis": 1
+ }
+ ],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "histogram_quantile(0.99, sum(rate(coredns_dns_response_size_bytes_bucket{job=\"coredns\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto)) ",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{"{{proto}}"}}:99%",
+ "refId": "A",
+ "step": 40
+ },
+ {
+ "expr": "histogram_quantile(0.90, sum(rate(coredns_dns_response_size_bytes_bucket{job=\"coredns\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto)) ",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{"{{proto}}"}}:90%",
+ "refId": "B",
+ "step": 40
+ },
+ {
+ "expr": "histogram_quantile(0.50, sum(rate(coredns_dns_response_size_bytes_bucket{job=\"coredns\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le, proto)) ",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{"{{proto}}"}}:50%",
+ "metric": "",
+ "refId": "C",
+ "step": 40
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "Responses (size, tcp)",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "cumulative"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "bytes",
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "editable": true,
+ "error": false,
+ "fieldConfig": {
+ "defaults": {
+ "custom": {},
+ "links": []
+ },
+ "overrides": []
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "grid": {},
+ "gridPos": {
+ "h": 7,
+ "w": 12,
+ "x": 0,
+ "y": 28
+ },
+ "hiddenSeries": false,
+ "id": 22,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "alertThreshold": true
+ },
+ "percentage": false,
+ "pluginVersion": "7.2.0",
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(coredns_cache_size{job=\"coredns\",instance=~\"$instance\"}) by (type) or\nsum(coredns_cache_entries{job=\"coredns\",instance=~\"$instance\"}) by (type)",
+ "interval": "",
+ "intervalFactor": 2,
+ "legendFormat": "{{"{{type}}"}}",
+ "refId": "A",
+ "step": 40
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "Cache (size)",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "cumulative"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "decbytes",
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "editable": true,
+ "error": false,
+ "fieldConfig": {
+ "defaults": {
+ "custom": {},
+ "links": []
+ },
+ "overrides": []
+ },
+ "fill": 1,
+ "fillGradient": 0,
+ "grid": {},
+ "gridPos": {
+ "h": 7,
+ "w": 12,
+ "x": 12,
+ "y": 28
+ },
+ "hiddenSeries": false,
+ "id": 24,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "connected",
+ "options": {
+ "alertThreshold": true
+ },
+ "percentage": false,
+ "pluginVersion": "7.2.0",
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+ {
+ "alias": "misses",
+ "yaxis": 2
+ }
+ ],
+ "spaceLength": 10,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(coredns_cache_hits_total{job=\"coredns\",instance=~\"$instance\"}[5m])) by (type)",
+ "hide": false,
+ "intervalFactor": 2,
+ "legendFormat": "hits:{{"{{type}}"}}",
+ "refId": "A",
+ "step": 40
+ },
+ {
+ "expr": "sum(rate(coredns_cache_misses_total{job=\"coredns\",instance=~\"$instance\"}[5m])) by (type)",
+ "hide": false,
+ "intervalFactor": 2,
+ "legendFormat": "misses",
+ "refId": "B",
+ "step": 40
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "Cache (hitrate)",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "pps",
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ }
+ ],
+ "refresh": "10s",
+ "schemaVersion": 26,
+ "style": "dark",
+ "tags": [
+ "dns",
+ "coredns"
+ ],
+ "templating": {
+ "list": [
+ {
+ "current": {
+ "selected": true,
+ "text": "default",
+ "value": "default"
+ },
+ "hide": 0,
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "datasource",
+ "options": [],
+ "query": "prometheus",
+ "queryValue": "",
+ "refresh": 1,
+ "regex": "",
+ "skipUrlSync": false,
+ "type": "datasource"
+ },
+ {
+ "allValue": ".*",
+ "current": {
+ "selected": true,
+ "text": "All",
+ "value": "$__all"
+ },
+ "datasource": "$datasource",
+ "definition": "label_values(up{job=\"coredns\"}, instance)",
+ "hide": 0,
+ "includeAll": true,
+ "label": "Instance",
+ "multi": false,
+ "name": "instance",
+ "options": [],
+ "query": "label_values(up{job=\"coredns\"}, instance)",
+ "refresh": 1,
+ "regex": "",
+ "skipUrlSync": false,
+ "sort": 3,
+ "tagValuesQuery": "",
+ "tags": [],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ }
+ ]
+ },
+ "time": {
+ "from": "now-3h",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ]
+ },
+ "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}",
+ "title": "CoreDNS",
+ "uid": "vkQ0UHxik",
+ "version": 2
+ }
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml
new file mode 100644
index 0000000..b6b3e1d
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml
@@ -0,0 +1,3088 @@
+{{- /*
+Generated from 'k8s-resources-cluster' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }}
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-cluster" | trunc 63 | trimSuffix "-" }}
+ annotations:
+{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
+ labels:
+ {{- if $.Values.grafana.sidecar.dashboards.label }}
+ {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }}
+ {{- end }}
+ app: {{ template "kube-prometheus-stack.name" $ }}-grafana
+{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
+data:
+ k8s-resources-cluster.json: |-
+ {
+ "annotations": {
+ "list": [
+
+ ]
+ },
+ "editable": true,
+ "gnetId": null,
+ "graphTooltip": 0,
+ "hideControls": false,
+ "links": [
+
+ ],
+ "refresh": "10s",
+ "rows": [
+ {
+ "collapse": false,
+ "height": "100px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "format": "percentunit",
+ "id": 1,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 2,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "cluster:node_cpu:ratio_rate5m{cluster=\"$cluster\"}",
+ "format": "time_series",
+ "instant": true,
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "70,80",
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "CPU Utilisation",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "singlestat",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "format": "percentunit",
+ "id": 2,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 2,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(namespace_cpu:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\",resource=\"cpu\",cluster=\"$cluster\"})",
+ "format": "time_series",
+ "instant": true,
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "70,80",
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "CPU Requests Commitment",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "singlestat",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "format": "percentunit",
+ "id": 3,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 2,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(namespace_cpu:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\",resource=\"cpu\",cluster=\"$cluster\"})",
+ "format": "time_series",
+ "instant": true,
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "70,80",
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "CPU Limits Commitment",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "singlestat",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "format": "percentunit",
+ "id": 4,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 2,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "1 - sum(:node_memory_MemAvailable_bytes:sum{cluster=\"$cluster\"}) / sum(node_memory_MemTotal_bytes{job=\"node-exporter\",cluster=\"$cluster\"})",
+ "format": "time_series",
+ "instant": true,
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "70,80",
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Memory Utilisation",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "singlestat",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "format": "percentunit",
+ "id": 5,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 2,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(namespace_memory:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\",resource=\"memory\",cluster=\"$cluster\"})",
+ "format": "time_series",
+ "instant": true,
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "70,80",
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Memory Requests Commitment",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "singlestat",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "format": "percentunit",
+ "id": 6,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 2,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(namespace_memory:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\",resource=\"memory\",cluster=\"$cluster\"})",
+ "format": "time_series",
+ "instant": true,
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "70,80",
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Memory Limits Commitment",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "singlestat",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": false,
+ "title": "Headlines",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 7,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\"}) by (namespace)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}namespace{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "CPU Usage",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "CPU",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "id": 8,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": false,
+ "steppedLine": false,
+ "styles": [
+ {
+ "alias": "Time",
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "pattern": "Time",
+ "type": "hidden"
+ },
+ {
+ "alias": "Pods",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 0,
+ "link": true,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down to pods",
+ "linkUrl": "/d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell_1",
+ "pattern": "Value #A",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "Workloads",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 0,
+ "link": true,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down to workloads",
+ "linkUrl": "/d/a87fb0d919ec0ea5f6543124e16c42a5/k8s-resources-workloads-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell_1",
+ "pattern": "Value #B",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "CPU Usage",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #C",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "CPU Requests",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #D",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "CPU Requests %",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #E",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "percentunit"
+ },
+ {
+ "alias": "CPU Limits",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #F",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "CPU Limits %",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #G",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "percentunit"
+ },
+ {
+ "alias": "Namespace",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": true,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down to pods",
+ "linkUrl": "/d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell",
+ "pattern": "namespace",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "pattern": "/.*/",
+ "thresholds": [
+
+ ],
+ "type": "string",
+ "unit": "short"
+ }
+ ],
+ "targets": [
+ {
+ "expr": "sum(kube_pod_owner{job=\"kube-state-metrics\", cluster=\"$cluster\"}) by (namespace)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 10
+ },
+ {
+ "expr": "count(avg(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\"}) by (workload, namespace)) by (namespace)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "B",
+ "step": 10
+ },
+ {
+ "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\"}) by (namespace)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "C",
+ "step": 10
+ },
+ {
+ "expr": "sum(namespace_cpu:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) by (namespace)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "D",
+ "step": 10
+ },
+ {
+ "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\"}) by (namespace) / sum(namespace_cpu:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) by (namespace)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "E",
+ "step": 10
+ },
+ {
+ "expr": "sum(namespace_cpu:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) by (namespace)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "F",
+ "step": 10
+ },
+ {
+ "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\"}) by (namespace) / sum(namespace_cpu:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) by (namespace)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "G",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "CPU Quota",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "transform": "table",
+ "type": "table",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "CPU Quota",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 9,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(container_memory_rss{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", container!=\"\"}) by (namespace)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}namespace{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Memory Usage (w/o cache)",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "bytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Memory",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "id": 10,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": false,
+ "steppedLine": false,
+ "styles": [
+ {
+ "alias": "Time",
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "pattern": "Time",
+ "type": "hidden"
+ },
+ {
+ "alias": "Pods",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 0,
+ "link": true,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down to pods",
+ "linkUrl": "/d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell_1",
+ "pattern": "Value #A",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "Workloads",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 0,
+ "link": true,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down to workloads",
+ "linkUrl": "/d/a87fb0d919ec0ea5f6543124e16c42a5/k8s-resources-workloads-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell_1",
+ "pattern": "Value #B",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "Memory Usage",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #C",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "bytes"
+ },
+ {
+ "alias": "Memory Requests",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #D",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "bytes"
+ },
+ {
+ "alias": "Memory Requests %",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #E",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "percentunit"
+ },
+ {
+ "alias": "Memory Limits",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #F",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "bytes"
+ },
+ {
+ "alias": "Memory Limits %",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #G",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "percentunit"
+ },
+ {
+ "alias": "Namespace",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": true,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down to pods",
+ "linkUrl": "/d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell",
+ "pattern": "namespace",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "pattern": "/.*/",
+ "thresholds": [
+
+ ],
+ "type": "string",
+ "unit": "short"
+ }
+ ],
+ "targets": [
+ {
+ "expr": "sum(kube_pod_owner{job=\"kube-state-metrics\", cluster=\"$cluster\"}) by (namespace)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 10
+ },
+ {
+ "expr": "count(avg(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\"}) by (workload, namespace)) by (namespace)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "B",
+ "step": 10
+ },
+ {
+ "expr": "sum(container_memory_rss{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", container!=\"\"}) by (namespace)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "C",
+ "step": 10
+ },
+ {
+ "expr": "sum(namespace_memory:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) by (namespace)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "D",
+ "step": 10
+ },
+ {
+ "expr": "sum(container_memory_rss{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", container!=\"\"}) by (namespace) / sum(namespace_memory:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) by (namespace)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "E",
+ "step": 10
+ },
+ {
+ "expr": "sum(namespace_memory:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) by (namespace)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "F",
+ "step": 10
+ },
+ {
+ "expr": "sum(container_memory_rss{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", container!=\"\"}) by (namespace) / sum(namespace_memory:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) by (namespace)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "G",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Requests by Namespace",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "transform": "table",
+ "type": "table",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Memory Requests",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "id": 11,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": false,
+ "steppedLine": false,
+ "styles": [
+ {
+ "alias": "Time",
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "pattern": "Time",
+ "type": "hidden"
+ },
+ {
+ "alias": "Current Receive Bandwidth",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #A",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "Bps"
+ },
+ {
+ "alias": "Current Transmit Bandwidth",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #B",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "Bps"
+ },
+ {
+ "alias": "Rate of Received Packets",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #C",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "pps"
+ },
+ {
+ "alias": "Rate of Transmitted Packets",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #D",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "pps"
+ },
+ {
+ "alias": "Rate of Received Packets Dropped",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #E",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "pps"
+ },
+ {
+ "alias": "Rate of Transmitted Packets Dropped",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #F",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "pps"
+ },
+ {
+ "alias": "Namespace",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": true,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down to pods",
+ "linkUrl": "/d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell",
+ "pattern": "namespace",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "pattern": "/.*/",
+ "thresholds": [
+
+ ],
+ "type": "string",
+ "unit": "short"
+ }
+ ],
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 10
+ },
+ {
+ "expr": "sum(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "B",
+ "step": 10
+ },
+ {
+ "expr": "sum(irate(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "C",
+ "step": 10
+ },
+ {
+ "expr": "sum(irate(container_network_transmit_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "D",
+ "step": 10
+ },
+ {
+ "expr": "sum(irate(container_network_receive_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "E",
+ "step": 10
+ },
+ {
+ "expr": "sum(irate(container_network_transmit_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "F",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Current Network Usage",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "transform": "table",
+ "type": "table",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Current Network Usage",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 12,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}namespace{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Receive Bandwidth",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 13,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}namespace{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Transmit Bandwidth",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Bandwidth",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 14,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "avg(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}namespace{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Average Container Bandwidth by Namespace: Received",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 15,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "avg(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}namespace{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Average Container Bandwidth by Namespace: Transmitted",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Average Container Bandwidth by Namespace",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 16,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}namespace{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Received Packets",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 17,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_transmit_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}namespace{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Transmitted Packets",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Rate of Packets",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 18,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_receive_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}namespace{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Received Packets Dropped",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 19,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_transmit_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}namespace{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Transmitted Packets Dropped",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Rate of Packets Dropped",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "decimals": -1,
+ "fill": 10,
+ "id": 20,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "ceil(sum by(namespace) (rate(container_fs_reads_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]) + rate(container_fs_writes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval])))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}namespace{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "IOPS(Reads+Writes)",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 21,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum by(namespace) (rate(container_fs_reads_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]) + rate(container_fs_writes_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}namespace{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "ThroughPut(Read+Write)",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Storage IO",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "id": 22,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "sort": {
+ "col": 4,
+ "desc": true
+ },
+ "spaceLength": 10,
+ "span": 12,
+ "stack": false,
+ "steppedLine": false,
+ "styles": [
+ {
+ "alias": "Time",
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "pattern": "Time",
+ "type": "hidden"
+ },
+ {
+ "alias": "IOPS(Reads)",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": -1,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #A",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "IOPS(Writes)",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": -1,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #B",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "IOPS(Reads + Writes)",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": -1,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #C",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "Throughput(Read)",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #D",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "Bps"
+ },
+ {
+ "alias": "Throughput(Write)",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #E",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "Bps"
+ },
+ {
+ "alias": "Throughput(Read + Write)",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #F",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "Bps"
+ },
+ {
+ "alias": "Namespace",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": true,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down to pods",
+ "linkUrl": "/d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell",
+ "pattern": "namespace",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "pattern": "/.*/",
+ "thresholds": [
+
+ ],
+ "type": "string",
+ "unit": "short"
+ }
+ ],
+ "targets": [
+ {
+ "expr": "sum by(namespace) (rate(container_fs_reads_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 10
+ },
+ {
+ "expr": "sum by(namespace) (rate(container_fs_writes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "B",
+ "step": 10
+ },
+ {
+ "expr": "sum by(namespace) (rate(container_fs_reads_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]) + rate(container_fs_writes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "C",
+ "step": 10
+ },
+ {
+ "expr": "sum by(namespace) (rate(container_fs_reads_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "D",
+ "step": 10
+ },
+ {
+ "expr": "sum by(namespace) (rate(container_fs_writes_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "E",
+ "step": 10
+ },
+ {
+ "expr": "sum by(namespace) (rate(container_fs_reads_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]) + rate(container_fs_writes_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "F",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Current Storage IO",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "transform": "table",
+ "type": "table",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Storage IO - Distribution",
+ "titleSize": "h6"
+ }
+ ],
+ "schemaVersion": 14,
+ "style": "dark",
+ "tags": [
+ "kubernetes-mixin"
+ ],
+ "templating": {
+ "list": [
+ {
+ "current": {
+ "text": "default",
+ "value": "default"
+ },
+ "hide": 0,
+ "label": "Data Source",
+ "name": "datasource",
+ "options": [
+
+ ],
+ "query": "prometheus",
+ "refresh": 1,
+ "regex": "",
+ "type": "datasource"
+ },
+ {
+ "allValue": null,
+ "current": {
+ "text": "",
+ "value": ""
+ },
+ "datasource": "$datasource",
+ "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }},
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "cluster",
+ "options": [
+
+ ],
+ "query": "label_values(up{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\"}, cluster)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ }
+ ]
+ },
+ "time": {
+ "from": "now-1h",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}",
+ "title": "Kubernetes / Compute Resources / Cluster",
+ "uid": "efa86fd1d0c121a26444b636a3f509a8",
+ "version": 0
+ }
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml
new file mode 100644
index 0000000..9151a28
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml
@@ -0,0 +1,2797 @@
+{{- /*
+Generated from 'k8s-resources-namespace' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }}
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-namespace" | trunc 63 | trimSuffix "-" }}
+ annotations:
+{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
+ labels:
+ {{- if $.Values.grafana.sidecar.dashboards.label }}
+ {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }}
+ {{- end }}
+ app: {{ template "kube-prometheus-stack.name" $ }}-grafana
+{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
+data:
+ k8s-resources-namespace.json: |-
+ {
+ "annotations": {
+ "list": [
+
+ ]
+ },
+ "editable": true,
+ "gnetId": null,
+ "graphTooltip": 0,
+ "hideControls": false,
+ "links": [
+
+ ],
+ "refresh": "10s",
+ "rows": [
+ {
+ "collapse": false,
+ "height": "100px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "format": "percentunit",
+ "id": 1,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 3,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) / sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"})",
+ "format": "time_series",
+ "instant": true,
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "70,80",
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "CPU Utilisation (from requests)",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "singlestat",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "format": "percentunit",
+ "id": 2,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 3,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) / sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"})",
+ "format": "time_series",
+ "instant": true,
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "70,80",
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "CPU Utilisation (from limits)",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "singlestat",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "format": "percentunit",
+ "id": 3,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 3,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) / sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"})",
+ "format": "time_series",
+ "instant": true,
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "70,80",
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Memory Utilisation (from requests)",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "singlestat",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "format": "percentunit",
+ "id": 4,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 3,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) / sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"})",
+ "format": "time_series",
+ "instant": true,
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "70,80",
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Memory Utilisation (from limits)",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "singlestat",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": false,
+ "title": "Headlines",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 5,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+ {
+ "alias": "quota - requests",
+ "color": "#F2495C",
+ "dashes": true,
+ "fill": 0,
+ "hiddenSeries": true,
+ "hideTooltip": true,
+ "legend": true,
+ "linewidth": 2,
+ "stack": false
+ },
+ {
+ "alias": "quota - limits",
+ "color": "#FF9830",
+ "dashes": true,
+ "fill": 0,
+ "hiddenSeries": true,
+ "hideTooltip": true,
+ "legend": true,
+ "linewidth": 2,
+ "stack": false
+ }
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ },
+ {
+ "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"requests.cpu\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "quota - requests",
+ "legendLink": null,
+ "step": 10
+ },
+ {
+ "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"limits.cpu\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "quota - limits",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "CPU Usage",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "CPU Usage",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "id": 6,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": false,
+ "steppedLine": false,
+ "styles": [
+ {
+ "alias": "Time",
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "pattern": "Time",
+ "type": "hidden"
+ },
+ {
+ "alias": "CPU Usage",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #A",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "CPU Requests",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #B",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "CPU Requests %",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #C",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "percentunit"
+ },
+ {
+ "alias": "CPU Limits",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #D",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "CPU Limits %",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #E",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "percentunit"
+ },
+ {
+ "alias": "Pod",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": true,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell",
+ "pattern": "pod",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "pattern": "/.*/",
+ "thresholds": [
+
+ ],
+ "type": "string",
+ "unit": "short"
+ }
+ ],
+ "targets": [
+ {
+ "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 10
+ },
+ {
+ "expr": "sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "B",
+ "step": 10
+ },
+ {
+ "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "C",
+ "step": 10
+ },
+ {
+ "expr": "sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "D",
+ "step": 10
+ },
+ {
+ "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "E",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "CPU Quota",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "transform": "table",
+ "type": "table",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "CPU Quota",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 7,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+ {
+ "alias": "quota - requests",
+ "color": "#F2495C",
+ "dashes": true,
+ "fill": 0,
+ "hiddenSeries": true,
+ "hideTooltip": true,
+ "legend": true,
+ "linewidth": 2,
+ "stack": false
+ },
+ {
+ "alias": "quota - limits",
+ "color": "#FF9830",
+ "dashes": true,
+ "fill": 0,
+ "hiddenSeries": true,
+ "hideTooltip": true,
+ "legend": true,
+ "linewidth": 2,
+ "stack": false
+ }
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}) by (pod)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ },
+ {
+ "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"requests.memory\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "quota - requests",
+ "legendLink": null,
+ "step": 10
+ },
+ {
+ "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"limits.memory\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "quota - limits",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Memory Usage (w/o cache)",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "bytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Memory Usage",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "id": 8,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": false,
+ "steppedLine": false,
+ "styles": [
+ {
+ "alias": "Time",
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "pattern": "Time",
+ "type": "hidden"
+ },
+ {
+ "alias": "Memory Usage",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #A",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "bytes"
+ },
+ {
+ "alias": "Memory Requests",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #B",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "bytes"
+ },
+ {
+ "alias": "Memory Requests %",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #C",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "percentunit"
+ },
+ {
+ "alias": "Memory Limits",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #D",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "bytes"
+ },
+ {
+ "alias": "Memory Limits %",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #E",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "percentunit"
+ },
+ {
+ "alias": "Memory Usage (RSS)",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #F",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "bytes"
+ },
+ {
+ "alias": "Memory Usage (Cache)",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #G",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "bytes"
+ },
+ {
+ "alias": "Memory Usage (Swap)",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #H",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "bytes"
+ },
+ {
+ "alias": "Pod",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": true,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell",
+ "pattern": "pod",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "pattern": "/.*/",
+ "thresholds": [
+
+ ],
+ "type": "string",
+ "unit": "short"
+ }
+ ],
+ "targets": [
+ {
+ "expr": "sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 10
+ },
+ {
+ "expr": "sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "B",
+ "step": 10
+ },
+ {
+ "expr": "sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "C",
+ "step": 10
+ },
+ {
+ "expr": "sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "D",
+ "step": 10
+ },
+ {
+ "expr": "sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "E",
+ "step": 10
+ },
+ {
+ "expr": "sum(container_memory_rss{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\"}) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "F",
+ "step": 10
+ },
+ {
+ "expr": "sum(container_memory_cache{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\"}) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "G",
+ "step": 10
+ },
+ {
+ "expr": "sum(container_memory_swap{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\"}) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "H",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Memory Quota",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "transform": "table",
+ "type": "table",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Memory Quota",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "id": 9,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": false,
+ "steppedLine": false,
+ "styles": [
+ {
+ "alias": "Time",
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "pattern": "Time",
+ "type": "hidden"
+ },
+ {
+ "alias": "Current Receive Bandwidth",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #A",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "Bps"
+ },
+ {
+ "alias": "Current Transmit Bandwidth",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #B",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "Bps"
+ },
+ {
+ "alias": "Rate of Received Packets",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #C",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "pps"
+ },
+ {
+ "alias": "Rate of Transmitted Packets",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #D",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "pps"
+ },
+ {
+ "alias": "Rate of Received Packets Dropped",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #E",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "pps"
+ },
+ {
+ "alias": "Rate of Transmitted Packets Dropped",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #F",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "pps"
+ },
+ {
+ "alias": "Pod",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": true,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down to pods",
+ "linkUrl": "/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell",
+ "pattern": "pod",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "pattern": "/.*/",
+ "thresholds": [
+
+ ],
+ "type": "string",
+ "unit": "short"
+ }
+ ],
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 10
+ },
+ {
+ "expr": "sum(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "B",
+ "step": 10
+ },
+ {
+ "expr": "sum(irate(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "C",
+ "step": 10
+ },
+ {
+ "expr": "sum(irate(container_network_transmit_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "D",
+ "step": 10
+ },
+ {
+ "expr": "sum(irate(container_network_receive_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "E",
+ "step": 10
+ },
+ {
+ "expr": "sum(irate(container_network_transmit_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "F",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Current Network Usage",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "transform": "table",
+ "type": "table",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Current Network Usage",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 10,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Receive Bandwidth",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 11,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Transmit Bandwidth",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Bandwidth",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 12,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Received Packets",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 13,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Transmitted Packets",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Rate of Packets",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 14,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Received Packets Dropped",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 15,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Transmitted Packets Dropped",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Rate of Packets Dropped",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "decimals": -1,
+ "fill": 10,
+ "id": 16,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "ceil(sum by(pod) (rate(container_fs_reads_total{container!=\"\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]) + rate(container_fs_writes_total{container!=\"\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "IOPS(Reads+Writes)",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 17,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum by(pod) (rate(container_fs_reads_bytes_total{container!=\"\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]) + rate(container_fs_writes_bytes_total{container!=\"\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "ThroughPut(Read+Write)",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Storage IO",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "id": 18,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "sort": {
+ "col": 4,
+ "desc": true
+ },
+ "spaceLength": 10,
+ "span": 12,
+ "stack": false,
+ "steppedLine": false,
+ "styles": [
+ {
+ "alias": "Time",
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "pattern": "Time",
+ "type": "hidden"
+ },
+ {
+ "alias": "IOPS(Reads)",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": -1,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #A",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "IOPS(Writes)",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": -1,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #B",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "IOPS(Reads + Writes)",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": -1,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #C",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "Throughput(Read)",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #D",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "Bps"
+ },
+ {
+ "alias": "Throughput(Write)",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #E",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "Bps"
+ },
+ {
+ "alias": "Throughput(Read + Write)",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #F",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "Bps"
+ },
+ {
+ "alias": "Pod",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": true,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down to pods",
+ "linkUrl": "/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell",
+ "pattern": "pod",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "pattern": "/.*/",
+ "thresholds": [
+
+ ],
+ "type": "string",
+ "unit": "short"
+ }
+ ],
+ "targets": [
+ {
+ "expr": "sum by(pod) (rate(container_fs_reads_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 10
+ },
+ {
+ "expr": "sum by(pod) (rate(container_fs_writes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "B",
+ "step": 10
+ },
+ {
+ "expr": "sum by(pod) (rate(container_fs_reads_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]) + rate(container_fs_writes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "C",
+ "step": 10
+ },
+ {
+ "expr": "sum by(pod) (rate(container_fs_reads_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "D",
+ "step": 10
+ },
+ {
+ "expr": "sum by(pod) (rate(container_fs_writes_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "E",
+ "step": 10
+ },
+ {
+ "expr": "sum by(pod) (rate(container_fs_reads_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]) + rate(container_fs_writes_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "F",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Current Storage IO",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "transform": "table",
+ "type": "table",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Storage IO - Distribution",
+ "titleSize": "h6"
+ }
+ ],
+ "schemaVersion": 14,
+ "style": "dark",
+ "tags": [
+ "kubernetes-mixin"
+ ],
+ "templating": {
+ "list": [
+ {
+ "current": {
+ "text": "default",
+ "value": "default"
+ },
+ "hide": 0,
+ "label": "Data Source",
+ "name": "datasource",
+ "options": [
+
+ ],
+ "query": "prometheus",
+ "refresh": 1,
+ "regex": "",
+ "type": "datasource"
+ },
+ {
+ "allValue": null,
+ "current": {
+ "text": "",
+ "value": ""
+ },
+ "datasource": "$datasource",
+ "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }},
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "cluster",
+ "options": [
+
+ ],
+ "query": "label_values(up{job=\"kube-state-metrics\"}, cluster)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "current": {
+ "text": "",
+ "value": ""
+ },
+ "datasource": "$datasource",
+ "hide": 0,
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "namespace",
+ "options": [
+
+ ],
+ "query": "label_values(kube_namespace_status_phase{job=\"kube-state-metrics\", cluster=\"$cluster\"}, namespace)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ }
+ ]
+ },
+ "time": {
+ "from": "now-1h",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}",
+ "title": "Kubernetes / Compute Resources / Namespace (Pods)",
+ "uid": "85a562078cdf77779eaa1add43ccec1e",
+ "version": 0
+ }
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-node.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-node.yaml
new file mode 100644
index 0000000..9366812
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-node.yaml
@@ -0,0 +1,1026 @@
+{{- /*
+Generated from 'k8s-resources-node' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }}
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-node" | trunc 63 | trimSuffix "-" }}
+ annotations:
+{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
+ labels:
+ {{- if $.Values.grafana.sidecar.dashboards.label }}
+ {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }}
+ {{- end }}
+ app: {{ template "kube-prometheus-stack.name" $ }}-grafana
+{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
+data:
+ k8s-resources-node.json: |-
+ {
+ "annotations": {
+ "list": [
+
+ ]
+ },
+ "editable": true,
+ "gnetId": null,
+ "graphTooltip": 0,
+ "hideControls": false,
+ "links": [
+
+ ],
+ "refresh": "10s",
+ "rows": [
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 1,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+ {
+ "alias": "max capacity",
+ "color": "#F2495C",
+ "dashes": true,
+ "fill": 0,
+ "hiddenSeries": true,
+ "hideTooltip": true,
+ "legend": true,
+ "linewidth": 2,
+ "stack": false
+ }
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(kube_node_status_capacity{cluster=\"$cluster\", node=~\"$node\", resource=\"cpu\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "max capacity",
+ "legendLink": null,
+ "step": 10
+ },
+ {
+ "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", node=~\"$node\"}) by (pod)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "CPU Usage",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "CPU Usage",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "id": 2,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": false,
+ "steppedLine": false,
+ "styles": [
+ {
+ "alias": "Time",
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "pattern": "Time",
+ "type": "hidden"
+ },
+ {
+ "alias": "CPU Usage",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #A",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "CPU Requests",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #B",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "CPU Requests %",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #C",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "percentunit"
+ },
+ {
+ "alias": "CPU Limits",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #D",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "CPU Limits %",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #E",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "percentunit"
+ },
+ {
+ "alias": "Pod",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "pod",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "pattern": "/.*/",
+ "thresholds": [
+
+ ],
+ "type": "string",
+ "unit": "short"
+ }
+ ],
+ "targets": [
+ {
+ "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", node=~\"$node\"}) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 10
+ },
+ {
+ "expr": "sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\"}) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "B",
+ "step": 10
+ },
+ {
+ "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", node=~\"$node\"}) by (pod) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\"}) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "C",
+ "step": 10
+ },
+ {
+ "expr": "sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\"}) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "D",
+ "step": 10
+ },
+ {
+ "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", node=~\"$node\"}) by (pod) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\"}) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "E",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "CPU Quota",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "transform": "table",
+ "type": "table",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "CPU Quota",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 3,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+ {
+ "alias": "max capacity",
+ "color": "#F2495C",
+ "dashes": true,
+ "fill": 0,
+ "hiddenSeries": true,
+ "hideTooltip": true,
+ "legend": true,
+ "linewidth": 2,
+ "stack": false
+ }
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(kube_node_status_capacity{cluster=\"$cluster\", node=~\"$node\", resource=\"memory\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "max capacity",
+ "legendLink": null,
+ "step": 10
+ },
+ {
+ "expr": "sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\", container!=\"\"}) by (pod)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Memory Usage (w/o cache)",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "bytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Memory Usage",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "id": 4,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": false,
+ "steppedLine": false,
+ "styles": [
+ {
+ "alias": "Time",
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "pattern": "Time",
+ "type": "hidden"
+ },
+ {
+ "alias": "Memory Usage",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #A",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "bytes"
+ },
+ {
+ "alias": "Memory Requests",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #B",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "bytes"
+ },
+ {
+ "alias": "Memory Requests %",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #C",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "percentunit"
+ },
+ {
+ "alias": "Memory Limits",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #D",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "bytes"
+ },
+ {
+ "alias": "Memory Limits %",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #E",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "percentunit"
+ },
+ {
+ "alias": "Memory Usage (RSS)",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #F",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "bytes"
+ },
+ {
+ "alias": "Memory Usage (Cache)",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #G",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "bytes"
+ },
+ {
+ "alias": "Memory Usage (Swap)",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #H",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "bytes"
+ },
+ {
+ "alias": "Pod",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "pod",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "pattern": "/.*/",
+ "thresholds": [
+
+ ],
+ "type": "string",
+ "unit": "short"
+ }
+ ],
+ "targets": [
+ {
+ "expr": "sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 10
+ },
+ {
+ "expr": "sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\"}) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "B",
+ "step": 10
+ },
+ {
+ "expr": "sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\"}) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "C",
+ "step": 10
+ },
+ {
+ "expr": "sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\"}) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "D",
+ "step": 10
+ },
+ {
+ "expr": "sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\"}) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "E",
+ "step": 10
+ },
+ {
+ "expr": "sum(node_namespace_pod_container:container_memory_rss{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "F",
+ "step": 10
+ },
+ {
+ "expr": "sum(node_namespace_pod_container:container_memory_cache{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "G",
+ "step": 10
+ },
+ {
+ "expr": "sum(node_namespace_pod_container:container_memory_swap{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "H",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Memory Quota",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "transform": "table",
+ "type": "table",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Memory Quota",
+ "titleSize": "h6"
+ }
+ ],
+ "schemaVersion": 14,
+ "style": "dark",
+ "tags": [
+ "kubernetes-mixin"
+ ],
+ "templating": {
+ "list": [
+ {
+ "current": {
+ "text": "default",
+ "value": "default"
+ },
+ "hide": 0,
+ "label": "Data Source",
+ "name": "datasource",
+ "options": [
+
+ ],
+ "query": "prometheus",
+ "refresh": 1,
+ "regex": "",
+ "type": "datasource"
+ },
+ {
+ "allValue": null,
+ "current": {
+ "text": "",
+ "value": ""
+ },
+ "datasource": "$datasource",
+ "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }},
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "cluster",
+ "options": [
+
+ ],
+ "query": "label_values(up{job=\"kube-state-metrics\"}, cluster)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "current": {
+ "text": "",
+ "value": ""
+ },
+ "datasource": "$datasource",
+ "hide": 0,
+ "includeAll": false,
+ "label": null,
+ "multi": true,
+ "name": "node",
+ "options": [
+
+ ],
+ "query": "label_values(kube_node_info{cluster=\"$cluster\"}, node)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ }
+ ]
+ },
+ "time": {
+ "from": "now-1h",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}",
+ "title": "Kubernetes / Compute Resources / Node (Pods)",
+ "uid": "200ac8fdbfbb74b39aff88118e4d1c2c",
+ "version": 0
+ }
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml
new file mode 100644
index 0000000..4efba70
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml
@@ -0,0 +1,2469 @@
+{{- /*
+Generated from 'k8s-resources-pod' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }}
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-pod" | trunc 63 | trimSuffix "-" }}
+ annotations:
+{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
+ labels:
+ {{- if $.Values.grafana.sidecar.dashboards.label }}
+ {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }}
+ {{- end }}
+ app: {{ template "kube-prometheus-stack.name" $ }}-grafana
+{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
+data:
+ k8s-resources-pod.json: |-
+ {
+ "annotations": {
+ "list": [
+
+ ]
+ },
+ "editable": true,
+ "gnetId": null,
+ "graphTooltip": 0,
+ "hideControls": false,
+ "links": [
+
+ ],
+ "refresh": "10s",
+ "rows": [
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 1,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+ {
+ "alias": "requests",
+ "color": "#F2495C",
+ "fill": 0,
+ "hideTooltip": true,
+ "legend": true,
+ "linewidth": 2,
+ "stack": false
+ },
+ {
+ "alias": "limits",
+ "color": "#FF9830",
+ "fill": 0,
+ "hideTooltip": true,
+ "legend": true,
+ "linewidth": 2,
+ "stack": false
+ }
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{namespace=\"$namespace\", pod=\"$pod\", cluster=\"$cluster\"}) by (container)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}container{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ },
+ {
+ "expr": "sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}\n)\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "requests",
+ "legendLink": null,
+ "step": 10
+ },
+ {
+ "expr": "sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}\n)\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "limits",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "CPU Usage",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "CPU Usage",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 2,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "max": true,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(increase(container_cpu_cfs_throttled_periods_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", cluster=\"$cluster\"}[$__rate_interval])) by (container) /sum(increase(container_cpu_cfs_periods_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", cluster=\"$cluster\"}[$__rate_interval])) by (container)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}container{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+ {
+ "colorMode": "critical",
+ "fill": true,
+ "line": true,
+ "op": "gt",
+ "value": 0.25,
+ "yaxis": "left"
+ }
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "CPU Throttling",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": 1,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "CPU Throttling",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "id": 3,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": false,
+ "steppedLine": false,
+ "styles": [
+ {
+ "alias": "Time",
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "pattern": "Time",
+ "type": "hidden"
+ },
+ {
+ "alias": "CPU Usage",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #A",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "CPU Requests",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #B",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "CPU Requests %",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #C",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "percentunit"
+ },
+ {
+ "alias": "CPU Limits",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #D",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "CPU Limits %",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #E",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "percentunit"
+ },
+ {
+ "alias": "Container",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "container",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "pattern": "/.*/",
+ "thresholds": [
+
+ ],
+ "type": "string",
+ "unit": "short"
+ }
+ ],
+ "targets": [
+ {
+ "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 10
+ },
+ {
+ "expr": "sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "B",
+ "step": 10
+ },
+ {
+ "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "C",
+ "step": 10
+ },
+ {
+ "expr": "sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "D",
+ "step": 10
+ },
+ {
+ "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "E",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "CPU Quota",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "transform": "table",
+ "type": "table",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "CPU Quota",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 4,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+ {
+ "alias": "requests",
+ "color": "#F2495C",
+ "dashes": true,
+ "fill": 0,
+ "hideTooltip": true,
+ "legend": true,
+ "linewidth": 2,
+ "stack": false
+ },
+ {
+ "alias": "limits",
+ "color": "#FF9830",
+ "dashes": true,
+ "fill": 0,
+ "hideTooltip": true,
+ "legend": true,
+ "linewidth": 2,
+ "stack": false
+ }
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"}) by (container)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}container{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ },
+ {
+ "expr": "sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}\n)\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "requests",
+ "legendLink": null,
+ "step": 10
+ },
+ {
+ "expr": "sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}\n)\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "limits",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Memory Usage (WSS)",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "bytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Memory Usage",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "id": 5,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": false,
+ "steppedLine": false,
+ "styles": [
+ {
+ "alias": "Time",
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "pattern": "Time",
+ "type": "hidden"
+ },
+ {
+ "alias": "Memory Usage (WSS)",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #A",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "bytes"
+ },
+ {
+ "alias": "Memory Requests",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #B",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "bytes"
+ },
+ {
+ "alias": "Memory Requests %",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #C",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "percentunit"
+ },
+ {
+ "alias": "Memory Limits",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #D",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "bytes"
+ },
+ {
+ "alias": "Memory Limits %",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #E",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "percentunit"
+ },
+ {
+ "alias": "Memory Usage (RSS)",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #F",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "bytes"
+ },
+ {
+ "alias": "Memory Usage (Cache)",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #G",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "bytes"
+ },
+ {
+ "alias": "Memory Usage (Swap)",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #H",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "bytes"
+ },
+ {
+ "alias": "Container",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "container",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "pattern": "/.*/",
+ "thresholds": [
+
+ ],
+ "type": "string",
+ "unit": "short"
+ }
+ ],
+ "targets": [
+ {
+ "expr": "sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"}) by (container)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 10
+ },
+ {
+ "expr": "sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "B",
+ "step": 10
+ },
+ {
+ "expr": "sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", image!=\"\"}) by (container) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "C",
+ "step": 10
+ },
+ {
+ "expr": "sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "D",
+ "step": 10
+ },
+ {
+ "expr": "sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"}) by (container) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "E",
+ "step": 10
+ },
+ {
+ "expr": "sum(container_memory_rss{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\", container != \"POD\"}) by (container)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "F",
+ "step": 10
+ },
+ {
+ "expr": "sum(container_memory_cache{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\", container != \"POD\"}) by (container)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "G",
+ "step": 10
+ },
+ {
+ "expr": "sum(container_memory_swap{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\", container != \"POD\"}) by (container)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "H",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Memory Quota",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "transform": "table",
+ "type": "table",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Memory Quota",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 6,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Receive Bandwidth",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 7,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Transmit Bandwidth",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Bandwidth",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 8,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Received Packets",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 9,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_transmit_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Transmitted Packets",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Rate of Packets",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 10,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_receive_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Received Packets Dropped",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 11,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_transmit_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Transmitted Packets Dropped",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Rate of Packets Dropped",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "decimals": -1,
+ "fill": 10,
+ "id": 12,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "ceil(sum by(pod) (rate(container_fs_reads_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "Reads",
+ "legendLink": null,
+ "step": 10
+ },
+ {
+ "expr": "ceil(sum by(pod) (rate(container_fs_writes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\",namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "Writes",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "IOPS",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 13,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum by(pod) (rate(container_fs_reads_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "Reads",
+ "legendLink": null,
+ "step": 10
+ },
+ {
+ "expr": "sum by(pod) (rate(container_fs_writes_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "Writes",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "ThroughPut",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Storage IO - Distribution(Pod - Read & Writes)",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "decimals": -1,
+ "fill": 10,
+ "id": 14,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "ceil(sum by(container) (rate(container_fs_reads_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]) + rate(container_fs_writes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval])))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}container{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "IOPS(Reads+Writes)",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 15,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum by(container) (rate(container_fs_reads_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]) + rate(container_fs_writes_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}container{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "ThroughPut(Read+Write)",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Storage IO - Distribution(Containers)",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "id": 16,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "sort": {
+ "col": 4,
+ "desc": true
+ },
+ "spaceLength": 10,
+ "span": 12,
+ "stack": false,
+ "steppedLine": false,
+ "styles": [
+ {
+ "alias": "Time",
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "pattern": "Time",
+ "type": "hidden"
+ },
+ {
+ "alias": "IOPS(Reads)",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": -1,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #A",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "IOPS(Writes)",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": -1,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #B",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "IOPS(Reads + Writes)",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": -1,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #C",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "Throughput(Read)",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #D",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "Bps"
+ },
+ {
+ "alias": "Throughput(Write)",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #E",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "Bps"
+ },
+ {
+ "alias": "Throughput(Read + Write)",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #F",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "Bps"
+ },
+ {
+ "alias": "Container",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "container",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "pattern": "/.*/",
+ "thresholds": [
+
+ ],
+ "type": "string",
+ "unit": "short"
+ }
+ ],
+ "targets": [
+ {
+ "expr": "sum by(container) (rate(container_fs_reads_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 10
+ },
+ {
+ "expr": "sum by(container) (rate(container_fs_writes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\",device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "B",
+ "step": 10
+ },
+ {
+ "expr": "sum by(container) (rate(container_fs_reads_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]) + rate(container_fs_writes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "C",
+ "step": 10
+ },
+ {
+ "expr": "sum by(container) (rate(container_fs_reads_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "D",
+ "step": 10
+ },
+ {
+ "expr": "sum by(container) (rate(container_fs_writes_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "E",
+ "step": 10
+ },
+ {
+ "expr": "sum by(container) (rate(container_fs_reads_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]) + rate(container_fs_writes_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "F",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Current Storage IO",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "transform": "table",
+ "type": "table",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Storage IO - Distribution",
+ "titleSize": "h6"
+ }
+ ],
+ "schemaVersion": 14,
+ "style": "dark",
+ "tags": [
+ "kubernetes-mixin"
+ ],
+ "templating": {
+ "list": [
+ {
+ "current": {
+ "text": "default",
+ "value": "default"
+ },
+ "hide": 0,
+ "label": "Data Source",
+ "name": "datasource",
+ "options": [
+
+ ],
+ "query": "prometheus",
+ "refresh": 1,
+ "regex": "",
+ "type": "datasource"
+ },
+ {
+ "allValue": null,
+ "current": {
+ "text": "",
+ "value": ""
+ },
+ "datasource": "$datasource",
+ "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }},
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "cluster",
+ "options": [
+
+ ],
+ "query": "label_values(up{job=\"kube-state-metrics\"}, cluster)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "current": {
+ "text": "",
+ "value": ""
+ },
+ "datasource": "$datasource",
+ "hide": 0,
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "namespace",
+ "options": [
+
+ ],
+ "query": "label_values(kube_namespace_status_phase{job=\"kube-state-metrics\", cluster=\"$cluster\"}, namespace)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "current": {
+ "text": "",
+ "value": ""
+ },
+ "datasource": "$datasource",
+ "hide": 0,
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "pod",
+ "options": [
+
+ ],
+ "query": "label_values(kube_pod_info{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\"}, pod)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ }
+ ]
+ },
+ "time": {
+ "from": "now-1h",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}",
+ "title": "Kubernetes / Compute Resources / Pod",
+ "uid": "6581e46e4e5c7ba40a07646395ef7b23",
+ "version": 0
+ }
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml
new file mode 100644
index 0000000..2a30eac
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml
@@ -0,0 +1,2024 @@
+{{- /*
+Generated from 'k8s-resources-workload' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }}
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-workload" | trunc 63 | trimSuffix "-" }}
+ annotations:
+{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
+ labels:
+ {{- if $.Values.grafana.sidecar.dashboards.label }}
+ {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }}
+ {{- end }}
+ app: {{ template "kube-prometheus-stack.name" $ }}-grafana
+{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
+data:
+ k8s-resources-workload.json: |-
+ {
+ "annotations": {
+ "list": [
+
+ ]
+ },
+ "editable": true,
+ "gnetId": null,
+ "graphTooltip": 0,
+ "hideControls": false,
+ "links": [
+
+ ],
+ "refresh": "10s",
+ "rows": [
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 1,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "CPU Usage",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "CPU Usage",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "id": 2,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": false,
+ "steppedLine": false,
+ "styles": [
+ {
+ "alias": "Time",
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "pattern": "Time",
+ "type": "hidden"
+ },
+ {
+ "alias": "CPU Usage",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #A",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "CPU Requests",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #B",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "CPU Requests %",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #C",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "percentunit"
+ },
+ {
+ "alias": "CPU Limits",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #D",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "CPU Limits %",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #E",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "percentunit"
+ },
+ {
+ "alias": "Pod",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": true,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell",
+ "pattern": "pod",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "pattern": "/.*/",
+ "thresholds": [
+
+ ],
+ "type": "string",
+ "unit": "short"
+ }
+ ],
+ "targets": [
+ {
+ "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 10
+ },
+ {
+ "expr": "sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "B",
+ "step": 10
+ },
+ {
+ "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "C",
+ "step": 10
+ },
+ {
+ "expr": "sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "D",
+ "step": 10
+ },
+ {
+ "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "E",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "CPU Quota",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "transform": "table",
+ "type": "table",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "CPU Quota",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 3,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Memory Usage",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "bytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Memory Usage",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "id": 4,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": false,
+ "steppedLine": false,
+ "styles": [
+ {
+ "alias": "Time",
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "pattern": "Time",
+ "type": "hidden"
+ },
+ {
+ "alias": "Memory Usage",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #A",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "bytes"
+ },
+ {
+ "alias": "Memory Requests",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #B",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "bytes"
+ },
+ {
+ "alias": "Memory Requests %",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #C",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "percentunit"
+ },
+ {
+ "alias": "Memory Limits",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #D",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "bytes"
+ },
+ {
+ "alias": "Memory Limits %",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #E",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "percentunit"
+ },
+ {
+ "alias": "Pod",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": true,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell",
+ "pattern": "pod",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "pattern": "/.*/",
+ "thresholds": [
+
+ ],
+ "type": "string",
+ "unit": "short"
+ }
+ ],
+ "targets": [
+ {
+ "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 10
+ },
+ {
+ "expr": "sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "B",
+ "step": 10
+ },
+ {
+ "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "C",
+ "step": 10
+ },
+ {
+ "expr": "sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "D",
+ "step": 10
+ },
+ {
+ "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "E",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Memory Quota",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "transform": "table",
+ "type": "table",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Memory Quota",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "id": 5,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": false,
+ "steppedLine": false,
+ "styles": [
+ {
+ "alias": "Time",
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "pattern": "Time",
+ "type": "hidden"
+ },
+ {
+ "alias": "Current Receive Bandwidth",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #A",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "Bps"
+ },
+ {
+ "alias": "Current Transmit Bandwidth",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #B",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "Bps"
+ },
+ {
+ "alias": "Rate of Received Packets",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #C",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "pps"
+ },
+ {
+ "alias": "Rate of Transmitted Packets",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #D",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "pps"
+ },
+ {
+ "alias": "Rate of Received Packets Dropped",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #E",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "pps"
+ },
+ {
+ "alias": "Rate of Transmitted Packets Dropped",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #F",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "pps"
+ },
+ {
+ "alias": "Pod",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": true,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "/d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell",
+ "pattern": "pod",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "pattern": "/.*/",
+ "thresholds": [
+
+ ],
+ "type": "string",
+ "unit": "short"
+ }
+ ],
+ "targets": [
+ {
+ "expr": "(sum(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 10
+ },
+ {
+ "expr": "(sum(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "B",
+ "step": 10
+ },
+ {
+ "expr": "(sum(irate(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "C",
+ "step": 10
+ },
+ {
+ "expr": "(sum(irate(container_network_transmit_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "D",
+ "step": 10
+ },
+ {
+ "expr": "(sum(irate(container_network_receive_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "E",
+ "step": 10
+ },
+ {
+ "expr": "(sum(irate(container_network_transmit_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "F",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Current Network Usage",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "transform": "table",
+ "type": "table",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Current Network Usage",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 6,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "(sum(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Receive Bandwidth",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 7,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "(sum(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Transmit Bandwidth",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Bandwidth",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 8,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "(avg(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Average Container Bandwidth by Pod: Received",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 9,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "(avg(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Average Container Bandwidth by Pod: Transmitted",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Average Container Bandwidth by Pod",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 10,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "(sum(irate(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Received Packets",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 11,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "(sum(irate(container_network_transmit_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Transmitted Packets",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Rate of Packets",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 12,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "(sum(irate(container_network_receive_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Received Packets Dropped",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 13,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "(sum(irate(container_network_transmit_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Transmitted Packets Dropped",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Rate of Packets Dropped",
+ "titleSize": "h6"
+ }
+ ],
+ "schemaVersion": 14,
+ "style": "dark",
+ "tags": [
+ "kubernetes-mixin"
+ ],
+ "templating": {
+ "list": [
+ {
+ "current": {
+ "text": "default",
+ "value": "default"
+ },
+ "hide": 0,
+ "label": "Data Source",
+ "name": "datasource",
+ "options": [
+
+ ],
+ "query": "prometheus",
+ "refresh": 1,
+ "regex": "",
+ "type": "datasource"
+ },
+ {
+ "allValue": null,
+ "current": {
+ "text": "",
+ "value": ""
+ },
+ "datasource": "$datasource",
+ "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }},
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "cluster",
+ "options": [
+
+ ],
+ "query": "label_values(up{job=\"kube-state-metrics\"}, cluster)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "current": {
+ "text": "",
+ "value": ""
+ },
+ "datasource": "$datasource",
+ "hide": 0,
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "namespace",
+ "options": [
+
+ ],
+ "query": "label_values(kube_namespace_status_phase{job=\"kube-state-metrics\", cluster=\"$cluster\"}, namespace)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "current": {
+ "text": "",
+ "value": ""
+ },
+ "datasource": "$datasource",
+ "hide": 0,
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "type",
+ "options": [
+
+ ],
+ "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\"}, workload_type)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "current": {
+ "text": "",
+ "value": ""
+ },
+ "datasource": "$datasource",
+ "hide": 0,
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "workload",
+ "options": [
+
+ ],
+ "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}, workload)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ }
+ ]
+ },
+ "time": {
+ "from": "now-1h",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}",
+ "title": "Kubernetes / Compute Resources / Workload",
+ "uid": "a164a7f0339f99e89cea5cb47e9be617",
+ "version": 0
+ }
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml
new file mode 100644
index 0000000..1355965
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml
@@ -0,0 +1,2189 @@
+{{- /*
+Generated from 'k8s-resources-workloads-namespace' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }}
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-workloads-namespace" | trunc 63 | trimSuffix "-" }}
+ annotations:
+{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
+ labels:
+ {{- if $.Values.grafana.sidecar.dashboards.label }}
+ {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }}
+ {{- end }}
+ app: {{ template "kube-prometheus-stack.name" $ }}-grafana
+{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
+data:
+ k8s-resources-workloads-namespace.json: |-
+ {
+ "annotations": {
+ "list": [
+
+ ]
+ },
+ "editable": true,
+ "gnetId": null,
+ "graphTooltip": 0,
+ "hideControls": false,
+ "links": [
+
+ ],
+ "refresh": "10s",
+ "rows": [
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 1,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+ {
+ "alias": "quota - requests",
+ "color": "#F2495C",
+ "dashes": true,
+ "fill": 0,
+ "hiddenSeries": true,
+ "hideTooltip": true,
+ "legend": true,
+ "linewidth": 2,
+ "stack": false
+ },
+ {
+ "alias": "quota - limits",
+ "color": "#FF9830",
+ "dashes": true,
+ "fill": 0,
+ "hiddenSeries": true,
+ "hideTooltip": true,
+ "legend": true,
+ "linewidth": 2,
+ "stack": false
+ }
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}workload{{`}}`}} - {{`{{`}}workload_type{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ },
+ {
+ "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"requests.cpu\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "quota - requests",
+ "legendLink": null,
+ "step": 10
+ },
+ {
+ "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"limits.cpu\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "quota - limits",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "CPU Usage",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "CPU Usage",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "id": 2,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": false,
+ "steppedLine": false,
+ "styles": [
+ {
+ "alias": "Time",
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "pattern": "Time",
+ "type": "hidden"
+ },
+ {
+ "alias": "Running Pods",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 0,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #A",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "CPU Usage",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #B",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "CPU Requests",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #C",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "CPU Requests %",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #D",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "percentunit"
+ },
+ {
+ "alias": "CPU Limits",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #E",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "CPU Limits %",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #F",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "percentunit"
+ },
+ {
+ "alias": "Workload",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": true,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "/d/a164a7f0339f99e89cea5cb47e9be617/k8s-resources-workload?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-workload=$__cell&var-type=$__cell_2",
+ "pattern": "workload",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "Workload Type",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "workload_type",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "pattern": "/.*/",
+ "thresholds": [
+
+ ],
+ "type": "string",
+ "unit": "short"
+ }
+ ],
+ "targets": [
+ {
+ "expr": "count(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}) by (workload, workload_type)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 10
+ },
+ {
+ "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "B",
+ "step": 10
+ },
+ {
+ "expr": "sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "C",
+ "step": 10
+ },
+ {
+ "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "D",
+ "step": 10
+ },
+ {
+ "expr": "sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "E",
+ "step": 10
+ },
+ {
+ "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "F",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "CPU Quota",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "transform": "table",
+ "type": "table",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "CPU Quota",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 3,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+ {
+ "alias": "quota - requests",
+ "color": "#F2495C",
+ "dashes": true,
+ "fill": 0,
+ "hiddenSeries": true,
+ "hideTooltip": true,
+ "legend": true,
+ "linewidth": 2,
+ "stack": false
+ },
+ {
+ "alias": "quota - limits",
+ "color": "#FF9830",
+ "dashes": true,
+ "fill": 0,
+ "hiddenSeries": true,
+ "hideTooltip": true,
+ "legend": true,
+ "linewidth": 2,
+ "stack": false
+ }
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(\n container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}workload{{`}}`}} - {{`{{`}}workload_type{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ },
+ {
+ "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"requests.memory\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "quota - requests",
+ "legendLink": null,
+ "step": 10
+ },
+ {
+ "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"limits.memory\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "quota - limits",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Memory Usage",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "bytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Memory Usage",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "id": 4,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": false,
+ "steppedLine": false,
+ "styles": [
+ {
+ "alias": "Time",
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "pattern": "Time",
+ "type": "hidden"
+ },
+ {
+ "alias": "Running Pods",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 0,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #A",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "Memory Usage",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #B",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "bytes"
+ },
+ {
+ "alias": "Memory Requests",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #C",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "bytes"
+ },
+ {
+ "alias": "Memory Requests %",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #D",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "percentunit"
+ },
+ {
+ "alias": "Memory Limits",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #E",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "bytes"
+ },
+ {
+ "alias": "Memory Limits %",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #F",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "percentunit"
+ },
+ {
+ "alias": "Workload",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": true,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "/d/a164a7f0339f99e89cea5cb47e9be617/k8s-resources-workload?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-workload=$__cell&var-type=$__cell_2",
+ "pattern": "workload",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "Workload Type",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "workload_type",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "pattern": "/.*/",
+ "thresholds": [
+
+ ],
+ "type": "string",
+ "unit": "short"
+ }
+ ],
+ "targets": [
+ {
+ "expr": "count(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}) by (workload, workload_type)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 10
+ },
+ {
+ "expr": "sum(\n container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "B",
+ "step": 10
+ },
+ {
+ "expr": "sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "C",
+ "step": 10
+ },
+ {
+ "expr": "sum(\n container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "D",
+ "step": 10
+ },
+ {
+ "expr": "sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "E",
+ "step": 10
+ },
+ {
+ "expr": "sum(\n container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "F",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Memory Quota",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "transform": "table",
+ "type": "table",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Memory Quota",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "id": 5,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": false,
+ "steppedLine": false,
+ "styles": [
+ {
+ "alias": "Time",
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "pattern": "Time",
+ "type": "hidden"
+ },
+ {
+ "alias": "Current Receive Bandwidth",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #A",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "Bps"
+ },
+ {
+ "alias": "Current Transmit Bandwidth",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #B",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "Bps"
+ },
+ {
+ "alias": "Rate of Received Packets",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #C",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "pps"
+ },
+ {
+ "alias": "Rate of Transmitted Packets",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #D",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "pps"
+ },
+ {
+ "alias": "Rate of Received Packets Dropped",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #E",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "pps"
+ },
+ {
+ "alias": "Rate of Transmitted Packets Dropped",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #F",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "pps"
+ },
+ {
+ "alias": "Workload",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": true,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down to pods",
+ "linkUrl": "/d/a164a7f0339f99e89cea5cb47e9be617/k8s-resources-workload?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-workload=$__cell&var-type=$type",
+ "pattern": "workload",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "Workload Type",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "workload_type",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "pattern": "/.*/",
+ "thresholds": [
+
+ ],
+ "type": "string",
+ "unit": "short"
+ }
+ ],
+ "targets": [
+ {
+ "expr": "(sum(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}) by (workload))\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 10
+ },
+ {
+ "expr": "(sum(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}) by (workload))\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "B",
+ "step": 10
+ },
+ {
+ "expr": "(sum(irate(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}) by (workload))\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "C",
+ "step": 10
+ },
+ {
+ "expr": "(sum(irate(container_network_transmit_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}) by (workload))\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "D",
+ "step": 10
+ },
+ {
+ "expr": "(sum(irate(container_network_receive_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}) by (workload))\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "E",
+ "step": 10
+ },
+ {
+ "expr": "(sum(irate(container_network_transmit_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}) by (workload))\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "F",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Current Network Usage",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "transform": "table",
+ "type": "table",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Current Network Usage",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 6,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "(sum(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}workload{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Receive Bandwidth",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 7,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "(sum(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}workload{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Transmit Bandwidth",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Bandwidth",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 8,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "(avg(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}workload{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Average Container Bandwidth by Workload: Received",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 9,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "(avg(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}workload{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Average Container Bandwidth by Workload: Transmitted",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Average Container Bandwidth by Workload",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 10,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "(sum(irate(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}workload{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Received Packets",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 11,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "(sum(irate(container_network_transmit_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}workload{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Transmitted Packets",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Rate of Packets",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 12,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "(sum(irate(container_network_receive_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}workload{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Received Packets Dropped",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 13,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "(sum(irate(container_network_transmit_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}workload{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Transmitted Packets Dropped",
+ "tooltip": {
+ "shared": false,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Rate of Packets Dropped",
+ "titleSize": "h6"
+ }
+ ],
+ "schemaVersion": 14,
+ "style": "dark",
+ "tags": [
+ "kubernetes-mixin"
+ ],
+ "templating": {
+ "list": [
+ {
+ "current": {
+ "text": "default",
+ "value": "default"
+ },
+ "hide": 0,
+ "label": "Data Source",
+ "name": "datasource",
+ "options": [
+
+ ],
+ "query": "prometheus",
+ "refresh": 1,
+ "regex": "",
+ "type": "datasource"
+ },
+ {
+ "allValue": null,
+ "current": {
+ "text": "",
+ "value": ""
+ },
+ "datasource": "$datasource",
+ "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }},
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "cluster",
+ "options": [
+
+ ],
+ "query": "label_values(up{job=\"kube-state-metrics\"}, cluster)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "current": {
+ "text": "",
+ "value": ""
+ },
+ "datasource": "$datasource",
+ "hide": 0,
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "namespace",
+ "options": [
+
+ ],
+ "query": "label_values(kube_pod_info{job=\"kube-state-metrics\", cluster=\"$cluster\"}, namespace)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "auto": false,
+ "auto_count": 30,
+ "auto_min": "10s",
+ "current": {
+ "text": "deployment",
+ "value": "deployment"
+ },
+ "datasource": "$datasource",
+ "definition": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\"}, workload_type)",
+ "hide": 0,
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "type",
+ "options": [
+
+ ],
+ "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\"}, workload_type)",
+ "refresh": 2,
+ "regex": "",
+ "skipUrlSync": false,
+ "sort": 0,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ }
+ ]
+ },
+ "time": {
+ "from": "now-1h",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}",
+ "title": "Kubernetes / Compute Resources / Namespace (Workloads)",
+ "uid": "a87fb0d919ec0ea5f6543124e16c42a5",
+ "version": 0
+ }
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/kubelet.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/kubelet.yaml
new file mode 100644
index 0000000..6335d52
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/kubelet.yaml
@@ -0,0 +1,2254 @@
+{{- /*
+Generated from 'kubelet' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.kubelet.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }}
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "kubelet" | trunc 63 | trimSuffix "-" }}
+ annotations:
+{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
+ labels:
+ {{- if $.Values.grafana.sidecar.dashboards.label }}
+ {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }}
+ {{- end }}
+ app: {{ template "kube-prometheus-stack.name" $ }}-grafana
+{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
+data:
+ kubelet.json: |-
+ {
+ "__inputs": [
+
+ ],
+ "__requires": [
+
+ ],
+ "annotations": {
+ "list": [
+
+ ]
+ },
+ "editable": false,
+ "gnetId": null,
+ "graphTooltip": 0,
+ "hideControls": false,
+ "id": null,
+ "links": [
+
+ ],
+ "panels": [
+ {
+ "datasource": "$datasource",
+ "fieldConfig": {
+ "defaults": {
+ "links": [
+
+ ],
+ "mappings": [
+
+ ],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+
+ ]
+ },
+ "unit": "none"
+ }
+ },
+ "gridPos": {
+ "h": 7,
+ "w": 4,
+ "x": 0,
+ "y": 0
+ },
+ "id": 2,
+ "links": [
+
+ ],
+ "options": {
+ "colorMode": "value",
+ "graphMode": "area",
+ "justifyMode": "auto",
+ "orientation": "auto",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "textMode": "auto"
+ },
+ "pluginVersion": "7",
+ "targets": [
+ {
+ "expr": "sum(kubelet_node_name{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A"
+ }
+ ],
+ "title": "Running Kubelets",
+ "transparent": false,
+ "type": "stat"
+ },
+ {
+ "datasource": "$datasource",
+ "fieldConfig": {
+ "defaults": {
+ "links": [
+
+ ],
+ "mappings": [
+
+ ],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+
+ ]
+ },
+ "unit": "none"
+ }
+ },
+ "gridPos": {
+ "h": 7,
+ "w": 4,
+ "x": 4,
+ "y": 0
+ },
+ "id": 3,
+ "links": [
+
+ ],
+ "options": {
+ "colorMode": "value",
+ "graphMode": "area",
+ "justifyMode": "auto",
+ "orientation": "auto",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "textMode": "auto"
+ },
+ "pluginVersion": "7",
+ "targets": [
+ {
+ "expr": "sum(kubelet_running_pods{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}) OR sum(kubelet_running_pod_count{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "title": "Running Pods",
+ "transparent": false,
+ "type": "stat"
+ },
+ {
+ "datasource": "$datasource",
+ "fieldConfig": {
+ "defaults": {
+ "links": [
+
+ ],
+ "mappings": [
+
+ ],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+
+ ]
+ },
+ "unit": "none"
+ }
+ },
+ "gridPos": {
+ "h": 7,
+ "w": 4,
+ "x": 8,
+ "y": 0
+ },
+ "id": 4,
+ "links": [
+
+ ],
+ "options": {
+ "colorMode": "value",
+ "graphMode": "area",
+ "justifyMode": "auto",
+ "orientation": "auto",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "textMode": "auto"
+ },
+ "pluginVersion": "7",
+ "targets": [
+ {
+ "expr": "sum(kubelet_running_containers{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}) OR sum(kubelet_running_container_count{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "title": "Running Containers",
+ "transparent": false,
+ "type": "stat"
+ },
+ {
+ "datasource": "$datasource",
+ "fieldConfig": {
+ "defaults": {
+ "links": [
+
+ ],
+ "mappings": [
+
+ ],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+
+ ]
+ },
+ "unit": "none"
+ }
+ },
+ "gridPos": {
+ "h": 7,
+ "w": 4,
+ "x": 12,
+ "y": 0
+ },
+ "id": 5,
+ "links": [
+
+ ],
+ "options": {
+ "colorMode": "value",
+ "graphMode": "area",
+ "justifyMode": "auto",
+ "orientation": "auto",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "textMode": "auto"
+ },
+ "pluginVersion": "7",
+ "targets": [
+ {
+ "expr": "sum(volume_manager_total_volumes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\", state=\"actual_state_of_world\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "title": "Actual Volume Count",
+ "transparent": false,
+ "type": "stat"
+ },
+ {
+ "datasource": "$datasource",
+ "fieldConfig": {
+ "defaults": {
+ "links": [
+
+ ],
+ "mappings": [
+
+ ],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+
+ ]
+ },
+ "unit": "none"
+ }
+ },
+ "gridPos": {
+ "h": 7,
+ "w": 4,
+ "x": 16,
+ "y": 0
+ },
+ "id": 6,
+ "links": [
+
+ ],
+ "options": {
+ "colorMode": "value",
+ "graphMode": "area",
+ "justifyMode": "auto",
+ "orientation": "auto",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "textMode": "auto"
+ },
+ "pluginVersion": "7",
+ "targets": [
+ {
+ "expr": "sum(volume_manager_total_volumes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",state=\"desired_state_of_world\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "title": "Desired Volume Count",
+ "transparent": false,
+ "type": "stat"
+ },
+ {
+ "datasource": "$datasource",
+ "fieldConfig": {
+ "defaults": {
+ "links": [
+
+ ],
+ "mappings": [
+
+ ],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+
+ ]
+ },
+ "unit": "none"
+ }
+ },
+ "gridPos": {
+ "h": 7,
+ "w": 4,
+ "x": 20,
+ "y": 0
+ },
+ "id": 7,
+ "links": [
+
+ ],
+ "options": {
+ "colorMode": "value",
+ "graphMode": "area",
+ "justifyMode": "auto",
+ "orientation": "auto",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "textMode": "auto"
+ },
+ "pluginVersion": "7",
+ "targets": [
+ {
+ "expr": "sum(rate(kubelet_node_config_error{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[$__rate_interval]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "title": "Config Error Count",
+ "transparent": false,
+ "type": "stat"
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 7,
+ "w": 12,
+ "x": 0,
+ "y": 7
+ },
+ "id": 8,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(kubelet_runtime_operations_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (operation_type, instance)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_type{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Operation Rate",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 7,
+ "w": 12,
+ "x": 12,
+ "y": 7
+ },
+ "id": 9,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(kubelet_runtime_operations_errors_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_type)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_type{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Operation Error Rate",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 7,
+ "w": 24,
+ "x": 0,
+ "y": 14
+ },
+ "id": 10,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "histogram_quantile(0.99, sum(rate(kubelet_runtime_operations_duration_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_type, le))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_type{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Operation duration 99th quantile",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 7,
+ "w": 12,
+ "x": 0,
+ "y": 21
+ },
+ "id": 11,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(kubelet_pod_start_duration_seconds_count{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} pod",
+ "refId": "A"
+ },
+ {
+ "expr": "sum(rate(kubelet_pod_worker_duration_seconds_count{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} worker",
+ "refId": "B"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Pod Start Rate",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 7,
+ "w": 12,
+ "x": 12,
+ "y": 21
+ },
+ "id": 12,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "histogram_quantile(0.99, sum(rate(kubelet_pod_start_duration_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, le))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} pod",
+ "refId": "A"
+ },
+ {
+ "expr": "histogram_quantile(0.99, sum(rate(kubelet_pod_worker_duration_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, le))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} worker",
+ "refId": "B"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Pod Start Duration",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 7,
+ "w": 12,
+ "x": 0,
+ "y": 28
+ },
+ "id": 13,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(storage_operation_duration_seconds_count{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_name, volume_plugin)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_name{{`}}`}} {{`{{`}}volume_plugin{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Storage Operation Rate",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 7,
+ "w": 12,
+ "x": 12,
+ "y": 28
+ },
+ "id": 14,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(storage_operation_errors_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_name, volume_plugin)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_name{{`}}`}} {{`{{`}}volume_plugin{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Storage Operation Error Rate",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 7,
+ "w": 24,
+ "x": 0,
+ "y": 35
+ },
+ "id": 15,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "histogram_quantile(0.99, sum(rate(storage_operation_duration_seconds_bucket{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_name, volume_plugin, le))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_name{{`}}`}} {{`{{`}}volume_plugin{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Storage Operation Duration 99th quantile",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 7,
+ "w": 12,
+ "x": 0,
+ "y": 42
+ },
+ "id": 16,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(kubelet_cgroup_manager_duration_seconds_count{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_type)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}operation_type{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Cgroup manager operation rate",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 7,
+ "w": 12,
+ "x": 12,
+ "y": 42
+ },
+ "id": 17,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "histogram_quantile(0.99, sum(rate(kubelet_cgroup_manager_duration_seconds_bucket{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_type, le))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_type{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Cgroup manager 99th quantile",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "description": "Pod lifecycle event generator",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 7,
+ "w": 12,
+ "x": 0,
+ "y": 49
+ },
+ "id": 18,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(kubelet_pleg_relist_duration_seconds_count{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[$__rate_interval])) by (instance)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "PLEG relist rate",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 7,
+ "w": 12,
+ "x": 12,
+ "y": 49
+ },
+ "id": 19,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "histogram_quantile(0.99, sum(rate(kubelet_pleg_relist_interval_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, le))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "PLEG relist interval",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 7,
+ "w": 24,
+ "x": 0,
+ "y": 56
+ },
+ "id": 20,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "histogram_quantile(0.99, sum(rate(kubelet_pleg_relist_duration_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, le))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "PLEG relist duration",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 7,
+ "w": 24,
+ "x": 0,
+ "y": 63
+ },
+ "id": 21,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"2..\"}[$__rate_interval]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "2xx",
+ "refId": "A"
+ },
+ {
+ "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"3..\"}[$__rate_interval]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "3xx",
+ "refId": "B"
+ },
+ {
+ "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"4..\"}[$__rate_interval]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "4xx",
+ "refId": "C"
+ },
+ {
+ "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"5..\"}[$__rate_interval]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "5xx",
+ "refId": "D"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "RPC Rate",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 7,
+ "w": 24,
+ "x": 0,
+ "y": 70
+ },
+ "id": 22,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[$__rate_interval])) by (instance, verb, url, le))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Request duration 99th quantile",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 7,
+ "w": 8,
+ "x": 0,
+ "y": 77
+ },
+ "id": 23,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "process_resident_memory_bytes{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Memory",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "bytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "bytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 7,
+ "w": 8,
+ "x": 8,
+ "y": 77
+ },
+ "id": 24,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "rate(process_cpu_seconds_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "CPU usage",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 7,
+ "w": 8,
+ "x": 16,
+ "y": 77
+ },
+ "id": 25,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "go_goroutines{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Goroutines",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "refresh": "10s",
+ "rows": [
+
+ ],
+ "schemaVersion": 14,
+ "style": "dark",
+ "tags": [
+ "kubernetes-mixin"
+ ],
+ "templating": {
+ "list": [
+ {
+ "current": {
+ "text": "default",
+ "value": "default"
+ },
+ "hide": 0,
+ "label": "Data Source",
+ "name": "datasource",
+ "options": [
+
+ ],
+ "query": "prometheus",
+ "refresh": 1,
+ "regex": "",
+ "type": "datasource"
+ },
+ {
+ "allValue": null,
+ "current": {
+
+ },
+ "datasource": "$datasource",
+ "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }},
+ "includeAll": false,
+ "label": "cluster",
+ "multi": false,
+ "name": "cluster",
+ "options": [
+
+ ],
+ "query": "label_values(up{job=\"kubelet\", metrics_path=\"/metrics\"}, cluster)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "current": {
+
+ },
+ "datasource": "$datasource",
+ "hide": 0,
+ "includeAll": true,
+ "label": "instance",
+ "multi": false,
+ "name": "instance",
+ "options": [
+
+ ],
+ "query": "label_values(up{job=\"kubelet\", metrics_path=\"/metrics\",cluster=\"$cluster\"}, instance)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ }
+ ]
+ },
+ "time": {
+ "from": "now-1h",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}",
+ "title": "Kubernetes / Kubelet",
+ "uid": "3138fa155d5915769fbded898ac09fd9",
+ "version": 0
+ }
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/namespace-by-pod.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/namespace-by-pod.yaml
new file mode 100644
index 0000000..1e8e61b
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/namespace-by-pod.yaml
@@ -0,0 +1,1464 @@
+{{- /*
+Generated from 'namespace-by-pod' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }}
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "namespace-by-pod" | trunc 63 | trimSuffix "-" }}
+ annotations:
+{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
+ labels:
+ {{- if $.Values.grafana.sidecar.dashboards.label }}
+ {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }}
+ {{- end }}
+ app: {{ template "kube-prometheus-stack.name" $ }}-grafana
+{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
+data:
+ namespace-by-pod.json: |-
+ {
+ "__inputs": [
+
+ ],
+ "__requires": [
+
+ ],
+ "annotations": {
+ "list": [
+ {
+ "builtIn": 1,
+ "datasource": "-- Grafana --",
+ "enable": true,
+ "hide": true,
+ "iconColor": "rgba(0, 211, 255, 1)",
+ "name": "Annotations & Alerts",
+ "type": "dashboard"
+ }
+ ]
+ },
+ "editable": true,
+ "gnetId": null,
+ "graphTooltip": 0,
+ "hideControls": false,
+ "id": null,
+ "links": [
+
+ ],
+ "panels": [
+ {
+ "collapse": false,
+ "collapsed": false,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 0
+ },
+ "id": 2,
+ "panels": [
+
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Current Bandwidth",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": "$datasource",
+ "decimals": 0,
+ "format": "time_series",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 0,
+ "y": 1
+ },
+ "height": 9,
+ "id": 3,
+ "interval": null,
+ "links": [
+
+ ],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "minSpan": 12,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "options": {
+ "fieldOptions": {
+ "calcs": [
+ "last"
+ ],
+ "defaults": {
+ "max": 10000000000,
+ "min": 0,
+ "title": "$namespace",
+ "unit": "Bps"
+ },
+ "mappings": [
+
+ ],
+ "override": {
+
+ },
+ "thresholds": [
+ {
+ "color": "dark-green",
+ "index": 0,
+ "value": null
+ },
+ {
+ "color": "dark-yellow",
+ "index": 1,
+ "value": 5000000000
+ },
+ {
+ "color": "dark-red",
+ "index": 2,
+ "value": 7000000000
+ }
+ ],
+ "values": false
+ }
+ },
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 12,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution]))",
+ "format": "time_series",
+ "instant": null,
+ "intervalFactor": 1,
+ "legendFormat": "",
+ "refId": "A"
+ }
+ ],
+ "thresholds": "",
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Current Rate of Bytes Received",
+ "type": "gauge",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": "$datasource",
+ "decimals": 0,
+ "format": "time_series",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 12,
+ "y": 1
+ },
+ "height": 9,
+ "id": 4,
+ "interval": null,
+ "links": [
+
+ ],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "minSpan": 12,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "options": {
+ "fieldOptions": {
+ "calcs": [
+ "last"
+ ],
+ "defaults": {
+ "max": 10000000000,
+ "min": 0,
+ "title": "$namespace",
+ "unit": "Bps"
+ },
+ "mappings": [
+
+ ],
+ "override": {
+
+ },
+ "thresholds": [
+ {
+ "color": "dark-green",
+ "index": 0,
+ "value": null
+ },
+ {
+ "color": "dark-yellow",
+ "index": 1,
+ "value": 5000000000
+ },
+ {
+ "color": "dark-red",
+ "index": 2,
+ "value": 7000000000
+ }
+ ],
+ "values": false
+ }
+ },
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 12,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution]))",
+ "format": "time_series",
+ "instant": null,
+ "intervalFactor": 1,
+ "legendFormat": "",
+ "refId": "A"
+ }
+ ],
+ "thresholds": "",
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Current Rate of Bytes Transmitted",
+ "type": "gauge",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "columns": [
+ {
+ "text": "Time",
+ "value": "Time"
+ },
+ {
+ "text": "Value #A",
+ "value": "Value #A"
+ },
+ {
+ "text": "Value #B",
+ "value": "Value #B"
+ },
+ {
+ "text": "Value #C",
+ "value": "Value #C"
+ },
+ {
+ "text": "Value #D",
+ "value": "Value #D"
+ },
+ {
+ "text": "Value #E",
+ "value": "Value #E"
+ },
+ {
+ "text": "Value #F",
+ "value": "Value #F"
+ },
+ {
+ "text": "pod",
+ "value": "pod"
+ }
+ ],
+ "datasource": "$datasource",
+ "fill": 1,
+ "fontSize": "100%",
+ "gridPos": {
+ "h": 9,
+ "w": 24,
+ "x": 0,
+ "y": 10
+ },
+ "id": 5,
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "minSpan": 24,
+ "nullPointMode": "null as zero",
+ "renderer": "flot",
+ "scroll": true,
+ "showHeader": true,
+ "sort": {
+ "col": 0,
+ "desc": false
+ },
+ "spaceLength": 10,
+ "span": 24,
+ "styles": [
+ {
+ "alias": "Time",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Time",
+ "thresholds": [
+
+ ],
+ "type": "hidden",
+ "unit": "short"
+ },
+ {
+ "alias": "Bandwidth Received",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #A",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "Bps"
+ },
+ {
+ "alias": "Bandwidth Transmitted",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #B",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "Bps"
+ },
+ {
+ "alias": "Rate of Received Packets",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #C",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "pps"
+ },
+ {
+ "alias": "Rate of Transmitted Packets",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #D",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "pps"
+ },
+ {
+ "alias": "Rate of Received Packets Dropped",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #E",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "pps"
+ },
+ {
+ "alias": "Rate of Transmitted Packets Dropped",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #F",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "pps"
+ },
+ {
+ "alias": "Pod",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": true,
+ "linkTooltip": "Drill down",
+ "linkUrl": "d/7a18067ce943a40ae25454675c19ff5c/kubernetes-networking-pod?orgId=1&refresh=30s&var-namespace=$namespace&var-pod=$__cell",
+ "pattern": "pod",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ }
+ ],
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 10
+ },
+ {
+ "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "B",
+ "step": 10
+ },
+ {
+ "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "C",
+ "step": 10
+ },
+ {
+ "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "D",
+ "step": 10
+ },
+ {
+ "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "E",
+ "step": 10
+ },
+ {
+ "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "F",
+ "step": 10
+ }
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Current Status",
+ "type": "table"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 19
+ },
+ "id": 6,
+ "panels": [
+
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Bandwidth",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 0,
+ "y": 20
+ },
+ "id": 7,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [
+
+ ],
+ "minSpan": 12,
+ "nullPointMode": "connected",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Receive Bandwidth",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 12,
+ "y": 20
+ },
+ "id": 8,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [
+
+ ],
+ "minSpan": 12,
+ "nullPointMode": "connected",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Transmit Bandwidth",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "collapse": true,
+ "collapsed": true,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 29
+ },
+ "id": 9,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 10,
+ "w": 12,
+ "x": 0,
+ "y": 30
+ },
+ "id": 10,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [
+
+ ],
+ "minSpan": 12,
+ "nullPointMode": "connected",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Received Packets",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 10,
+ "w": 12,
+ "x": 12,
+ "y": 30
+ },
+ "id": 11,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [
+
+ ],
+ "minSpan": 12,
+ "nullPointMode": "connected",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Transmitted Packets",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Packets",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": true,
+ "collapsed": true,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 30
+ },
+ "id": 12,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 10,
+ "w": 12,
+ "x": 0,
+ "y": 40
+ },
+ "id": 13,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [
+
+ ],
+ "minSpan": 12,
+ "nullPointMode": "connected",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Received Packets Dropped",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 10,
+ "w": 12,
+ "x": 12,
+ "y": 40
+ },
+ "id": 14,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [
+
+ ],
+ "minSpan": 12,
+ "nullPointMode": "connected",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Transmitted Packets Dropped",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Errors",
+ "titleSize": "h6",
+ "type": "row"
+ }
+ ],
+ "refresh": "10s",
+ "rows": [
+
+ ],
+ "schemaVersion": 18,
+ "style": "dark",
+ "tags": [
+ "kubernetes-mixin"
+ ],
+ "templating": {
+ "list": [
+ {
+ "current": {
+ "text": "default",
+ "value": "default"
+ },
+ "hide": 0,
+ "label": "Data Source",
+ "name": "datasource",
+ "options": [
+
+ ],
+ "query": "prometheus",
+ "refresh": 1,
+ "regex": "",
+ "type": "datasource"
+ },
+ {
+ "allValue": null,
+ "current": {
+
+ },
+ "datasource": "$datasource",
+ "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }},
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "cluster",
+ "options": [
+
+ ],
+ "query": "label_values(up{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\"}, cluster)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 0,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": ".+",
+ "auto": false,
+ "auto_count": 30,
+ "auto_min": "10s",
+ "current": {
+ "text": "kube-system",
+ "value": "kube-system"
+ },
+ "datasource": "$datasource",
+ "definition": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)",
+ "hide": 0,
+ "includeAll": true,
+ "label": null,
+ "multi": false,
+ "name": "namespace",
+ "options": [
+
+ ],
+ "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)",
+ "refresh": 2,
+ "regex": "",
+ "skipUrlSync": false,
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "auto": false,
+ "auto_count": 30,
+ "auto_min": "10s",
+ "current": {
+ "text": "5m",
+ "value": "5m"
+ },
+ "datasource": "$datasource",
+ "hide": 0,
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "resolution",
+ "options": [
+ {
+ "selected": false,
+ "text": "30s",
+ "value": "30s"
+ },
+ {
+ "selected": true,
+ "text": "5m",
+ "value": "5m"
+ },
+ {
+ "selected": false,
+ "text": "1h",
+ "value": "1h"
+ }
+ ],
+ "query": "30s,5m,1h",
+ "refresh": 2,
+ "regex": "",
+ "skipUrlSync": false,
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "interval",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "auto": false,
+ "auto_count": 30,
+ "auto_min": "10s",
+ "current": {
+ "text": "5m",
+ "value": "5m"
+ },
+ "datasource": "$datasource",
+ "hide": 2,
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "interval",
+ "options": [
+ {
+ "selected": true,
+ "text": "4h",
+ "value": "4h"
+ }
+ ],
+ "query": "4h",
+ "refresh": 2,
+ "regex": "",
+ "skipUrlSync": false,
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "interval",
+ "useTags": false
+ }
+ ]
+ },
+ "time": {
+ "from": "now-1h",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}",
+ "title": "Kubernetes / Networking / Namespace (Pods)",
+ "uid": "8b7a8b326d7a6f1f04244066368c67af",
+ "version": 0
+ }
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/namespace-by-workload.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/namespace-by-workload.yaml
new file mode 100644
index 0000000..c4fc4bb
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/namespace-by-workload.yaml
@@ -0,0 +1,1736 @@
+{{- /*
+Generated from 'namespace-by-workload' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }}
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "namespace-by-workload" | trunc 63 | trimSuffix "-" }}
+ annotations:
+{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
+ labels:
+ {{- if $.Values.grafana.sidecar.dashboards.label }}
+ {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }}
+ {{- end }}
+ app: {{ template "kube-prometheus-stack.name" $ }}-grafana
+{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
+data:
+ namespace-by-workload.json: |-
+ {
+ "__inputs": [
+
+ ],
+ "__requires": [
+
+ ],
+ "annotations": {
+ "list": [
+ {
+ "builtIn": 1,
+ "datasource": "-- Grafana --",
+ "enable": true,
+ "hide": true,
+ "iconColor": "rgba(0, 211, 255, 1)",
+ "name": "Annotations & Alerts",
+ "type": "dashboard"
+ }
+ ]
+ },
+ "editable": true,
+ "gnetId": null,
+ "graphTooltip": 0,
+ "hideControls": false,
+ "id": null,
+ "links": [
+
+ ],
+ "panels": [
+ {
+ "collapse": false,
+ "collapsed": false,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 0
+ },
+ "id": 2,
+ "panels": [
+
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Current Bandwidth",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": true,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 0,
+ "y": 1
+ },
+ "id": 3,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "sort": "current",
+ "sortDesc": true,
+ "total": false,
+ "values": true
+ },
+ "lines": false,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "minSpan": 24,
+ "nullPointMode": "null",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 24,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}} workload {{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Current Rate of Bytes Received",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "series",
+ "name": null,
+ "show": false,
+ "values": [
+ "current"
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": true,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 12,
+ "y": 1
+ },
+ "id": 4,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "sort": "current",
+ "sortDesc": true,
+ "total": false,
+ "values": true
+ },
+ "lines": false,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "minSpan": 24,
+ "nullPointMode": "null",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 24,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}} workload {{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Current Rate of Bytes Transmitted",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "series",
+ "name": null,
+ "show": false,
+ "values": [
+ "current"
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "columns": [
+ {
+ "text": "Time",
+ "value": "Time"
+ },
+ {
+ "text": "Value #A",
+ "value": "Value #A"
+ },
+ {
+ "text": "Value #B",
+ "value": "Value #B"
+ },
+ {
+ "text": "Value #C",
+ "value": "Value #C"
+ },
+ {
+ "text": "Value #D",
+ "value": "Value #D"
+ },
+ {
+ "text": "Value #E",
+ "value": "Value #E"
+ },
+ {
+ "text": "Value #F",
+ "value": "Value #F"
+ },
+ {
+ "text": "Value #G",
+ "value": "Value #G"
+ },
+ {
+ "text": "Value #H",
+ "value": "Value #H"
+ },
+ {
+ "text": "workload",
+ "value": "workload"
+ }
+ ],
+ "datasource": "$datasource",
+ "fill": 1,
+ "fontSize": "90%",
+ "gridPos": {
+ "h": 9,
+ "w": 24,
+ "x": 0,
+ "y": 10
+ },
+ "id": 5,
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "minSpan": 24,
+ "nullPointMode": "null as zero",
+ "renderer": "flot",
+ "scroll": true,
+ "showHeader": true,
+ "sort": {
+ "col": 0,
+ "desc": false
+ },
+ "spaceLength": 10,
+ "span": 24,
+ "styles": [
+ {
+ "alias": "Time",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Time",
+ "thresholds": [
+
+ ],
+ "type": "hidden",
+ "unit": "short"
+ },
+ {
+ "alias": "Current Bandwidth Received",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #A",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "Bps"
+ },
+ {
+ "alias": "Current Bandwidth Transmitted",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #B",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "Bps"
+ },
+ {
+ "alias": "Average Bandwidth Received",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #C",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "Bps"
+ },
+ {
+ "alias": "Average Bandwidth Transmitted",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #D",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "Bps"
+ },
+ {
+ "alias": "Rate of Received Packets",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #E",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "pps"
+ },
+ {
+ "alias": "Rate of Transmitted Packets",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #F",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "pps"
+ },
+ {
+ "alias": "Rate of Received Packets Dropped",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #G",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "pps"
+ },
+ {
+ "alias": "Rate of Transmitted Packets Dropped",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #H",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "pps"
+ },
+ {
+ "alias": "Workload",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": true,
+ "linkTooltip": "Drill down",
+ "linkUrl": "d/728bf77cc1166d2f3133bf25846876cc/kubernetes-networking-workload?orgId=1&refresh=30s&var-namespace=$namespace&var-type=$type&var-workload=$__cell",
+ "pattern": "workload",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ }
+ ],
+ "targets": [
+ {
+ "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 10
+ },
+ {
+ "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "B",
+ "step": 10
+ },
+ {
+ "expr": "sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "C",
+ "step": 10
+ },
+ {
+ "expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "D",
+ "step": 10
+ },
+ {
+ "expr": "sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "E",
+ "step": 10
+ },
+ {
+ "expr": "sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "F",
+ "step": 10
+ },
+ {
+ "expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "G",
+ "step": 10
+ },
+ {
+ "expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "H",
+ "step": 10
+ }
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Current Status",
+ "type": "table"
+ },
+ {
+ "collapse": true,
+ "collapsed": true,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 19
+ },
+ "id": 6,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": true,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 0,
+ "y": 20
+ },
+ "id": 7,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "sort": "current",
+ "sortDesc": true,
+ "total": false,
+ "values": true
+ },
+ "lines": false,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "minSpan": 24,
+ "nullPointMode": "null",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 24,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}} workload {{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Average Rate of Bytes Received",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "series",
+ "name": null,
+ "show": false,
+ "values": [
+ "current"
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": true,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 12,
+ "y": 20
+ },
+ "id": 8,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "sort": "current",
+ "sortDesc": true,
+ "total": false,
+ "values": true
+ },
+ "lines": false,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "minSpan": 24,
+ "nullPointMode": "null",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 24,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}} workload {{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Average Rate of Bytes Transmitted",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "series",
+ "name": null,
+ "show": false,
+ "values": [
+ "current"
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Average Bandwidth",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 29
+ },
+ "id": 9,
+ "panels": [
+
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Bandwidth HIstory",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 0,
+ "y": 38
+ },
+ "id": 10,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [
+
+ ],
+ "minSpan": 12,
+ "nullPointMode": "connected",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}workload{{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Receive Bandwidth",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 12,
+ "y": 38
+ },
+ "id": 11,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [
+
+ ],
+ "minSpan": 12,
+ "nullPointMode": "connected",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}workload{{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Transmit Bandwidth",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "collapse": true,
+ "collapsed": true,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 39
+ },
+ "id": 12,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 0,
+ "y": 40
+ },
+ "id": 13,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [
+
+ ],
+ "minSpan": 12,
+ "nullPointMode": "connected",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}workload{{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Received Packets",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 12,
+ "y": 40
+ },
+ "id": 14,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [
+
+ ],
+ "minSpan": 12,
+ "nullPointMode": "connected",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}workload{{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Transmitted Packets",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Packets",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": true,
+ "collapsed": true,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 40
+ },
+ "id": 15,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 0,
+ "y": 41
+ },
+ "id": 16,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [
+
+ ],
+ "minSpan": 12,
+ "nullPointMode": "connected",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}workload{{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Received Packets Dropped",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 12,
+ "y": 41
+ },
+ "id": 17,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [
+
+ ],
+ "minSpan": 12,
+ "nullPointMode": "connected",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}workload{{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Transmitted Packets Dropped",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Errors",
+ "titleSize": "h6",
+ "type": "row"
+ }
+ ],
+ "refresh": "10s",
+ "rows": [
+
+ ],
+ "schemaVersion": 18,
+ "style": "dark",
+ "tags": [
+ "kubernetes-mixin"
+ ],
+ "templating": {
+ "list": [
+ {
+ "current": {
+ "text": "default",
+ "value": "default"
+ },
+ "hide": 0,
+ "label": "Data Source",
+ "name": "datasource",
+ "options": [
+
+ ],
+ "query": "prometheus",
+ "refresh": 1,
+ "regex": "",
+ "type": "datasource"
+ },
+ {
+ "allValue": null,
+ "current": {
+
+ },
+ "datasource": "$datasource",
+ "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }},
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "cluster",
+ "options": [
+
+ ],
+ "query": "label_values(up{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\"}, cluster)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 0,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "auto": false,
+ "auto_count": 30,
+ "auto_min": "10s",
+ "current": {
+ "text": "kube-system",
+ "value": "kube-system"
+ },
+ "datasource": "$datasource",
+ "definition": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)",
+ "hide": 0,
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "namespace",
+ "options": [
+
+ ],
+ "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)",
+ "refresh": 2,
+ "regex": "",
+ "skipUrlSync": false,
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "auto": false,
+ "auto_count": 30,
+ "auto_min": "10s",
+ "current": {
+ "text": "deployment",
+ "value": "deployment"
+ },
+ "datasource": "$datasource",
+ "definition": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\"}, workload_type)",
+ "hide": 0,
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "type",
+ "options": [
+
+ ],
+ "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\"}, workload_type)",
+ "refresh": 2,
+ "regex": "",
+ "skipUrlSync": false,
+ "sort": 0,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "auto": false,
+ "auto_count": 30,
+ "auto_min": "10s",
+ "current": {
+ "text": "5m",
+ "value": "5m"
+ },
+ "datasource": "$datasource",
+ "hide": 0,
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "resolution",
+ "options": [
+ {
+ "selected": false,
+ "text": "30s",
+ "value": "30s"
+ },
+ {
+ "selected": true,
+ "text": "5m",
+ "value": "5m"
+ },
+ {
+ "selected": false,
+ "text": "1h",
+ "value": "1h"
+ }
+ ],
+ "query": "30s,5m,1h",
+ "refresh": 2,
+ "regex": "",
+ "skipUrlSync": false,
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "interval",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "auto": false,
+ "auto_count": 30,
+ "auto_min": "10s",
+ "current": {
+ "text": "5m",
+ "value": "5m"
+ },
+ "datasource": "$datasource",
+ "hide": 2,
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "interval",
+ "options": [
+ {
+ "selected": true,
+ "text": "4h",
+ "value": "4h"
+ }
+ ],
+ "query": "4h",
+ "refresh": 2,
+ "regex": "",
+ "skipUrlSync": false,
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "interval",
+ "useTags": false
+ }
+ ]
+ },
+ "time": {
+ "from": "now-1h",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}",
+ "title": "Kubernetes / Networking / Namespace (Workload)",
+ "uid": "bbb2a765a623ae38130206c7d94a160f",
+ "version": 0
+ }
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml
new file mode 100644
index 0000000..a0bdbb7
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml
@@ -0,0 +1,1063 @@
+{{- /*
+Generated from 'node-cluster-rsrc-use' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.nodeExporter.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }}
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "node-cluster-rsrc-use" | trunc 63 | trimSuffix "-" }}
+ annotations:
+{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
+ labels:
+ {{- if $.Values.grafana.sidecar.dashboards.label }}
+ {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }}
+ {{- end }}
+ app: {{ template "kube-prometheus-stack.name" $ }}-grafana
+{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
+data:
+ node-cluster-rsrc-use.json: |-
+ {
+ "__inputs": [
+
+ ],
+ "__requires": [
+
+ ],
+ "annotations": {
+ "list": [
+
+ ]
+ },
+ "editable": false,
+ "gnetId": null,
+ "graphTooltip": 1,
+ "hideControls": false,
+ "id": null,
+ "links": [
+
+ ],
+ "refresh": "30s",
+ "rows": [
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 2,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": false,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "((\n instance:node_cpu_utilisation:rate5m{job=\"node-exporter\", cluster=\"$cluster\"}\n *\n instance:node_num_cpu:sum{job=\"node-exporter\", cluster=\"$cluster\"}\n) != 0 )\n/ scalar(sum(instance:node_num_cpu:sum{job=\"node-exporter\", cluster=\"$cluster\"}))\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}} instance {{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "CPU Utilisation",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 3,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": false,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "(\n instance:node_load1_per_cpu:ratio{job=\"node-exporter\", cluster=\"$cluster\"}\n / scalar(count(instance:node_load1_per_cpu:ratio{job=\"node-exporter\", cluster=\"$cluster\"}))\n) != 0\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "CPU Saturation (Load1 per CPU)",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "CPU",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 4,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": false,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "(\n instance:node_memory_utilisation:ratio{job=\"node-exporter\", cluster=\"$cluster\"}\n / scalar(count(instance:node_memory_utilisation:ratio{job=\"node-exporter\", cluster=\"$cluster\"}))\n) != 0\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Memory Utilisation",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 5,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": false,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "instance:node_vmstat_pgmajfault:rate5m{job=\"node-exporter\", cluster=\"$cluster\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Memory Saturation (Major Page Faults)",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "rds",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "rds",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Memory",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 6,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": false,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+ {
+ "alias": "/Receive/",
+ "stack": "A"
+ },
+ {
+ "alias": "/Transmit/",
+ "stack": "B",
+ "transform": "negative-Y"
+ }
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "instance:node_network_receive_bytes_excluding_lo:rate5m{job=\"node-exporter\", cluster=\"$cluster\"} != 0",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} Receive",
+ "refId": "A"
+ },
+ {
+ "expr": "instance:node_network_transmit_bytes_excluding_lo:rate5m{job=\"node-exporter\", cluster=\"$cluster\"} != 0",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} Transmit",
+ "refId": "B"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Network Utilisation (Bytes Receive/Transmit)",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 7,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": false,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+ {
+ "alias": "/ Receive/",
+ "stack": "A"
+ },
+ {
+ "alias": "/ Transmit/",
+ "stack": "B",
+ "transform": "negative-Y"
+ }
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "instance:node_network_receive_drop_excluding_lo:rate5m{job=\"node-exporter\", cluster=\"$cluster\"} != 0",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} Receive",
+ "refId": "A"
+ },
+ {
+ "expr": "instance:node_network_transmit_drop_excluding_lo:rate5m{job=\"node-exporter\", cluster=\"$cluster\"} != 0",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} Transmit",
+ "refId": "B"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Network Saturation (Drops Receive/Transmit)",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Network",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 8,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": false,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "(\n instance_device:node_disk_io_time_seconds:rate5m{job=\"node-exporter\", cluster=\"$cluster\"}\n / scalar(count(instance_device:node_disk_io_time_seconds:rate5m{job=\"node-exporter\", cluster=\"$cluster\"}))\n) != 0\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}device{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Disk IO Utilisation",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 9,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": false,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "(\n instance_device:node_disk_io_time_weighted_seconds:rate5m{job=\"node-exporter\", cluster=\"$cluster\"}\n / scalar(count(instance_device:node_disk_io_time_weighted_seconds:rate5m{job=\"node-exporter\", cluster=\"$cluster\"}))\n) != 0\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}device{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Disk IO Saturation",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Disk IO",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 10,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": false,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum without (device) (\n max without (fstype, mountpoint) ((\n node_filesystem_size_bytes{job=\"node-exporter\", fstype!=\"\", cluster=\"$cluster\"}\n -\n node_filesystem_avail_bytes{job=\"node-exporter\", fstype!=\"\", cluster=\"$cluster\"}\n ) != 0)\n)\n/ scalar(sum(max without (fstype, mountpoint) (node_filesystem_size_bytes{job=\"node-exporter\", fstype!=\"\", cluster=\"$cluster\"})))\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Disk Space Utilisation",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Disk Space",
+ "titleSize": "h6",
+ "type": "row"
+ }
+ ],
+ "schemaVersion": 14,
+ "style": "dark",
+ "tags": [
+ "node-exporter-mixin"
+ ],
+ "templating": {
+ "list": [
+ {
+ "current": {
+ "text": "default",
+ "value": "default"
+ },
+ "hide": 0,
+ "label": "Data Source",
+ "name": "datasource",
+ "options": [
+
+ ],
+ "query": "prometheus",
+ "refresh": 1,
+ "regex": "",
+ "type": "datasource"
+ },
+ {
+ "allValue": null,
+ "current": {
+ "text": "",
+ "value": ""
+ },
+ "datasource": "$datasource",
+ "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }},
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "cluster",
+ "options": [
+
+ ],
+ "query": "label_values(node_time_seconds, cluster)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ }
+ ]
+ },
+ "time": {
+ "from": "now-1h",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}",
+ "title": "Node Exporter / USE Method / Cluster",
+ "version": 0
+ }
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/node-rsrc-use.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/node-rsrc-use.yaml
new file mode 100644
index 0000000..6ed320d
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/node-rsrc-use.yaml
@@ -0,0 +1,1089 @@
+{{- /*
+Generated from 'node-rsrc-use' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.nodeExporter.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }}
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "node-rsrc-use" | trunc 63 | trimSuffix "-" }}
+ annotations:
+{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
+ labels:
+ {{- if $.Values.grafana.sidecar.dashboards.label }}
+ {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }}
+ {{- end }}
+ app: {{ template "kube-prometheus-stack.name" $ }}-grafana
+{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
+data:
+ node-rsrc-use.json: |-
+ {
+ "__inputs": [
+
+ ],
+ "__requires": [
+
+ ],
+ "annotations": {
+ "list": [
+
+ ]
+ },
+ "editable": false,
+ "gnetId": null,
+ "graphTooltip": 1,
+ "hideControls": false,
+ "id": null,
+ "links": [
+
+ ],
+ "refresh": "30s",
+ "rows": [
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 2,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": false,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "instance:node_cpu_utilisation:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "Utilisation",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "CPU Utilisation",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 3,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": false,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "instance:node_load1_per_cpu:ratio{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "Saturation",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "CPU Saturation (Load1 per CPU)",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "CPU",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 4,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": false,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "instance:node_memory_utilisation:ratio{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "Utilisation",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Memory Utilisation",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 5,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": false,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "instance:node_vmstat_pgmajfault:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "Major page Faults",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Memory Saturation (Major Page Faults)",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "rds",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "rds",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Memory",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 6,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": false,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+ {
+ "alias": "/Receive/",
+ "stack": "A"
+ },
+ {
+ "alias": "/Transmit/",
+ "stack": "B",
+ "transform": "negative-Y"
+ }
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "instance:node_network_receive_bytes_excluding_lo:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "Receive",
+ "refId": "A"
+ },
+ {
+ "expr": "instance:node_network_transmit_bytes_excluding_lo:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "Transmit",
+ "refId": "B"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Network Utilisation (Bytes Receive/Transmit)",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 7,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": false,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+ {
+ "alias": "/ Receive/",
+ "stack": "A"
+ },
+ {
+ "alias": "/ Transmit/",
+ "stack": "B",
+ "transform": "negative-Y"
+ }
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "instance:node_network_receive_drop_excluding_lo:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "Receive",
+ "refId": "A"
+ },
+ {
+ "expr": "instance:node_network_transmit_drop_excluding_lo:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "Transmit",
+ "refId": "B"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Network Saturation (Drops Receive/Transmit)",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Network",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 8,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": false,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "instance_device:node_disk_io_time_seconds:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}device{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Disk IO Utilisation",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 9,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": false,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "instance_device:node_disk_io_time_weighted_seconds:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}device{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Disk IO Saturation",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Disk IO",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 10,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": false,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sort_desc(1 -\n (\n max without (mountpoint, fstype) (node_filesystem_avail_bytes{job=\"node-exporter\", fstype!=\"\", instance=\"$instance\", cluster=\"$cluster\"})\n /\n max without (mountpoint, fstype) (node_filesystem_size_bytes{job=\"node-exporter\", fstype!=\"\", instance=\"$instance\", cluster=\"$cluster\"})\n ) != 0\n)\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}device{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Disk Space Utilisation",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Disk Space",
+ "titleSize": "h6",
+ "type": "row"
+ }
+ ],
+ "schemaVersion": 14,
+ "style": "dark",
+ "tags": [
+ "node-exporter-mixin"
+ ],
+ "templating": {
+ "list": [
+ {
+ "current": {
+ "text": "default",
+ "value": "default"
+ },
+ "hide": 0,
+ "label": "Data Source",
+ "name": "datasource",
+ "options": [
+
+ ],
+ "query": "prometheus",
+ "refresh": 1,
+ "regex": "",
+ "type": "datasource"
+ },
+ {
+ "allValue": null,
+ "current": {
+ "text": "",
+ "value": ""
+ },
+ "datasource": "$datasource",
+ "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }},
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "cluster",
+ "options": [
+
+ ],
+ "query": "label_values(node_time_seconds, cluster)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "current": {
+
+ },
+ "datasource": "$datasource",
+ "hide": 0,
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "instance",
+ "options": [
+
+ ],
+ "query": "label_values(node_exporter_build_info{job=\"node-exporter\", cluster=\"$cluster\"}, instance)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ }
+ ]
+ },
+ "time": {
+ "from": "now-1h",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}",
+ "title": "Node Exporter / USE Method / Node",
+ "version": 0
+ }
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes-darwin.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes-darwin.yaml
new file mode 100644
index 0000000..3a706b8
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes-darwin.yaml
@@ -0,0 +1,1073 @@
+{{- /*
+Generated from 'nodes-darwin' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }}
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "nodes-darwin" | trunc 63 | trimSuffix "-" }}
+ annotations:
+{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
+ labels:
+ {{- if $.Values.grafana.sidecar.dashboards.label }}
+ {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }}
+ {{- end }}
+ app: {{ template "kube-prometheus-stack.name" $ }}-grafana
+{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
+data:
+ nodes-darwin.json: |-
+ {
+ "__inputs": [
+
+ ],
+ "__requires": [
+
+ ],
+ "annotations": {
+ "list": [
+
+ ]
+ },
+ "editable": false,
+ "gnetId": null,
+ "graphTooltip": 1,
+ "hideControls": false,
+ "id": null,
+ "links": [
+
+ ],
+ "refresh": "30s",
+ "rows": [
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 2,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "(\n (1 - sum without (mode) (rate(node_cpu_seconds_total{job=\"node-exporter\", mode=~\"idle|iowait|steal\", instance=\"$instance\"}[$__rate_interval])))\n/ ignoring(cpu) group_left\n count without (cpu, mode) (node_cpu_seconds_total{job=\"node-exporter\", mode=\"idle\", instance=\"$instance\"})\n)\n",
+ "format": "time_series",
+ "intervalFactor": 5,
+ "legendFormat": "{{`{{`}}cpu{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "CPU Usage",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": 1,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": 1,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 0,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 3,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "node_load1{job=\"node-exporter\", instance=\"$instance\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "1m load average",
+ "refId": "A"
+ },
+ {
+ "expr": "node_load5{job=\"node-exporter\", instance=\"$instance\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "5m load average",
+ "refId": "B"
+ },
+ {
+ "expr": "node_load15{job=\"node-exporter\", instance=\"$instance\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "15m load average",
+ "refId": "C"
+ },
+ {
+ "expr": "count(node_cpu_seconds_total{job=\"node-exporter\", instance=\"$instance\", mode=\"idle\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "logical cores",
+ "refId": "D"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Load Average",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "CPU",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 4,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 9,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "node_memory_total_bytes{job=\"node-exporter\", instance=\"$instance\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "Physical Memory",
+ "refId": "A"
+ },
+ {
+ "expr": "(\n node_memory_internal_bytes{job=\"node-exporter\", instance=\"$instance\"} -\n node_memory_purgeable_bytes{job=\"node-exporter\", instance=\"$instance\"} +\n node_memory_wired_bytes{job=\"node-exporter\", instance=\"$instance\"} +\n node_memory_compressed_bytes{job=\"node-exporter\", instance=\"$instance\"}\n)\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "Memory Used",
+ "refId": "B"
+ },
+ {
+ "expr": "(\n node_memory_internal_bytes{job=\"node-exporter\", instance=\"$instance\"} -\n node_memory_purgeable_bytes{job=\"node-exporter\", instance=\"$instance\"}\n)\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "App Memory",
+ "refId": "C"
+ },
+ {
+ "expr": "node_memory_wired_bytes{job=\"node-exporter\", instance=\"$instance\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "Wired Memory",
+ "refId": "D"
+ },
+ {
+ "expr": "node_memory_compressed_bytes{job=\"node-exporter\", instance=\"$instance\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "Compressed",
+ "refId": "E"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Memory Usage",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "bytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "bytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "datasource": "$datasource",
+ "fieldConfig": {
+ "defaults": {
+ "max": 100,
+ "min": 0,
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "rgba(50, 172, 45, 0.97)"
+ },
+ {
+ "color": "rgba(237, 129, 40, 0.89)",
+ "value": 80
+ },
+ {
+ "color": "rgba(245, 54, 54, 0.9)",
+ "value": 90
+ }
+ ]
+ },
+ "unit": "percent"
+ }
+ },
+ "gridPos": {
+
+ },
+ "id": 5,
+ "span": 3,
+ "targets": [
+ {
+ "expr": "(\n (\n avg(node_memory_internal_bytes{job=\"node-exporter\", instance=\"$instance\"}) -\n avg(node_memory_purgeable_bytes{job=\"node-exporter\", instance=\"$instance\"}) +\n avg(node_memory_wired_bytes{job=\"node-exporter\", instance=\"$instance\"}) +\n avg(node_memory_compressed_bytes{job=\"node-exporter\", instance=\"$instance\"})\n ) /\n avg(node_memory_total_bytes{job=\"node-exporter\", instance=\"$instance\"})\n)\n*\n100\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": ""
+ }
+ ],
+ "title": "Memory Usage",
+ "transparent": false,
+ "type": "gauge"
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Memory",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 0,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 6,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+ {
+ "alias": "/ read| written/",
+ "yaxis": 1
+ },
+ {
+ "alias": "/ io time/",
+ "yaxis": 2
+ }
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "rate(node_disk_read_bytes_total{job=\"node-exporter\", instance=\"$instance\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\"}[$__rate_interval])",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}device{{`}}`}} read",
+ "refId": "A"
+ },
+ {
+ "expr": "rate(node_disk_written_bytes_total{job=\"node-exporter\", instance=\"$instance\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\"}[$__rate_interval])",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}device{{`}}`}} written",
+ "refId": "B"
+ },
+ {
+ "expr": "rate(node_disk_io_time_seconds_total{job=\"node-exporter\", instance=\"$instance\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\"}[$__rate_interval])",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}device{{`}}`}} io time",
+ "refId": "C"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Disk I/O",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "datasource": "$datasource",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {
+
+ },
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green"
+ },
+ {
+ "color": "yellow",
+ "value": 0.8
+ },
+ {
+ "color": "red",
+ "value": 0.9
+ }
+ ]
+ },
+ "unit": "decbytes"
+ },
+ "overrides": [
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "Mounted on"
+ },
+ "properties": [
+ {
+ "id": "custom.width",
+ "value": 260
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "Size"
+ },
+ "properties": [
+ {
+ "id": "custom.width",
+ "value": 93
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "Used"
+ },
+ "properties": [
+ {
+ "id": "custom.width",
+ "value": 72
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "Available"
+ },
+ "properties": [
+ {
+ "id": "custom.width",
+ "value": 88
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "Used, %"
+ },
+ "properties": [
+ {
+ "id": "unit",
+ "value": "percentunit"
+ },
+ {
+ "id": "custom.displayMode",
+ "value": "gradient-gauge"
+ },
+ {
+ "id": "max",
+ "value": 1
+ },
+ {
+ "id": "min",
+ "value": 0
+ }
+ ]
+ }
+ ]
+ },
+ "gridPos": {
+
+ },
+ "id": 7,
+ "span": 6,
+ "targets": [
+ {
+ "expr": "max by (mountpoint) (node_filesystem_size_bytes{job=\"node-exporter\", instance=\"$instance\", fstype!=\"\"})\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": ""
+ },
+ {
+ "expr": "max by (mountpoint) (node_filesystem_avail_bytes{job=\"node-exporter\", instance=\"$instance\", fstype!=\"\"})\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": ""
+ }
+ ],
+ "title": "Disk Space Usage",
+ "transformations": [
+ {
+ "id": "groupBy",
+ "options": {
+ "fields": {
+ "Value #A": {
+ "aggregations": [
+ "lastNotNull"
+ ],
+ "operation": "aggregate"
+ },
+ "Value #B": {
+ "aggregations": [
+ "lastNotNull"
+ ],
+ "operation": "aggregate"
+ },
+ "mountpoint": {
+ "aggregations": [
+
+ ],
+ "operation": "groupby"
+ }
+ }
+ }
+ },
+ {
+ "id": "merge",
+ "options": {
+
+ }
+ },
+ {
+ "id": "calculateField",
+ "options": {
+ "alias": "Used",
+ "binary": {
+ "left": "Value #A (lastNotNull)",
+ "operator": "-",
+ "reducer": "sum",
+ "right": "Value #B (lastNotNull)"
+ },
+ "mode": "binary",
+ "reduce": {
+ "reducer": "sum"
+ }
+ }
+ },
+ {
+ "id": "calculateField",
+ "options": {
+ "alias": "Used, %",
+ "binary": {
+ "left": "Used",
+ "operator": "/",
+ "reducer": "sum",
+ "right": "Value #A (lastNotNull)"
+ },
+ "mode": "binary",
+ "reduce": {
+ "reducer": "sum"
+ }
+ }
+ },
+ {
+ "id": "organize",
+ "options": {
+ "excludeByName": {
+
+ },
+ "indexByName": {
+
+ },
+ "renameByName": {
+ "Value #A (lastNotNull)": "Size",
+ "Value #B (lastNotNull)": "Available",
+ "mountpoint": "Mounted on"
+ }
+ }
+ },
+ {
+ "id": "sortBy",
+ "options": {
+ "fields": {
+
+ },
+ "sort": [
+ {
+ "field": "Mounted on"
+ }
+ ]
+ }
+ }
+ ],
+ "transparent": false,
+ "type": "table"
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Disk",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "description": "Network received (bits/s)",
+ "fill": 0,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 8,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "rate(node_network_receive_bytes_total{job=\"node-exporter\", instance=\"$instance\", device!=\"lo\"}[$__rate_interval]) * 8",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}device{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Network Received",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "description": "Network transmitted (bits/s)",
+ "fill": 0,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 9,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "rate(node_network_transmit_bytes_total{job=\"node-exporter\", instance=\"$instance\", device!=\"lo\"}[$__rate_interval]) * 8",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}device{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Network Transmitted",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Network",
+ "titleSize": "h6",
+ "type": "row"
+ }
+ ],
+ "schemaVersion": 14,
+ "style": "dark",
+ "tags": [
+ "node-exporter-mixin"
+ ],
+ "templating": {
+ "list": [
+ {
+ "current": {
+ "text": "default",
+ "value": "default"
+ },
+ "hide": 0,
+ "label": "Data Source",
+ "name": "datasource",
+ "options": [
+
+ ],
+ "query": "prometheus",
+ "refresh": 1,
+ "regex": "",
+ "type": "datasource"
+ },
+ {
+ "allValue": null,
+ "current": {
+
+ },
+ "datasource": "$datasource",
+ "hide": 0,
+ "includeAll": false,
+ "label": "Instance",
+ "multi": false,
+ "name": "instance",
+ "options": [
+
+ ],
+ "query": "label_values(node_uname_info{job=\"node-exporter\", sysname=\"Darwin\"}, instance)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 0,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ }
+ ]
+ },
+ "time": {
+ "from": "now-1h",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}",
+ "title": "Node Exporter / MacOS",
+ "version": 0
+ }
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes.yaml
new file mode 100644
index 0000000..d575e04
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes.yaml
@@ -0,0 +1,1066 @@
+{{- /*
+Generated from 'nodes' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.nodeExporter.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }}
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "nodes" | trunc 63 | trimSuffix "-" }}
+ annotations:
+{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
+ labels:
+ {{- if $.Values.grafana.sidecar.dashboards.label }}
+ {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }}
+ {{- end }}
+ app: {{ template "kube-prometheus-stack.name" $ }}-grafana
+{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
+data:
+ nodes.json: |-
+ {
+ "__inputs": [
+
+ ],
+ "__requires": [
+
+ ],
+ "annotations": {
+ "list": [
+
+ ]
+ },
+ "editable": false,
+ "gnetId": null,
+ "graphTooltip": 1,
+ "hideControls": false,
+ "id": null,
+ "links": [
+
+ ],
+ "refresh": "30s",
+ "rows": [
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 2,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "(\n (1 - sum without (mode) (rate(node_cpu_seconds_total{job=\"node-exporter\", mode=~\"idle|iowait|steal\", instance=\"$instance\"}[$__rate_interval])))\n/ ignoring(cpu) group_left\n count without (cpu, mode) (node_cpu_seconds_total{job=\"node-exporter\", mode=\"idle\", instance=\"$instance\"})\n)\n",
+ "format": "time_series",
+ "intervalFactor": 5,
+ "legendFormat": "{{`{{`}}cpu{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "CPU Usage",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": 1,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": 1,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 0,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 3,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "node_load1{job=\"node-exporter\", instance=\"$instance\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "1m load average",
+ "refId": "A"
+ },
+ {
+ "expr": "node_load5{job=\"node-exporter\", instance=\"$instance\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "5m load average",
+ "refId": "B"
+ },
+ {
+ "expr": "node_load15{job=\"node-exporter\", instance=\"$instance\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "15m load average",
+ "refId": "C"
+ },
+ {
+ "expr": "count(node_cpu_seconds_total{job=\"node-exporter\", instance=\"$instance\", mode=\"idle\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "logical cores",
+ "refId": "D"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Load Average",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "CPU",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 4,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 9,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "(\n node_memory_MemTotal_bytes{job=\"node-exporter\", instance=\"$instance\"}\n-\n node_memory_MemFree_bytes{job=\"node-exporter\", instance=\"$instance\"}\n-\n node_memory_Buffers_bytes{job=\"node-exporter\", instance=\"$instance\"}\n-\n node_memory_Cached_bytes{job=\"node-exporter\", instance=\"$instance\"}\n)\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "memory used",
+ "refId": "A"
+ },
+ {
+ "expr": "node_memory_Buffers_bytes{job=\"node-exporter\", instance=\"$instance\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "memory buffers",
+ "refId": "B"
+ },
+ {
+ "expr": "node_memory_Cached_bytes{job=\"node-exporter\", instance=\"$instance\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "memory cached",
+ "refId": "C"
+ },
+ {
+ "expr": "node_memory_MemFree_bytes{job=\"node-exporter\", instance=\"$instance\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "memory free",
+ "refId": "D"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Memory Usage",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "bytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "bytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "datasource": "$datasource",
+ "fieldConfig": {
+ "defaults": {
+ "max": 100,
+ "min": 0,
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "rgba(50, 172, 45, 0.97)"
+ },
+ {
+ "color": "rgba(237, 129, 40, 0.89)",
+ "value": 80
+ },
+ {
+ "color": "rgba(245, 54, 54, 0.9)",
+ "value": 90
+ }
+ ]
+ },
+ "unit": "percent"
+ }
+ },
+ "gridPos": {
+
+ },
+ "id": 5,
+ "span": 3,
+ "targets": [
+ {
+ "expr": "100 -\n(\n avg(node_memory_MemAvailable_bytes{job=\"node-exporter\", instance=\"$instance\"}) /\n avg(node_memory_MemTotal_bytes{job=\"node-exporter\", instance=\"$instance\"})\n* 100\n)\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": ""
+ }
+ ],
+ "title": "Memory Usage",
+ "transparent": false,
+ "type": "gauge"
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Memory",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 0,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 6,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+ {
+ "alias": "/ read| written/",
+ "yaxis": 1
+ },
+ {
+ "alias": "/ io time/",
+ "yaxis": 2
+ }
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "rate(node_disk_read_bytes_total{job=\"node-exporter\", instance=\"$instance\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\"}[$__rate_interval])",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}device{{`}}`}} read",
+ "refId": "A"
+ },
+ {
+ "expr": "rate(node_disk_written_bytes_total{job=\"node-exporter\", instance=\"$instance\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\"}[$__rate_interval])",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}device{{`}}`}} written",
+ "refId": "B"
+ },
+ {
+ "expr": "rate(node_disk_io_time_seconds_total{job=\"node-exporter\", instance=\"$instance\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\"}[$__rate_interval])",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}device{{`}}`}} io time",
+ "refId": "C"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Disk I/O",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "percentunit",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "datasource": "$datasource",
+ "fieldConfig": {
+ "defaults": {
+ "custom": {
+
+ },
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green"
+ },
+ {
+ "color": "yellow",
+ "value": 0.8
+ },
+ {
+ "color": "red",
+ "value": 0.9
+ }
+ ]
+ },
+ "unit": "decbytes"
+ },
+ "overrides": [
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "Mounted on"
+ },
+ "properties": [
+ {
+ "id": "custom.width",
+ "value": 260
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "Size"
+ },
+ "properties": [
+ {
+ "id": "custom.width",
+ "value": 93
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "Used"
+ },
+ "properties": [
+ {
+ "id": "custom.width",
+ "value": 72
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "Available"
+ },
+ "properties": [
+ {
+ "id": "custom.width",
+ "value": 88
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "Used, %"
+ },
+ "properties": [
+ {
+ "id": "unit",
+ "value": "percentunit"
+ },
+ {
+ "id": "custom.displayMode",
+ "value": "gradient-gauge"
+ },
+ {
+ "id": "max",
+ "value": 1
+ },
+ {
+ "id": "min",
+ "value": 0
+ }
+ ]
+ }
+ ]
+ },
+ "gridPos": {
+
+ },
+ "id": 7,
+ "span": 6,
+ "targets": [
+ {
+ "expr": "max by (mountpoint) (node_filesystem_size_bytes{job=\"node-exporter\", instance=\"$instance\", fstype!=\"\"})\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": ""
+ },
+ {
+ "expr": "max by (mountpoint) (node_filesystem_avail_bytes{job=\"node-exporter\", instance=\"$instance\", fstype!=\"\"})\n",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": ""
+ }
+ ],
+ "title": "Disk Space Usage",
+ "transformations": [
+ {
+ "id": "groupBy",
+ "options": {
+ "fields": {
+ "Value #A": {
+ "aggregations": [
+ "lastNotNull"
+ ],
+ "operation": "aggregate"
+ },
+ "Value #B": {
+ "aggregations": [
+ "lastNotNull"
+ ],
+ "operation": "aggregate"
+ },
+ "mountpoint": {
+ "aggregations": [
+
+ ],
+ "operation": "groupby"
+ }
+ }
+ }
+ },
+ {
+ "id": "merge",
+ "options": {
+
+ }
+ },
+ {
+ "id": "calculateField",
+ "options": {
+ "alias": "Used",
+ "binary": {
+ "left": "Value #A (lastNotNull)",
+ "operator": "-",
+ "reducer": "sum",
+ "right": "Value #B (lastNotNull)"
+ },
+ "mode": "binary",
+ "reduce": {
+ "reducer": "sum"
+ }
+ }
+ },
+ {
+ "id": "calculateField",
+ "options": {
+ "alias": "Used, %",
+ "binary": {
+ "left": "Used",
+ "operator": "/",
+ "reducer": "sum",
+ "right": "Value #A (lastNotNull)"
+ },
+ "mode": "binary",
+ "reduce": {
+ "reducer": "sum"
+ }
+ }
+ },
+ {
+ "id": "organize",
+ "options": {
+ "excludeByName": {
+
+ },
+ "indexByName": {
+
+ },
+ "renameByName": {
+ "Value #A (lastNotNull)": "Size",
+ "Value #B (lastNotNull)": "Available",
+ "mountpoint": "Mounted on"
+ }
+ }
+ },
+ {
+ "id": "sortBy",
+ "options": {
+ "fields": {
+
+ },
+ "sort": [
+ {
+ "field": "Mounted on"
+ }
+ ]
+ }
+ }
+ ],
+ "transparent": false,
+ "type": "table"
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Disk",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "description": "Network received (bits/s)",
+ "fill": 0,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 8,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "rate(node_network_receive_bytes_total{job=\"node-exporter\", instance=\"$instance\", device!=\"lo\"}[$__rate_interval]) * 8",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}device{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Network Received",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "description": "Network transmitted (bits/s)",
+ "fill": 0,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 9,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "rate(node_network_transmit_bytes_total{job=\"node-exporter\", instance=\"$instance\", device!=\"lo\"}[$__rate_interval]) * 8",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}device{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Network Transmitted",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Network",
+ "titleSize": "h6",
+ "type": "row"
+ }
+ ],
+ "schemaVersion": 14,
+ "style": "dark",
+ "tags": [
+ "node-exporter-mixin"
+ ],
+ "templating": {
+ "list": [
+ {
+ "current": {
+ "text": "default",
+ "value": "default"
+ },
+ "hide": 0,
+ "label": "Data Source",
+ "name": "datasource",
+ "options": [
+
+ ],
+ "query": "prometheus",
+ "refresh": 1,
+ "regex": "",
+ "type": "datasource"
+ },
+ {
+ "allValue": null,
+ "current": {
+
+ },
+ "datasource": "$datasource",
+ "hide": 0,
+ "includeAll": false,
+ "label": "Instance",
+ "multi": false,
+ "name": "instance",
+ "options": [
+
+ ],
+ "query": "label_values(node_uname_info{job=\"node-exporter\", sysname!=\"Darwin\"}, instance)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 0,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ }
+ ]
+ },
+ "time": {
+ "from": "now-1h",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}",
+ "title": "Node Exporter / Nodes",
+ "version": 0
+ }
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml
new file mode 100644
index 0000000..3fc290d
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml
@@ -0,0 +1,587 @@
+{{- /*
+Generated from 'persistentvolumesusage' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }}
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "persistentvolumesusage" | trunc 63 | trimSuffix "-" }}
+ annotations:
+{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
+ labels:
+ {{- if $.Values.grafana.sidecar.dashboards.label }}
+ {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }}
+ {{- end }}
+ app: {{ template "kube-prometheus-stack.name" $ }}-grafana
+{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
+data:
+ persistentvolumesusage.json: |-
+ {
+ "__inputs": [
+
+ ],
+ "__requires": [
+
+ ],
+ "annotations": {
+ "list": [
+
+ ]
+ },
+ "editable": false,
+ "gnetId": null,
+ "graphTooltip": 0,
+ "hideControls": false,
+ "id": null,
+ "links": [
+
+ ],
+ "refresh": "10s",
+ "rows": [
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 2,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": true,
+ "current": true,
+ "max": true,
+ "min": true,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 9,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "(\n sum without(instance, node) (topk(1, (kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n -\n sum without(instance, node) (topk(1, (kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n)\n",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "Used Space",
+ "refId": "A"
+ },
+ {
+ "expr": "sum without(instance, node) (topk(1, (kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "Free Space",
+ "refId": "B"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Volume Space Usage",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "bytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "bytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(50, 172, 45, 0.97)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(245, 54, 54, 0.9)"
+ ],
+ "datasource": "$datasource",
+ "format": "percent",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": true,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+
+ },
+ "id": 3,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "rightSide": true
+ },
+ "links": [
+
+ ],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 3,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "max without(instance,node) (\n(\n topk(1, kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n -\n topk(1, kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n)\n/\ntopk(1, kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n* 100)\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A"
+ }
+ ],
+ "thresholds": "80, 90",
+ "title": "Volume Space Usage",
+ "tooltip": {
+ "shared": false
+ },
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": false,
+ "title": "Dashboard Row",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 4,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": true,
+ "current": true,
+ "max": true,
+ "min": true,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 9,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum without(instance, node) (topk(1, (kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "Used inodes",
+ "refId": "A"
+ },
+ {
+ "expr": "(\n sum without(instance, node) (topk(1, (kubelet_volume_stats_inodes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n -\n sum without(instance, node) (topk(1, (kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n)\n",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": " Free inodes",
+ "refId": "B"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Volume inodes Usage",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "none",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "none",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "rgba(50, 172, 45, 0.97)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(245, 54, 54, 0.9)"
+ ],
+ "datasource": "$datasource",
+ "format": "percent",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": true,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+
+ },
+ "id": 5,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "rightSide": true
+ },
+ "links": [
+
+ ],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 3,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "max without(instance,node) (\ntopk(1, kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n/\ntopk(1, kubelet_volume_stats_inodes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n* 100)\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A"
+ }
+ ],
+ "thresholds": "80, 90",
+ "title": "Volume inodes Usage",
+ "tooltip": {
+ "shared": false
+ },
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": false,
+ "title": "Dashboard Row",
+ "titleSize": "h6",
+ "type": "row"
+ }
+ ],
+ "schemaVersion": 14,
+ "style": "dark",
+ "tags": [
+ "kubernetes-mixin"
+ ],
+ "templating": {
+ "list": [
+ {
+ "current": {
+ "text": "default",
+ "value": "default"
+ },
+ "hide": 0,
+ "label": "Data Source",
+ "name": "datasource",
+ "options": [
+
+ ],
+ "query": "prometheus",
+ "refresh": 1,
+ "regex": "",
+ "type": "datasource"
+ },
+ {
+ "allValue": null,
+ "current": {
+
+ },
+ "datasource": "$datasource",
+ "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }},
+ "includeAll": false,
+ "label": "cluster",
+ "multi": false,
+ "name": "cluster",
+ "options": [
+
+ ],
+ "query": "label_values(kubelet_volume_stats_capacity_bytes{job=\"kubelet\", metrics_path=\"/metrics\"}, cluster)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "current": {
+
+ },
+ "datasource": "$datasource",
+ "hide": 0,
+ "includeAll": false,
+ "label": "Namespace",
+ "multi": false,
+ "name": "namespace",
+ "options": [
+
+ ],
+ "query": "label_values(kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\"}, namespace)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "current": {
+
+ },
+ "datasource": "$datasource",
+ "hide": 0,
+ "includeAll": false,
+ "label": "PersistentVolumeClaim",
+ "multi": false,
+ "name": "volume",
+ "options": [
+
+ ],
+ "query": "label_values(kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\"}, persistentvolumeclaim)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ }
+ ]
+ },
+ "time": {
+ "from": "now-7d",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}",
+ "title": "Kubernetes / Persistent Volumes",
+ "uid": "919b92a8e8041bd567af9edab12c840c",
+ "version": 0
+ }
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/pod-total.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/pod-total.yaml
new file mode 100644
index 0000000..ff50c49
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/pod-total.yaml
@@ -0,0 +1,1228 @@
+{{- /*
+Generated from 'pod-total' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }}
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "pod-total" | trunc 63 | trimSuffix "-" }}
+ annotations:
+{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
+ labels:
+ {{- if $.Values.grafana.sidecar.dashboards.label }}
+ {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }}
+ {{- end }}
+ app: {{ template "kube-prometheus-stack.name" $ }}-grafana
+{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
+data:
+ pod-total.json: |-
+ {
+ "__inputs": [
+
+ ],
+ "__requires": [
+
+ ],
+ "annotations": {
+ "list": [
+ {
+ "builtIn": 1,
+ "datasource": "-- Grafana --",
+ "enable": true,
+ "hide": true,
+ "iconColor": "rgba(0, 211, 255, 1)",
+ "name": "Annotations & Alerts",
+ "type": "dashboard"
+ }
+ ]
+ },
+ "editable": true,
+ "gnetId": null,
+ "graphTooltip": 0,
+ "hideControls": false,
+ "id": null,
+ "links": [
+
+ ],
+ "panels": [
+ {
+ "collapse": false,
+ "collapsed": false,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 0
+ },
+ "id": 2,
+ "panels": [
+
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Current Bandwidth",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": "$datasource",
+ "decimals": 0,
+ "format": "time_series",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 0,
+ "y": 1
+ },
+ "height": 9,
+ "id": 3,
+ "interval": null,
+ "links": [
+
+ ],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "minSpan": 12,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "options": {
+ "fieldOptions": {
+ "calcs": [
+ "last"
+ ],
+ "defaults": {
+ "max": 10000000000,
+ "min": 0,
+ "title": "$namespace: $pod",
+ "unit": "Bps"
+ },
+ "mappings": [
+
+ ],
+ "override": {
+
+ },
+ "thresholds": [
+ {
+ "color": "dark-green",
+ "index": 0,
+ "value": null
+ },
+ {
+ "color": "dark-yellow",
+ "index": 1,
+ "value": 5000000000
+ },
+ {
+ "color": "dark-red",
+ "index": 2,
+ "value": 7000000000
+ }
+ ],
+ "values": false
+ }
+ },
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 12,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution]))",
+ "format": "time_series",
+ "instant": null,
+ "intervalFactor": 1,
+ "legendFormat": "",
+ "refId": "A"
+ }
+ ],
+ "thresholds": "",
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Current Rate of Bytes Received",
+ "type": "gauge",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": "$datasource",
+ "decimals": 0,
+ "format": "time_series",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 12,
+ "y": 1
+ },
+ "height": 9,
+ "id": 4,
+ "interval": null,
+ "links": [
+
+ ],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "minSpan": 12,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "options": {
+ "fieldOptions": {
+ "calcs": [
+ "last"
+ ],
+ "defaults": {
+ "max": 10000000000,
+ "min": 0,
+ "title": "$namespace: $pod",
+ "unit": "Bps"
+ },
+ "mappings": [
+
+ ],
+ "override": {
+
+ },
+ "thresholds": [
+ {
+ "color": "dark-green",
+ "index": 0,
+ "value": null
+ },
+ {
+ "color": "dark-yellow",
+ "index": 1,
+ "value": 5000000000
+ },
+ {
+ "color": "dark-red",
+ "index": 2,
+ "value": 7000000000
+ }
+ ],
+ "values": false
+ }
+ },
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 12,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution]))",
+ "format": "time_series",
+ "instant": null,
+ "intervalFactor": 1,
+ "legendFormat": "",
+ "refId": "A"
+ }
+ ],
+ "thresholds": "",
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Current Rate of Bytes Transmitted",
+ "type": "gauge",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 10
+ },
+ "id": 5,
+ "panels": [
+
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Bandwidth",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 0,
+ "y": 11
+ },
+ "id": 6,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [
+
+ ],
+ "minSpan": 12,
+ "nullPointMode": "connected",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Receive Bandwidth",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 12,
+ "y": 11
+ },
+ "id": 7,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [
+
+ ],
+ "minSpan": 12,
+ "nullPointMode": "connected",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Transmit Bandwidth",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "collapse": true,
+ "collapsed": true,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 20
+ },
+ "id": 8,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 10,
+ "w": 12,
+ "x": 0,
+ "y": 21
+ },
+ "id": 9,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [
+
+ ],
+ "minSpan": 12,
+ "nullPointMode": "connected",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Received Packets",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 10,
+ "w": 12,
+ "x": 12,
+ "y": 21
+ },
+ "id": 10,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [
+
+ ],
+ "minSpan": 12,
+ "nullPointMode": "connected",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Transmitted Packets",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Packets",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": true,
+ "collapsed": true,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 21
+ },
+ "id": 11,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 10,
+ "w": 12,
+ "x": 0,
+ "y": 32
+ },
+ "id": 12,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [
+
+ ],
+ "minSpan": 12,
+ "nullPointMode": "connected",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Received Packets Dropped",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 10,
+ "w": 12,
+ "x": 12,
+ "y": 32
+ },
+ "id": 13,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [
+
+ ],
+ "minSpan": 12,
+ "nullPointMode": "connected",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Transmitted Packets Dropped",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Errors",
+ "titleSize": "h6",
+ "type": "row"
+ }
+ ],
+ "refresh": "10s",
+ "rows": [
+
+ ],
+ "schemaVersion": 18,
+ "style": "dark",
+ "tags": [
+ "kubernetes-mixin"
+ ],
+ "templating": {
+ "list": [
+ {
+ "current": {
+ "text": "default",
+ "value": "default"
+ },
+ "hide": 0,
+ "label": "Data Source",
+ "name": "datasource",
+ "options": [
+
+ ],
+ "query": "prometheus",
+ "refresh": 1,
+ "regex": "",
+ "type": "datasource"
+ },
+ {
+ "allValue": null,
+ "current": {
+
+ },
+ "datasource": "$datasource",
+ "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }},
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "cluster",
+ "options": [
+
+ ],
+ "query": "label_values(up{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\"}, cluster)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 0,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": ".+",
+ "auto": false,
+ "auto_count": 30,
+ "auto_min": "10s",
+ "current": {
+ "text": "kube-system",
+ "value": "kube-system"
+ },
+ "datasource": "$datasource",
+ "definition": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)",
+ "hide": 0,
+ "includeAll": true,
+ "label": null,
+ "multi": false,
+ "name": "namespace",
+ "options": [
+
+ ],
+ "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)",
+ "refresh": 2,
+ "regex": "",
+ "skipUrlSync": false,
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": ".+",
+ "auto": false,
+ "auto_count": 30,
+ "auto_min": "10s",
+ "current": {
+ "text": "",
+ "value": ""
+ },
+ "datasource": "$datasource",
+ "definition": "label_values(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}, pod)",
+ "hide": 0,
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "pod",
+ "options": [
+
+ ],
+ "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}, pod)",
+ "refresh": 2,
+ "regex": "",
+ "skipUrlSync": false,
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "auto": false,
+ "auto_count": 30,
+ "auto_min": "10s",
+ "current": {
+ "text": "5m",
+ "value": "5m"
+ },
+ "datasource": "$datasource",
+ "hide": 0,
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "resolution",
+ "options": [
+ {
+ "selected": false,
+ "text": "30s",
+ "value": "30s"
+ },
+ {
+ "selected": true,
+ "text": "5m",
+ "value": "5m"
+ },
+ {
+ "selected": false,
+ "text": "1h",
+ "value": "1h"
+ }
+ ],
+ "query": "30s,5m,1h",
+ "refresh": 2,
+ "regex": "",
+ "skipUrlSync": false,
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "interval",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "auto": false,
+ "auto_count": 30,
+ "auto_min": "10s",
+ "current": {
+ "text": "5m",
+ "value": "5m"
+ },
+ "datasource": "$datasource",
+ "hide": 2,
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "interval",
+ "options": [
+ {
+ "selected": true,
+ "text": "4h",
+ "value": "4h"
+ }
+ ],
+ "query": "4h",
+ "refresh": 2,
+ "regex": "",
+ "skipUrlSync": false,
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "interval",
+ "useTags": false
+ }
+ ]
+ },
+ "time": {
+ "from": "now-1h",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}",
+ "title": "Kubernetes / Networking / Pod",
+ "uid": "7a18067ce943a40ae25454675c19ff5c",
+ "version": 0
+ }
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml
new file mode 100644
index 0000000..f8ffafc
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml
@@ -0,0 +1,1670 @@
+{{- /*
+Generated from 'prometheus-remote-write' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.prometheus.prometheusSpec.remoteWriteDashboards }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }}
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "prometheus-remote-write" | trunc 63 | trimSuffix "-" }}
+ annotations:
+{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
+ labels:
+ {{- if $.Values.grafana.sidecar.dashboards.label }}
+ {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }}
+ {{- end }}
+ app: {{ template "kube-prometheus-stack.name" $ }}-grafana
+{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
+data:
+ prometheus-remote-write.json: |-
+ {
+ "__inputs": [
+
+ ],
+ "__requires": [
+
+ ],
+ "annotations": {
+ "list": [
+
+ ]
+ },
+ "editable": true,
+ "gnetId": null,
+ "graphTooltip": 0,
+ "hideControls": false,
+ "id": null,
+ "links": [
+
+ ],
+ "refresh": "60s",
+ "rows": [
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 2,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "(\n prometheus_remote_storage_highest_timestamp_in_seconds{cluster=~\"$cluster\", instance=~\"$instance\"} \n- \n ignoring(remote_name, url) group_right(instance) (prometheus_remote_storage_queue_highest_sent_timestamp_seconds{cluster=~\"$cluster\", instance=~\"$instance\"} != 0)\n)\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Highest Timestamp In vs. Highest Timestamp Sent",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 3,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "clamp_min(\n rate(prometheus_remote_storage_highest_timestamp_in_seconds{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) \n- \n ignoring (remote_name, url) group_right(instance) rate(prometheus_remote_storage_queue_highest_sent_timestamp_seconds{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])\n, 0)\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate[5m]",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Timestamps",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 4,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "rate(\n prometheus_remote_storage_samples_in_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])\n- \n ignoring(remote_name, url) group_right(instance) (rate(prometheus_remote_storage_succeeded_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]))\n- \n (rate(prometheus_remote_storage_dropped_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_dropped_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]))\n",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate, in vs. succeeded or dropped [5m]",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Samples",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 5,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "minSpan": 6,
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "prometheus_remote_storage_shards{cluster=~\"$cluster\", instance=~\"$instance\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Current Shards",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 6,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 4,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "prometheus_remote_storage_shards_max{cluster=~\"$cluster\", instance=~\"$instance\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Max Shards",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 7,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 4,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "prometheus_remote_storage_shards_min{cluster=~\"$cluster\", instance=~\"$instance\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Min Shards",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 8,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 4,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "prometheus_remote_storage_shards_desired{cluster=~\"$cluster\", instance=~\"$instance\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Desired Shards",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Shards",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 9,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "prometheus_remote_storage_shard_capacity{cluster=~\"$cluster\", instance=~\"$instance\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Shard Capacity",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 10,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "prometheus_remote_storage_pending_samples{cluster=~\"$cluster\", instance=~\"$instance\"} or prometheus_remote_storage_samples_pending{cluster=~\"$cluster\", instance=~\"$instance\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Pending Samples",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Shard Details",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 11,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "prometheus_tsdb_wal_segment_current{cluster=~\"$cluster\", instance=~\"$instance\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "TSDB Current Segment",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "none",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 12,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "prometheus_wal_watcher_current_segment{cluster=~\"$cluster\", instance=~\"$instance\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}consumer{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Remote Write Current Segment",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "none",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Segments",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 13,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 3,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "rate(prometheus_remote_storage_dropped_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_dropped_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Dropped Samples",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 14,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 3,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "rate(prometheus_remote_storage_failed_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_failed_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Failed Samples",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 15,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 3,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "rate(prometheus_remote_storage_retried_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_retried_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Retried Samples",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 16,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 3,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "rate(prometheus_remote_storage_enqueue_retries_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Enqueue Retries",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Misc. Rates",
+ "titleSize": "h6",
+ "type": "row"
+ }
+ ],
+ "schemaVersion": 14,
+ "style": "dark",
+ "tags": [
+ "prometheus-mixin"
+ ],
+ "templating": {
+ "list": [
+ {
+ "hide": 0,
+ "label": null,
+ "name": "datasource",
+ "options": [
+
+ ],
+ "query": "prometheus",
+ "refresh": 1,
+ "regex": "",
+ "type": "datasource"
+ },
+ {
+ "allValue": null,
+ "current": {
+ "text": {
+ "selected": true,
+ "text": "All",
+ "value": "$__all"
+ },
+ "value": {
+ "selected": true,
+ "text": "All",
+ "value": "$__all"
+ }
+ },
+ "datasource": "$datasource",
+ "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }},
+ "includeAll": true,
+ "label": null,
+ "multi": false,
+ "name": "cluster",
+ "options": [
+
+ ],
+ "query": "label_values(kube_pod_container_info{image=~\".*prometheus.*\"}, cluster)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 0,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "current": {
+ "text": {
+ "selected": true,
+ "text": "All",
+ "value": "$__all"
+ },
+ "value": {
+ "selected": true,
+ "text": "All",
+ "value": "$__all"
+ }
+ },
+ "datasource": "$datasource",
+ "hide": 0,
+ "includeAll": true,
+ "label": null,
+ "multi": false,
+ "name": "instance",
+ "options": [
+
+ ],
+ "query": "label_values(prometheus_build_info{cluster=~\"$cluster\"}, instance)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 0,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "current": {
+
+ },
+ "datasource": "$datasource",
+ "hide": 0,
+ "includeAll": true,
+ "label": null,
+ "multi": false,
+ "name": "url",
+ "options": [
+
+ ],
+ "query": "label_values(prometheus_remote_storage_shards{cluster=~\"$cluster\", instance=~\"$instance\"}, url)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 0,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ }
+ ]
+ },
+ "time": {
+ "from": "now-6h",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}",
+ "title": "Prometheus / Remote Write",
+ "version": 0
+ }
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/prometheus.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/prometheus.yaml
new file mode 100644
index 0000000..124ee37
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/prometheus.yaml
@@ -0,0 +1,1235 @@
+{{- /*
+Generated from 'prometheus' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }}
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "prometheus" | trunc 63 | trimSuffix "-" }}
+ annotations:
+{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
+ labels:
+ {{- if $.Values.grafana.sidecar.dashboards.label }}
+ {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }}
+ {{- end }}
+ app: {{ template "kube-prometheus-stack.name" $ }}-grafana
+{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
+data:
+ prometheus.json: |-
+ {
+ "annotations": {
+ "list": [
+
+ ]
+ },
+ "editable": true,
+ "gnetId": null,
+ "graphTooltip": 0,
+ "hideControls": false,
+ "links": [
+
+ ],
+ "refresh": "60s",
+ "rows": [
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "id": 1,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": false,
+ "steppedLine": false,
+ "styles": [
+ {
+ "alias": "Time",
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "pattern": "Time",
+ "type": "hidden"
+ },
+ {
+ "alias": "Count",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #A",
+ "thresholds": [
+
+ ],
+ "type": "hidden",
+ "unit": "short"
+ },
+ {
+ "alias": "Uptime",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "Value #B",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "Instance",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "instance",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "Job",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "job",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "Version",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "link": false,
+ "linkTargetBlank": false,
+ "linkTooltip": "Drill down",
+ "linkUrl": "",
+ "pattern": "version",
+ "thresholds": [
+
+ ],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "",
+ "colorMode": null,
+ "colors": [
+
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "pattern": "/.*/",
+ "thresholds": [
+
+ ],
+ "type": "string",
+ "unit": "short"
+ }
+ ],
+ "targets": [
+ {
+ "expr": "count by (job, instance, version) (prometheus_build_info{job=~\"$job\", instance=~\"$instance\"})",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A",
+ "step": 10
+ },
+ {
+ "expr": "max by (job, instance) (time() - process_start_time_seconds{job=~\"$job\", instance=~\"$instance\"})",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "B",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Prometheus Stats",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "transform": "table",
+ "type": "table",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Prometheus Stats",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "id": 2,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(prometheus_target_sync_length_seconds_sum{job=~\"$job\",instance=~\"$instance\"}[5m])) by (scrape_job) * 1e3",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}scrape_job{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Target Sync",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "ms",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 3,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(prometheus_sd_discovered_targets{job=~\"$job\",instance=~\"$instance\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "Targets",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Targets",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Discovery",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "id": 4,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 4,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "rate(prometheus_target_interval_length_seconds_sum{job=~\"$job\",instance=~\"$instance\"}[5m]) / rate(prometheus_target_interval_length_seconds_count{job=~\"$job\",instance=~\"$instance\"}[5m]) * 1e3",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}interval{{`}}`}} configured",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Average Scrape Interval Duration",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "ms",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 5,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 4,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum by (job) (rate(prometheus_target_scrapes_exceeded_body_size_limit_total[1m]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "exceeded body size limit: {{`{{`}}job{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ },
+ {
+ "expr": "sum by (job) (rate(prometheus_target_scrapes_exceeded_sample_limit_total[1m]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "exceeded sample limit: {{`{{`}}job{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ },
+ {
+ "expr": "sum by (job) (rate(prometheus_target_scrapes_sample_duplicate_timestamp_total[1m]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "duplicate timestamp: {{`{{`}}job{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ },
+ {
+ "expr": "sum by (job) (rate(prometheus_target_scrapes_sample_out_of_bounds_total[1m]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "out of bounds: {{`{{`}}job{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ },
+ {
+ "expr": "sum by (job) (rate(prometheus_target_scrapes_sample_out_of_order_total[1m]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "out of order: {{`{{`}}job{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Scrape failures",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 6,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 4,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "rate(prometheus_tsdb_head_samples_appended_total{job=~\"$job\",instance=~\"$instance\"}[5m])",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}job{{`}}`}} {{`{{`}}instance{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Appended Samples",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Retrieval",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 7,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "prometheus_tsdb_head_series{job=~\"$job\",instance=~\"$instance\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}job{{`}}`}} {{`{{`}}instance{{`}}`}} head series",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Head Series",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 8,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "prometheus_tsdb_head_chunks{job=~\"$job\",instance=~\"$instance\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}job{{`}}`}} {{`{{`}}instance{{`}}`}} head chunks",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Head Chunks",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Storage",
+ "titleSize": "h6"
+ },
+ {
+ "collapse": false,
+ "height": "250px",
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 9,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "rate(prometheus_engine_query_duration_seconds_count{job=~\"$job\",instance=~\"$instance\",slice=\"inner_eval\"}[5m])",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}job{{`}}`}} {{`{{`}}instance{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Query Rate",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 10,
+ "id": 10,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 0,
+ "links": [
+
+ ],
+ "nullPointMode": "null as zero",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "max by (slice) (prometheus_engine_query_duration_seconds{quantile=\"0.9\",job=~\"$job\",instance=~\"$instance\"}) * 1e3",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}slice{{`}}`}}",
+ "legendLink": null,
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Stage Duration",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "ms",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": false
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Query",
+ "titleSize": "h6"
+ }
+ ],
+ "schemaVersion": 14,
+ "style": "dark",
+ "tags": [
+ "prometheus-mixin"
+ ],
+ "templating": {
+ "list": [
+ {
+ "current": {
+ "text": "default",
+ "value": "default"
+ },
+ "hide": 0,
+ "label": "Data Source",
+ "name": "datasource",
+ "options": [
+
+ ],
+ "query": "prometheus",
+ "refresh": 1,
+ "regex": "",
+ "type": "datasource"
+ },
+ {
+ "allValue": ".+",
+ "current": {
+ "selected": true,
+ "text": "All",
+ "value": "$__all"
+ },
+ "datasource": "$datasource",
+ "hide": 0,
+ "includeAll": true,
+ "label": "job",
+ "multi": true,
+ "name": "job",
+ "options": [
+
+ ],
+ "query": "label_values(prometheus_build_info{job=\"prometheus-k8s\",namespace=\"monitoring\"}, job)",
+ "refresh": 1,
+ "regex": "",
+ "sort": 2,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": ".+",
+ "current": {
+ "selected": true,
+ "text": "All",
+ "value": "$__all"
+ },
+ "datasource": "$datasource",
+ "hide": 0,
+ "includeAll": true,
+ "label": "instance",
+ "multi": true,
+ "name": "instance",
+ "options": [
+
+ ],
+ "query": "label_values(prometheus_build_info{job=~\"$job\"}, instance)",
+ "refresh": 1,
+ "regex": "",
+ "sort": 2,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ }
+ ]
+ },
+ "time": {
+ "from": "now-1h",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}",
+ "title": "Prometheus / Overview",
+ "uid": "",
+ "version": 0
+ }
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/proxy.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/proxy.yaml
new file mode 100644
index 0000000..53a077c
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/proxy.yaml
@@ -0,0 +1,1271 @@
+{{- /*
+Generated from 'proxy' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.kubeProxy.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }}
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "proxy" | trunc 63 | trimSuffix "-" }}
+ annotations:
+{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
+ labels:
+ {{- if $.Values.grafana.sidecar.dashboards.label }}
+ {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }}
+ {{- end }}
+ app: {{ template "kube-prometheus-stack.name" $ }}-grafana
+{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
+data:
+ proxy.json: |-
+ {
+ "__inputs": [
+
+ ],
+ "__requires": [
+
+ ],
+ "annotations": {
+ "list": [
+
+ ]
+ },
+ "editable": false,
+ "gnetId": null,
+ "graphTooltip": 0,
+ "hideControls": false,
+ "id": null,
+ "links": [
+
+ ],
+ "refresh": "10s",
+ "rows": [
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": "$datasource",
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+
+ },
+ "id": 2,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "rightSide": true
+ },
+ "links": [
+
+ ],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "sum(up{cluster=\"$cluster\", job=\"kube-proxy\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A"
+ }
+ ],
+ "thresholds": "",
+ "title": "Up",
+ "tooltip": {
+ "shared": false
+ },
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "min"
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 3,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 5,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(kubeproxy_sync_proxy_rules_duration_seconds_count{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\"}[$__rate_interval]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "rate",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rules Sync Rate",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 4,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 5,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "histogram_quantile(0.99,rate(kubeproxy_sync_proxy_rules_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\"}[$__rate_interval]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rule Sync Latency 99th Quantile",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": false,
+ "title": "Dashboard Row",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 5,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(kubeproxy_network_programming_duration_seconds_count{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\"}[$__rate_interval]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "rate",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Network Programming Rate",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 6,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 6,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "histogram_quantile(0.99, sum(rate(kubeproxy_network_programming_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\"}[$__rate_interval])) by (instance, le))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Network Programming Latency 99th Quantile",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": false,
+ "title": "Dashboard Row",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 7,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 4,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\",code=~\"2..\"}[$__rate_interval]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "2xx",
+ "refId": "A"
+ },
+ {
+ "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\",code=~\"3..\"}[$__rate_interval]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "3xx",
+ "refId": "B"
+ },
+ {
+ "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\",code=~\"4..\"}[$__rate_interval]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "4xx",
+ "refId": "C"
+ },
+ {
+ "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\",code=~\"5..\"}[$__rate_interval]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "5xx",
+ "refId": "D"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Kube API Request Rate",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 8,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 8,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-proxy\",instance=~\"$instance\",verb=\"POST\"}[$__rate_interval])) by (verb, url, le))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Post Request Latency 99th Quantile",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": false,
+ "title": "Dashboard Row",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 9,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\", verb=\"GET\"}[$__rate_interval])) by (verb, url, le))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Get Request Latency 99th Quantile",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": false,
+ "title": "Dashboard Row",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 10,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 4,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "process_resident_memory_bytes{cluster=\"$cluster\", job=\"kube-proxy\",instance=~\"$instance\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Memory",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "bytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "bytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 11,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 4,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "rate(process_cpu_seconds_total{cluster=\"$cluster\", job=\"kube-proxy\",instance=~\"$instance\"}[$__rate_interval])",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "CPU usage",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 12,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 4,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "go_goroutines{cluster=\"$cluster\", job=\"kube-proxy\",instance=~\"$instance\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Goroutines",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": false,
+ "title": "Dashboard Row",
+ "titleSize": "h6",
+ "type": "row"
+ }
+ ],
+ "schemaVersion": 14,
+ "style": "dark",
+ "tags": [
+ "kubernetes-mixin"
+ ],
+ "templating": {
+ "list": [
+ {
+ "current": {
+ "text": "default",
+ "value": "default"
+ },
+ "hide": 0,
+ "label": "Data Source",
+ "name": "datasource",
+ "options": [
+
+ ],
+ "query": "prometheus",
+ "refresh": 1,
+ "regex": "",
+ "type": "datasource"
+ },
+ {
+ "allValue": null,
+ "current": {
+
+ },
+ "datasource": "$datasource",
+ "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }},
+ "includeAll": false,
+ "label": "cluster",
+ "multi": false,
+ "name": "cluster",
+ "options": [
+
+ ],
+ "query": "label_values(up{job=\"kube-proxy\"}, cluster)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "current": {
+
+ },
+ "datasource": "$datasource",
+ "hide": 0,
+ "includeAll": true,
+ "label": null,
+ "multi": false,
+ "name": "instance",
+ "options": [
+
+ ],
+ "query": "label_values(up{job=\"kube-proxy\", cluster=\"$cluster\", job=\"kube-proxy\"}, instance)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ }
+ ]
+ },
+ "time": {
+ "from": "now-1h",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}",
+ "title": "Kubernetes / Proxy",
+ "uid": "632e265de029684c40b21cb76bca4f94",
+ "version": 0
+ }
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/scheduler.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/scheduler.yaml
new file mode 100644
index 0000000..c7ac207
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/scheduler.yaml
@@ -0,0 +1,1112 @@
+{{- /*
+Generated from 'scheduler' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.kubeScheduler.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }}
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "scheduler" | trunc 63 | trimSuffix "-" }}
+ annotations:
+{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
+ labels:
+ {{- if $.Values.grafana.sidecar.dashboards.label }}
+ {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }}
+ {{- end }}
+ app: {{ template "kube-prometheus-stack.name" $ }}-grafana
+{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
+data:
+ scheduler.json: |-
+ {
+ "__inputs": [
+
+ ],
+ "__requires": [
+
+ ],
+ "annotations": {
+ "list": [
+
+ ]
+ },
+ "editable": false,
+ "gnetId": null,
+ "graphTooltip": 0,
+ "hideControls": false,
+ "id": null,
+ "links": [
+
+ ],
+ "refresh": "10s",
+ "rows": [
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": "$datasource",
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+
+ },
+ "id": 2,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "rightSide": true
+ },
+ "links": [
+
+ ],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "span": 2,
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "sum(up{cluster=\"$cluster\", job=\"kube-scheduler\"})",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A"
+ }
+ ],
+ "thresholds": "",
+ "title": "Up",
+ "tooltip": {
+ "shared": false
+ },
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "min"
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 3,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 5,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(scheduler_e2e_scheduling_duration_seconds_count{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} e2e",
+ "refId": "A"
+ },
+ {
+ "expr": "sum(rate(scheduler_binding_duration_seconds_count{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} binding",
+ "refId": "B"
+ },
+ {
+ "expr": "sum(rate(scheduler_scheduling_algorithm_duration_seconds_count{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} scheduling algorithm",
+ "refId": "C"
+ },
+ {
+ "expr": "sum(rate(scheduler_volume_scheduling_duration_seconds_count{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance)",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} volume",
+ "refId": "D"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Scheduling Rate",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 4,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 5,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "histogram_quantile(0.99, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, le))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} e2e",
+ "refId": "A"
+ },
+ {
+ "expr": "histogram_quantile(0.99, sum(rate(scheduler_binding_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, le))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} binding",
+ "refId": "B"
+ },
+ {
+ "expr": "histogram_quantile(0.99, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, le))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} scheduling algorithm",
+ "refId": "C"
+ },
+ {
+ "expr": "histogram_quantile(0.99, sum(rate(scheduler_volume_scheduling_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, le))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} volume",
+ "refId": "D"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Scheduling latency 99th Quantile",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": false,
+ "title": "Dashboard Row",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 5,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 4,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\",code=~\"2..\"}[$__rate_interval]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "2xx",
+ "refId": "A"
+ },
+ {
+ "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\",code=~\"3..\"}[$__rate_interval]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "3xx",
+ "refId": "B"
+ },
+ {
+ "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\",code=~\"4..\"}[$__rate_interval]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "4xx",
+ "refId": "C"
+ },
+ {
+ "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\",code=~\"5..\"}[$__rate_interval]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "5xx",
+ "refId": "D"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Kube API Request Rate",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 6,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 8,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\", verb=\"POST\"}[$__rate_interval])) by (verb, url, le))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Post Request Latency 99th Quantile",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": false,
+ "title": "Dashboard Row",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 7,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\", verb=\"GET\"}[$__rate_interval])) by (verb, url, le))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Get Request Latency 99th Quantile",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "s",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": false,
+ "title": "Dashboard Row",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 8,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 4,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "process_resident_memory_bytes{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Memory",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "bytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "bytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 9,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 4,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "rate(process_cpu_seconds_total{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[$__rate_interval])",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "CPU usage",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "bytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "bytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "fillGradient": 0,
+ "gridPos": {
+
+ },
+ "id": 10,
+ "interval": "1m",
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 4,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "go_goroutines{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "{{`{{`}}instance{{`}}`}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Goroutines",
+ "tooltip": {
+ "shared": false,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": false,
+ "title": "Dashboard Row",
+ "titleSize": "h6",
+ "type": "row"
+ }
+ ],
+ "schemaVersion": 14,
+ "style": "dark",
+ "tags": [
+ "kubernetes-mixin"
+ ],
+ "templating": {
+ "list": [
+ {
+ "current": {
+ "text": "default",
+ "value": "default"
+ },
+ "hide": 0,
+ "label": "Data Source",
+ "name": "datasource",
+ "options": [
+
+ ],
+ "query": "prometheus",
+ "refresh": 1,
+ "regex": "",
+ "type": "datasource"
+ },
+ {
+ "allValue": null,
+ "current": {
+
+ },
+ "datasource": "$datasource",
+ "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }},
+ "includeAll": false,
+ "label": "cluster",
+ "multi": false,
+ "name": "cluster",
+ "options": [
+
+ ],
+ "query": "label_values(up{job=\"kube-scheduler\"}, cluster)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "current": {
+
+ },
+ "datasource": "$datasource",
+ "hide": 0,
+ "includeAll": true,
+ "label": null,
+ "multi": false,
+ "name": "instance",
+ "options": [
+
+ ],
+ "query": "label_values(up{job=\"kube-scheduler\", cluster=\"$cluster\"}, instance)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ }
+ ]
+ },
+ "time": {
+ "from": "now-1h",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}",
+ "title": "Kubernetes / Scheduler",
+ "uid": "2e6b6a3b4bddf1427b3a55aa1311c656",
+ "version": 0
+ }
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/workload-total.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/workload-total.yaml
new file mode 100644
index 0000000..35ca442
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/workload-total.yaml
@@ -0,0 +1,1438 @@
+{{- /*
+Generated from 'workload-total' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }}
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "workload-total" | trunc 63 | trimSuffix "-" }}
+ annotations:
+{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
+ labels:
+ {{- if $.Values.grafana.sidecar.dashboards.label }}
+ {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }}
+ {{- end }}
+ app: {{ template "kube-prometheus-stack.name" $ }}-grafana
+{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
+data:
+ workload-total.json: |-
+ {
+ "__inputs": [
+
+ ],
+ "__requires": [
+
+ ],
+ "annotations": {
+ "list": [
+ {
+ "builtIn": 1,
+ "datasource": "-- Grafana --",
+ "enable": true,
+ "hide": true,
+ "iconColor": "rgba(0, 211, 255, 1)",
+ "name": "Annotations & Alerts",
+ "type": "dashboard"
+ }
+ ]
+ },
+ "editable": true,
+ "gnetId": null,
+ "graphTooltip": 0,
+ "hideControls": false,
+ "id": null,
+ "links": [
+
+ ],
+ "panels": [
+ {
+ "collapse": false,
+ "collapsed": false,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 0
+ },
+ "id": 2,
+ "panels": [
+
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Current Bandwidth",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": true,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 0,
+ "y": 1
+ },
+ "id": 3,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "sort": "current",
+ "sortDesc": true,
+ "total": false,
+ "values": true
+ },
+ "lines": false,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "minSpan": 24,
+ "nullPointMode": "null",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 24,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}} pod {{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Current Rate of Bytes Received",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "series",
+ "name": null,
+ "show": false,
+ "values": [
+ "current"
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": true,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 12,
+ "y": 1
+ },
+ "id": 4,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "sort": "current",
+ "sortDesc": true,
+ "total": false,
+ "values": true
+ },
+ "lines": false,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "minSpan": 24,
+ "nullPointMode": "null",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 24,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}} pod {{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Current Rate of Bytes Transmitted",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "series",
+ "name": null,
+ "show": false,
+ "values": [
+ "current"
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "collapse": true,
+ "collapsed": true,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 10
+ },
+ "id": 5,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": true,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 0,
+ "y": 11
+ },
+ "id": 6,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "sort": "current",
+ "sortDesc": true,
+ "total": false,
+ "values": true
+ },
+ "lines": false,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "minSpan": 24,
+ "nullPointMode": "null",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 24,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sort_desc(avg(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}} pod {{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Average Rate of Bytes Received",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "series",
+ "name": null,
+ "show": false,
+ "values": [
+ "current"
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": true,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 12,
+ "y": 11
+ },
+ "id": 7,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sideWidth": null,
+ "sort": "current",
+ "sortDesc": true,
+ "total": false,
+ "values": true
+ },
+ "lines": false,
+ "linewidth": 1,
+ "links": [
+
+ ],
+ "minSpan": 24,
+ "nullPointMode": "null",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 24,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}} pod {{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Average Rate of Bytes Transmitted",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "series",
+ "name": null,
+ "show": false,
+ "values": [
+ "current"
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Average Bandwidth",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": false,
+ "collapsed": false,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 11
+ },
+ "id": 8,
+ "panels": [
+
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Bandwidth HIstory",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 0,
+ "y": 12
+ },
+ "id": 9,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [
+
+ ],
+ "minSpan": 12,
+ "nullPointMode": "connected",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Receive Bandwidth",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 12,
+ "y": 12
+ },
+ "id": 10,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [
+
+ ],
+ "minSpan": 12,
+ "nullPointMode": "connected",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Transmit Bandwidth",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "Bps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "collapse": true,
+ "collapsed": true,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 21
+ },
+ "id": 11,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 0,
+ "y": 22
+ },
+ "id": 12,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [
+
+ ],
+ "minSpan": 12,
+ "nullPointMode": "connected",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sort_desc(sum(irate(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Received Packets",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 12,
+ "y": 22
+ },
+ "id": 13,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [
+
+ ],
+ "minSpan": 12,
+ "nullPointMode": "connected",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sort_desc(sum(irate(container_network_transmit_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Transmitted Packets",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Packets",
+ "titleSize": "h6",
+ "type": "row"
+ },
+ {
+ "collapse": true,
+ "collapsed": true,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 22
+ },
+ "id": 14,
+ "panels": [
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 0,
+ "y": 23
+ },
+ "id": 15,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [
+
+ ],
+ "minSpan": 12,
+ "nullPointMode": "connected",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Received Packets Dropped",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ },
+ {
+ "aliasColors": {
+
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 2,
+ "fillGradient": 0,
+ "gridPos": {
+ "h": 9,
+ "w": 12,
+ "x": 12,
+ "y": 23
+ },
+ "id": 16,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sideWidth": null,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [
+
+ ],
+ "minSpan": 12,
+ "nullPointMode": "connected",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "repeat": null,
+ "seriesOverrides": [
+
+ ],
+ "spaceLength": 10,
+ "span": 12,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{`{{`}}pod{{`}}`}}",
+ "refId": "A",
+ "step": 10
+ }
+ ],
+ "thresholds": [
+
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Rate of Transmitted Packets Dropped",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": [
+
+ ]
+ },
+ "yaxes": [
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ },
+ {
+ "format": "pps",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": 0,
+ "show": true
+ }
+ ]
+ }
+ ],
+ "repeat": null,
+ "repeatIteration": null,
+ "repeatRowId": null,
+ "showTitle": true,
+ "title": "Errors",
+ "titleSize": "h6",
+ "type": "row"
+ }
+ ],
+ "refresh": "10s",
+ "rows": [
+
+ ],
+ "schemaVersion": 18,
+ "style": "dark",
+ "tags": [
+ "kubernetes-mixin"
+ ],
+ "templating": {
+ "list": [
+ {
+ "current": {
+ "text": "default",
+ "value": "default"
+ },
+ "hide": 0,
+ "label": "Data Source",
+ "name": "datasource",
+ "options": [
+
+ ],
+ "query": "prometheus",
+ "refresh": 1,
+ "regex": "",
+ "type": "datasource"
+ },
+ {
+ "allValue": null,
+ "current": {
+
+ },
+ "datasource": "$datasource",
+ "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }},
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "cluster",
+ "options": [
+
+ ],
+ "query": "label_values(kube_pod_info{job=\"kube-state-metrics\"}, cluster)",
+ "refresh": 2,
+ "regex": "",
+ "sort": 0,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": ".+",
+ "auto": false,
+ "auto_count": 30,
+ "auto_min": "10s",
+ "current": {
+ "text": "kube-system",
+ "value": "kube-system"
+ },
+ "datasource": "$datasource",
+ "definition": "label_values(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\"}, namespace)",
+ "hide": 0,
+ "includeAll": true,
+ "label": null,
+ "multi": false,
+ "name": "namespace",
+ "options": [
+
+ ],
+ "query": "label_values(container_network_receive_packets_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\"}, namespace)",
+ "refresh": 2,
+ "regex": "",
+ "skipUrlSync": false,
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "auto": false,
+ "auto_count": 30,
+ "auto_min": "10s",
+ "current": {
+ "text": "",
+ "value": ""
+ },
+ "datasource": "$datasource",
+ "definition": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\"}, workload)",
+ "hide": 0,
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "workload",
+ "options": [
+
+ ],
+ "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\"}, workload)",
+ "refresh": 2,
+ "regex": "",
+ "skipUrlSync": false,
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "auto": false,
+ "auto_count": 30,
+ "auto_min": "10s",
+ "current": {
+ "text": "deployment",
+ "value": "deployment"
+ },
+ "datasource": "$datasource",
+ "definition": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\"}, workload_type)",
+ "hide": 0,
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "type",
+ "options": [
+
+ ],
+ "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\"}, workload_type)",
+ "refresh": 2,
+ "regex": "",
+ "skipUrlSync": false,
+ "sort": 0,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "auto": false,
+ "auto_count": 30,
+ "auto_min": "10s",
+ "current": {
+ "text": "5m",
+ "value": "5m"
+ },
+ "datasource": "$datasource",
+ "hide": 0,
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "resolution",
+ "options": [
+ {
+ "selected": false,
+ "text": "30s",
+ "value": "30s"
+ },
+ {
+ "selected": true,
+ "text": "5m",
+ "value": "5m"
+ },
+ {
+ "selected": false,
+ "text": "1h",
+ "value": "1h"
+ }
+ ],
+ "query": "30s,5m,1h",
+ "refresh": 2,
+ "regex": "",
+ "skipUrlSync": false,
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "interval",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "auto": false,
+ "auto_count": 30,
+ "auto_min": "10s",
+ "current": {
+ "text": "5m",
+ "value": "5m"
+ },
+ "datasource": "$datasource",
+ "hide": 2,
+ "includeAll": false,
+ "label": null,
+ "multi": false,
+ "name": "interval",
+ "options": [
+ {
+ "selected": true,
+ "text": "4h",
+ "value": "4h"
+ }
+ ],
+ "query": "4h",
+ "refresh": 2,
+ "regex": "",
+ "skipUrlSync": false,
+ "sort": 1,
+ "tagValuesQuery": "",
+ "tags": [
+
+ ],
+ "tagsQuery": "",
+ "type": "interval",
+ "useTags": false
+ }
+ ]
+ },
+ "time": {
+ "from": "now-1h",
+ "to": "now"
+ },
+ "timepicker": {
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}",
+ "title": "Kubernetes / Networking / Workload",
+ "uid": "728bf77cc1166d2f3133bf25846876cc",
+ "version": 0
+ }
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml
new file mode 100644
index 0000000..6c91ee0
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml
@@ -0,0 +1,33 @@
+{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-admission
+ annotations:
+ "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+ labels:
+ app: {{ template "kube-prometheus-stack.name" $ }}-admission
+{{- include "kube-prometheus-stack.labels" $ | indent 4 }}
+rules:
+ - apiGroups:
+ - admissionregistration.k8s.io
+ resources:
+ - validatingwebhookconfigurations
+ - mutatingwebhookconfigurations
+ verbs:
+ - get
+ - update
+{{- if .Values.global.rbac.pspEnabled }}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }}
+ - apiGroups: ['policy']
+{{- else }}
+ - apiGroups: ['extensions']
+{{- end }}
+ resources: ['podsecuritypolicies']
+ verbs: ['use']
+ resourceNames:
+ - {{ template "kube-prometheus-stack.fullname" . }}-admission
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml
new file mode 100644
index 0000000..b909d14
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml
@@ -0,0 +1,20 @@
+{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-admission
+ annotations:
+ "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+ labels:
+ app: {{ template "kube-prometheus-stack.name" $ }}-admission
+{{- include "kube-prometheus-stack.labels" $ | indent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "kube-prometheus-stack.fullname" . }}-admission
+subjects:
+ - kind: ServiceAccount
+ name: {{ template "kube-prometheus-stack.fullname" . }}-admission
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml
new file mode 100644
index 0000000..6a9db3e
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml
@@ -0,0 +1,72 @@
+{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-admission-create
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ annotations:
+ "helm.sh/hook": pre-install,pre-upgrade
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+{{- with .Values.prometheusOperator.admissionWebhooks.annotations }}
+{{ toYaml . | indent 4 }}
+{{- end }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" $ }}-admission-create
+{{- include "kube-prometheus-stack.labels" $ | indent 4 }}
+spec:
+ {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
+ # Alpha feature since k8s 1.12
+ ttlSecondsAfterFinished: 0
+ {{- end }}
+ template:
+ metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-admission-create
+{{- with .Values.prometheusOperator.admissionWebhooks.patch.podAnnotations }}
+ annotations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" $ }}-admission-create
+{{- include "kube-prometheus-stack.labels" $ | indent 8 }}
+ spec:
+ {{- if .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }}
+ priorityClassName: {{ .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }}
+ {{- end }}
+ containers:
+ - name: create
+ {{- if .Values.prometheusOperator.admissionWebhooks.patch.image.sha }}
+ image: {{ .Values.prometheusOperator.admissionWebhooks.patch.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.tag }}@sha256:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.sha }}
+ {{- else }}
+ image: {{ .Values.prometheusOperator.admissionWebhooks.patch.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.tag }}
+ {{- end }}
+ imagePullPolicy: {{ .Values.prometheusOperator.admissionWebhooks.patch.image.pullPolicy }}
+ args:
+ - create
+ - --host={{ template "kube-prometheus-stack.operator.fullname" . }},{{ template "kube-prometheus-stack.operator.fullname" . }}.{{ template "kube-prometheus-stack.namespace" . }}.svc
+ - --namespace={{ template "kube-prometheus-stack.namespace" . }}
+ - --secret-name={{ template "kube-prometheus-stack.fullname" . }}-admission
+ {{- with .Values.prometheusOperator.admissionWebhooks.createSecretJob }}
+ securityContext:
+ {{ toYaml .securityContext | nindent 12 }}
+ {{- end }}
+ resources:
+{{ toYaml .Values.prometheusOperator.admissionWebhooks.patch.resources | indent 12 }}
+ restartPolicy: OnFailure
+ serviceAccountName: {{ template "kube-prometheus-stack.fullname" . }}-admission
+ {{- with .Values.prometheusOperator.admissionWebhooks.patch.nodeSelector }}
+ nodeSelector:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.prometheusOperator.admissionWebhooks.patch.affinity }}
+ affinity:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.prometheusOperator.admissionWebhooks.patch.tolerations }}
+ tolerations:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+{{- if .Values.prometheusOperator.admissionWebhooks.patch.securityContext }}
+ securityContext:
+{{ toYaml .Values.prometheusOperator.admissionWebhooks.patch.securityContext | indent 8 }}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml
new file mode 100644
index 0000000..1ac7ceb
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml
@@ -0,0 +1,73 @@
+{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-admission-patch
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ annotations:
+ "helm.sh/hook": post-install,post-upgrade
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+{{- with .Values.prometheusOperator.admissionWebhooks.patch.annotations }}
+{{ toYaml . | indent 4 }}
+{{- end }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch
+{{- include "kube-prometheus-stack.labels" $ | indent 4 }}
+spec:
+ {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
+ # Alpha feature since k8s 1.12
+ ttlSecondsAfterFinished: 0
+ {{- end }}
+ template:
+ metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-admission-patch
+{{- with .Values.prometheusOperator.admissionWebhooks.patch.podAnnotations }}
+ annotations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch
+{{- include "kube-prometheus-stack.labels" $ | indent 8 }}
+ spec:
+ {{- if .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }}
+ priorityClassName: {{ .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }}
+ {{- end }}
+ containers:
+ - name: patch
+ {{- if .Values.prometheusOperator.admissionWebhooks.patch.image.sha }}
+ image: {{ .Values.prometheusOperator.admissionWebhooks.patch.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.tag }}@sha256:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.sha }}
+ {{- else }}
+ image: {{ .Values.prometheusOperator.admissionWebhooks.patch.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.tag }}
+ {{- end }}
+ imagePullPolicy: {{ .Values.prometheusOperator.admissionWebhooks.patch.image.pullPolicy }}
+ args:
+ - patch
+ - --webhook-name={{ template "kube-prometheus-stack.fullname" . }}-admission
+ - --namespace={{ template "kube-prometheus-stack.namespace" . }}
+ - --secret-name={{ template "kube-prometheus-stack.fullname" . }}-admission
+ - --patch-failure-policy={{ .Values.prometheusOperator.admissionWebhooks.failurePolicy }}
+ {{- with .Values.prometheusOperator.admissionWebhooks.patchWebhookJob }}
+ securityContext:
+ {{ toYaml .securityContext | nindent 12 }}
+ {{- end }}
+ resources:
+{{ toYaml .Values.prometheusOperator.admissionWebhooks.patch.resources | indent 12 }}
+ restartPolicy: OnFailure
+ serviceAccountName: {{ template "kube-prometheus-stack.fullname" . }}-admission
+ {{- with .Values.prometheusOperator.admissionWebhooks.patch.nodeSelector }}
+ nodeSelector:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.prometheusOperator.admissionWebhooks.patch.affinity }}
+ affinity:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.prometheusOperator.admissionWebhooks.patch.tolerations }}
+ tolerations:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+{{- if .Values.prometheusOperator.admissionWebhooks.patch.securityContext }}
+ securityContext:
+{{ toYaml .Values.prometheusOperator.admissionWebhooks.patch.securityContext | indent 8 }}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/networkpolicy-createSecret.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/networkpolicy-createSecret.yaml
new file mode 100644
index 0000000..270bf85
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/networkpolicy-createSecret.yaml
@@ -0,0 +1,29 @@
+{{- if .Values.prometheusOperator.networkPolicy.enabled }}
+{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-admission-create
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ annotations:
+ "helm.sh/hook": pre-install,pre-upgrade
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+ ## Ensure this is run before the job
+ "helm.sh/hook-weight": "-5"
+{{- with .Values.prometheusOperator.admissionWebhooks.annotations }}
+{{ toYaml . | indent 4 }}
+{{- end }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" $ }}-admission-create
+{{- include "kube-prometheus-stack.labels" $ | indent 4 }}
+spec:
+ podSelector:
+ matchLabels:
+ app: {{ template "kube-prometheus-stack.name" $ }}-admission-create
+{{- include "kube-prometheus-stack.labels" $ | indent 6 }}
+ egress:
+ - {}
+ policyTypes:
+ - Egress
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/networkpolicy-patchWebhook.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/networkpolicy-patchWebhook.yaml
new file mode 100644
index 0000000..170c651
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/networkpolicy-patchWebhook.yaml
@@ -0,0 +1,29 @@
+{{- if .Values.prometheusOperator.networkPolicy.enabled }}
+{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-admission-patch
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ annotations:
+ "helm.sh/hook": post-install,post-upgrade
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+ ## Ensure this is run before the job
+ "helm.sh/hook-weight": "-5"
+{{- with .Values.prometheusOperator.admissionWebhooks.patch.annotations }}
+{{ toYaml . | indent 4 }}
+{{- end }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch
+{{- include "kube-prometheus-stack.labels" $ | indent 4 }}
+spec:
+ podSelector:
+ matchLabels:
+ app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch
+{{- include "kube-prometheus-stack.labels" $ | indent 6 }}
+ egress:
+ - {}
+ policyTypes:
+ - Egress
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml
new file mode 100644
index 0000000..9feff52
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml
@@ -0,0 +1,47 @@
+{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-admission
+ annotations:
+ "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+{{- if .Values.global.rbac.pspAnnotations }}
+{{ toYaml .Values.global.rbac.pspAnnotations | indent 4 }}
+{{- end }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-admission
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+spec:
+ privileged: false
+ # Allow core volume types.
+ volumes:
+ - 'configMap'
+ - 'emptyDir'
+ - 'projected'
+ - 'secret'
+ - 'downwardAPI'
+ - 'persistentVolumeClaim'
+ hostNetwork: false
+ hostIPC: false
+ hostPID: false
+ runAsUser:
+ # Permits the container to run with root privileges as well.
+ rule: 'RunAsAny'
+ seLinux:
+ # This policy assumes the nodes are using AppArmor rather than SELinux.
+ rule: 'RunAsAny'
+ supplementalGroups:
+ rule: 'MustRunAs'
+ ranges:
+ # Allow adding the root group.
+ - min: 0
+ max: 65535
+ fsGroup:
+ rule: 'MustRunAs'
+ ranges:
+ # Allow adding the root group.
+ - min: 0
+ max: 65535
+ readOnlyRootFilesystem: false
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml
new file mode 100644
index 0000000..a64e982
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml
@@ -0,0 +1,21 @@
+{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-admission
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ annotations:
+ "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+ labels:
+ app: {{ template "kube-prometheus-stack.name" $ }}-admission
+{{- include "kube-prometheus-stack.labels" $ | indent 4 }}
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - create
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml
new file mode 100644
index 0000000..d713629
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-admission
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ annotations:
+ "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+ labels:
+ app: {{ template "kube-prometheus-stack.name" $ }}-admission
+{{- include "kube-prometheus-stack.labels" $ | indent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ template "kube-prometheus-stack.fullname" . }}-admission
+subjects:
+ - kind: ServiceAccount
+ name: {{ template "kube-prometheus-stack.fullname" . }}-admission
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml
new file mode 100644
index 0000000..4fd52ae
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml
@@ -0,0 +1,17 @@
+{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-admission
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ annotations:
+ "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+ labels:
+ app: {{ template "kube-prometheus-stack.name" $ }}-admission
+{{- include "kube-prometheus-stack.labels" $ | indent 4 }}
+{{- if .Values.global.imagePullSecrets }}
+imagePullSecrets:
+{{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 2 }}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml
new file mode 100644
index 0000000..7a12754
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml
@@ -0,0 +1,42 @@
+{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled }}
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-admission
+{{- if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}
+ annotations:
+ certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-admission" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }}
+ cert-manager.io/inject-ca-from: {{ printf "%s/%s-admission" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }}
+{{- end }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" $ }}-admission
+{{- include "kube-prometheus-stack.labels" $ | indent 4 }}
+webhooks:
+ - name: prometheusrulemutate.monitoring.coreos.com
+ {{- if .Values.prometheusOperator.admissionWebhooks.patch.enabled }}
+ failurePolicy: Ignore
+ {{- else }}
+ failurePolicy: {{ .Values.prometheusOperator.admissionWebhooks.failurePolicy }}
+ {{- end }}
+ rules:
+ - apiGroups:
+ - monitoring.coreos.com
+ apiVersions:
+ - "*"
+ resources:
+ - prometheusrules
+ operations:
+ - CREATE
+ - UPDATE
+ clientConfig:
+ service:
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ name: {{ template "kube-prometheus-stack.operator.fullname" $ }}
+ path: /admission-prometheusrules/mutate
+ {{- if and .Values.prometheusOperator.admissionWebhooks.caBundle (not .Values.prometheusOperator.admissionWebhooks.patch.enabled) (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
+ caBundle: {{ .Values.prometheusOperator.admissionWebhooks.caBundle }}
+ {{- end }}
+ timeoutSeconds: {{ .Values.prometheusOperator.admissionWebhooks.timeoutSeconds }}
+ admissionReviewVersions: ["v1", "v1beta1"]
+ sideEffects: None
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml
new file mode 100644
index 0000000..9242659
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml
@@ -0,0 +1,41 @@
+{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled }}
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-admission
+{{- if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}
+ annotations:
+ certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-admission" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }}
+ cert-manager.io/inject-ca-from: {{ printf "%s/%s-admission" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }}
+{{- end }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" $ }}-admission
+{{- include "kube-prometheus-stack.labels" $ | indent 4 }}
+webhooks:
+ - name: prometheusrulemutate.monitoring.coreos.com
+ {{- if .Values.prometheusOperator.admissionWebhooks.patch.enabled }}
+ failurePolicy: Ignore
+ {{- else }}
+ failurePolicy: {{ .Values.prometheusOperator.admissionWebhooks.failurePolicy }}
+ {{- end }}
+ rules:
+ - apiGroups:
+ - monitoring.coreos.com
+ apiVersions:
+ - "*"
+ resources:
+ - prometheusrules
+ operations:
+ - CREATE
+ - UPDATE
+ clientConfig:
+ service:
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ name: {{ template "kube-prometheus-stack.operator.fullname" $ }}
+ path: /admission-prometheusrules/validate
+ {{- if and .Values.prometheusOperator.admissionWebhooks.caBundle (not .Values.prometheusOperator.admissionWebhooks.patch.enabled) (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
+ caBundle: {{ .Values.prometheusOperator.admissionWebhooks.caBundle }}
+ {{- end }}
+ admissionReviewVersions: ["v1", "v1beta1"]
+ sideEffects: None
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/aggregate-clusterroles.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/aggregate-clusterroles.yaml
new file mode 100644
index 0000000..d15bb9e
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus-operator/aggregate-clusterroles.yaml
@@ -0,0 +1,31 @@
+{{/* This file is based on https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/rbac-crd.md */}}
+{{- if and .Values.global.rbac.create .Values.global.rbac.createAggregateClusterRoles }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-crd-view
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-admin: "true"
+ rbac.authorization.k8s.io/aggregate-to-edit: "true"
+ rbac.authorization.k8s.io/aggregate-to-view: "true"
+ app: {{ template "kube-prometheus-stack.name" . }}-operator
+ {{- include "kube-prometheus-stack.labels" . | nindent 4 }}
+rules:
+- apiGroups: ["monitoring.coreos.com"]
+ resources: ["alertmanagers", "alertmanagerconfigs", "prometheuses", "prometheusrules", "servicemonitors", "podmonitors", "probes"]
+ verbs: ["get", "list", "watch"]
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-crd-edit
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-edit: "true"
+ rbac.authorization.k8s.io/aggregate-to-admin: "true"
+ app: {{ template "kube-prometheus-stack.name" . }}-operator
+ {{- include "kube-prometheus-stack.labels" . | nindent 4 }}
+rules:
+- apiGroups: ["monitoring.coreos.com"]
+ resources: ["alertmanagers", "alertmanagerconfigs", "prometheuses", "prometheusrules", "servicemonitors", "podmonitors", "probes"]
+ verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/certmanager.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/certmanager.yaml
new file mode 100644
index 0000000..a1e06ae
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus-operator/certmanager.yaml
@@ -0,0 +1,57 @@
+{{- if .Values.prometheusOperator.admissionWebhooks.certManager.enabled -}}
+{{- if not .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef -}}
+# Create a selfsigned Issuer, in order to create a root CA certificate for
+# signing webhook serving certificates
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-self-signed-issuer
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+spec:
+ selfSigned: {}
+---
+# Generate a CA Certificate used to sign certificates for the webhook
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-root-cert
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+spec:
+ secretName: {{ template "kube-prometheus-stack.fullname" . }}-root-cert
+ duration: {{ .Values.prometheusOperator.admissionWebhooks.certManager.rootCert.duration | default "43800h0m0s" | quote }}
+ issuerRef:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-self-signed-issuer
+ commonName: "ca.webhook.kube-prometheus-stack"
+ isCA: true
+---
+# Create an Issuer that uses the above generated CA certificate to issue certs
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-root-issuer
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+spec:
+ ca:
+ secretName: {{ template "kube-prometheus-stack.fullname" . }}-root-cert
+{{- end }}
+---
+# generate a server certificate for the apiservices to use
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-admission
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+spec:
+ secretName: {{ template "kube-prometheus-stack.fullname" . }}-admission
+ duration: {{ .Values.prometheusOperator.admissionWebhooks.certManager.admissionCert.duration | default "8760h0m0s" | quote }}
+ issuerRef:
+ {{- if .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef }}
+ {{- toYaml .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef | nindent 4 }}
+ {{- else }}
+ name: {{ template "kube-prometheus-stack.fullname" . }}-root-issuer
+ {{- end }}
+ dnsNames:
+ - {{ template "kube-prometheus-stack.operator.fullname" . }}
+ - {{ template "kube-prometheus-stack.operator.fullname" . }}.{{ template "kube-prometheus-stack.namespace" . }}
+ - {{ template "kube-prometheus-stack.operator.fullname" . }}.{{ template "kube-prometheus-stack.namespace" . }}.svc
+{{- end -}}
diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/clusterrole.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/clusterrole.yaml
new file mode 100644
index 0000000..300956a
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus-operator/clusterrole.yaml
@@ -0,0 +1,81 @@
+{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-operator
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-operator
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+rules:
+- apiGroups:
+ - monitoring.coreos.com
+ resources:
+ - alertmanagers
+ - alertmanagers/finalizers
+ - alertmanagerconfigs
+ - prometheuses
+ - prometheuses/status
+ - prometheuses/finalizers
+ - thanosrulers
+ - thanosrulers/finalizers
+ - servicemonitors
+ - podmonitors
+ - probes
+ - prometheusrules
+ verbs:
+ - '*'
+- apiGroups:
+ - apps
+ resources:
+ - statefulsets
+ verbs:
+ - '*'
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ - secrets
+ verbs:
+ - '*'
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - list
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - services
+ - services/finalizers
+ - endpoints
+ verbs:
+ - get
+ - create
+ - update
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - nodes
+ verbs:
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - namespaces
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - networking.k8s.io
+ resources:
+ - ingresses
+ verbs:
+ - get
+ - list
+ - watch
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/clusterrolebinding.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/clusterrolebinding.yaml
new file mode 100644
index 0000000..c9ab0ab
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus-operator/clusterrolebinding.yaml
@@ -0,0 +1,17 @@
+{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-operator
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-operator
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "kube-prometheus-stack.fullname" . }}-operator
+subjects:
+- kind: ServiceAccount
+ name: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/deployment.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/deployment.yaml
new file mode 100644
index 0000000..c3888b9
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus-operator/deployment.yaml
@@ -0,0 +1,167 @@
+{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }}
+{{- $defaultKubeletSvcName := printf "%s-kubelet" (include "kube-prometheus-stack.fullname" .) }}
+{{- if .Values.prometheusOperator.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-operator
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-operator
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.prometheusOperator.labels }}
+{{ toYaml .Values.prometheusOperator.labels | indent 4 }}
+{{- end }}
+{{- if .Values.prometheusOperator.annotations }}
+ annotations:
+{{ toYaml .Values.prometheusOperator.annotations | indent 4 }}
+{{- end }}
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: {{ template "kube-prometheus-stack.name" . }}-operator
+ release: {{ $.Release.Name | quote }}
+ template:
+ metadata:
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-operator
+{{ include "kube-prometheus-stack.labels" . | indent 8 }}
+{{- if .Values.prometheusOperator.podLabels }}
+{{ toYaml .Values.prometheusOperator.podLabels | indent 8 }}
+{{- end }}
+{{- if .Values.prometheusOperator.podAnnotations }}
+ annotations:
+{{ toYaml .Values.prometheusOperator.podAnnotations | indent 8 }}
+{{- end }}
+ spec:
+ {{- if .Values.prometheusOperator.priorityClassName }}
+ priorityClassName: {{ .Values.prometheusOperator.priorityClassName }}
+ {{- end }}
+ containers:
+ - name: {{ template "kube-prometheus-stack.name" . }}
+ {{- if .Values.prometheusOperator.image.sha }}
+ image: "{{ .Values.prometheusOperator.image.repository }}:{{ .Values.prometheusOperator.image.tag }}@sha256:{{ .Values.prometheusOperator.image.sha }}"
+ {{- else }}
+ image: "{{ .Values.prometheusOperator.image.repository }}:{{ .Values.prometheusOperator.image.tag }}"
+ {{- end }}
+ imagePullPolicy: "{{ .Values.prometheusOperator.image.pullPolicy }}"
+ args:
+ {{- if .Values.prometheusOperator.kubeletService.enabled }}
+ - --kubelet-service={{ .Values.prometheusOperator.kubeletService.namespace }}/{{ default $defaultKubeletSvcName .Values.prometheusOperator.kubeletService.name }}
+ {{- end }}
+ {{- if .Values.prometheusOperator.logFormat }}
+ - --log-format={{ .Values.prometheusOperator.logFormat }}
+ {{- end }}
+ {{- if .Values.prometheusOperator.logLevel }}
+ - --log-level={{ .Values.prometheusOperator.logLevel }}
+ {{- end }}
+ {{- if .Values.prometheusOperator.denyNamespaces }}
+ - --deny-namespaces={{ tpl (.Values.prometheusOperator.denyNamespaces | join ",") $ }}
+ {{- end }}
+ {{- with $.Values.prometheusOperator.namespaces }}
+ {{- $namespaces := list }}
+ {{- if .releaseNamespace }}
+ {{- $namespaces = append $namespaces $namespace }}
+ {{- end }}
+ {{- if .additional }}
+ {{- range $ns := .additional }}
+ {{- $namespaces = append $namespaces (tpl $ns $) }}
+ {{- end }}
+ {{- end }}
+ - --namespaces={{ $namespaces | mustUniq | join "," }}
+ {{- end }}
+ - --localhost=127.0.0.1
+ {{- if .Values.prometheusOperator.prometheusDefaultBaseImage }}
+ - --prometheus-default-base-image={{ .Values.prometheusOperator.prometheusDefaultBaseImage }}
+ {{- end }}
+ {{- if .Values.prometheusOperator.alertmanagerDefaultBaseImage }}
+ - --alertmanager-default-base-image={{ .Values.prometheusOperator.alertmanagerDefaultBaseImage }}
+ {{- end }}
+ {{- if .Values.prometheusOperator.prometheusConfigReloader.image.sha }}
+ - --prometheus-config-reloader={{ .Values.prometheusOperator.prometheusConfigReloader.image.repository }}:{{ .Values.prometheusOperator.prometheusConfigReloader.image.tag }}@sha256:{{ .Values.prometheusOperator.prometheusConfigReloader.image.sha }}
+ {{- else }}
+ - --prometheus-config-reloader={{ .Values.prometheusOperator.prometheusConfigReloader.image.repository }}:{{ .Values.prometheusOperator.prometheusConfigReloader.image.tag }}
+ {{- end }}
+ - --config-reloader-cpu-request={{ .Values.prometheusOperator.prometheusConfigReloader.resources.requests.cpu }}
+ - --config-reloader-cpu-limit={{ .Values.prometheusOperator.prometheusConfigReloader.resources.limits.cpu }}
+ - --config-reloader-memory-request={{ .Values.prometheusOperator.prometheusConfigReloader.resources.requests.memory }}
+ - --config-reloader-memory-limit={{ .Values.prometheusOperator.prometheusConfigReloader.resources.limits.memory }}
+ {{- if .Values.prometheusOperator.alertmanagerInstanceNamespaces }}
+ - --alertmanager-instance-namespaces={{ .Values.prometheusOperator.alertmanagerInstanceNamespaces | join "," }}
+ {{- end }}
+ {{- if .Values.prometheusOperator.alertmanagerConfigNamespaces }}
+ - --alertmanager-config-namespaces={{ .Values.prometheusOperator.alertmanagerConfigNamespaces | join "," }}
+ {{- end }}
+ {{- if .Values.prometheusOperator.prometheusInstanceNamespaces }}
+ - --prometheus-instance-namespaces={{ .Values.prometheusOperator.prometheusInstanceNamespaces | join "," }}
+ {{- end }}
+ {{- if .Values.prometheusOperator.thanosImage.sha }}
+ - --thanos-default-base-image={{ .Values.prometheusOperator.thanosImage.repository }}:{{ .Values.prometheusOperator.thanosImage.tag }}@sha256:{{ .Values.prometheusOperator.thanosImage.sha }}
+ {{- else }}
+ - --thanos-default-base-image={{ .Values.prometheusOperator.thanosImage.repository }}:{{ .Values.prometheusOperator.thanosImage.tag }}
+ {{- end }}
+ {{- if .Values.prometheusOperator.thanosRulerInstanceNamespaces }}
+ - --thanos-ruler-instance-namespaces={{ .Values.prometheusOperator.thanosRulerInstanceNamespaces | join "," }}
+ {{- end }}
+ {{- if .Values.prometheusOperator.secretFieldSelector }}
+ - --secret-field-selector={{ .Values.prometheusOperator.secretFieldSelector }}
+ {{- end }}
+ {{- if .Values.prometheusOperator.clusterDomain }}
+ - --cluster-domain={{ .Values.prometheusOperator.clusterDomain }}
+ {{- end }}
+ {{- if .Values.prometheusOperator.tls.enabled }}
+ - --web.enable-tls=true
+ - --web.cert-file=/cert/{{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}tls.crt{{ else }}cert{{ end }}
+ - --web.key-file=/cert/{{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}tls.key{{ else }}key{{ end }}
+ - --web.listen-address=:{{ .Values.prometheusOperator.tls.internalPort }}
+ - --web.tls-min-version={{ .Values.prometheusOperator.tls.tlsMinVersion }}
+ ports:
+ - containerPort: {{ .Values.prometheusOperator.tls.internalPort }}
+ name: https
+ {{- else }}
+ ports:
+ - containerPort: 8080
+ name: http
+ {{- end }}
+ resources:
+{{ toYaml .Values.prometheusOperator.resources | indent 12 }}
+ securityContext:
+{{ toYaml .Values.prometheusOperator.containerSecurityContext | indent 12 }}
+{{- if .Values.prometheusOperator.tls.enabled }}
+ volumeMounts:
+ - name: tls-secret
+ mountPath: /cert
+ readOnly: true
+ volumes:
+ - name: tls-secret
+ secret:
+ defaultMode: 420
+ secretName: {{ template "kube-prometheus-stack.fullname" . }}-admission
+{{- end }}
+ {{- with .Values.prometheusOperator.dnsConfig }}
+ dnsConfig:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+{{- if .Values.prometheusOperator.securityContext }}
+ securityContext:
+{{ toYaml .Values.prometheusOperator.securityContext | indent 8 }}
+{{- end }}
+ serviceAccountName: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }}
+{{- if .Values.prometheusOperator.hostNetwork }}
+ hostNetwork: true
+ dnsPolicy: ClusterFirstWithHostNet
+{{- end }}
+ {{- with .Values.prometheusOperator.nodeSelector }}
+ nodeSelector:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.prometheusOperator.affinity }}
+ affinity:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.prometheusOperator.tolerations }}
+ tolerations:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/networkpolicy.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/networkpolicy.yaml
new file mode 100644
index 0000000..ed1c579
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus-operator/networkpolicy.yaml
@@ -0,0 +1,21 @@
+{{- if .Values.prometheusOperator.networkPolicy.enabled }}
+apiVersion: {{ template "kube-prometheus-stack.prometheus.networkPolicy.apiVersion" . }}
+kind: NetworkPolicy
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-operator
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-operator
+spec:
+ podSelector:
+ matchLabels:
+ app: {{ template "kube-prometheus-stack.name" . }}-operator
+ release: {{ $.Release.Name | quote }}
+ ingress:
+ - ports:
+ {{- if .Values.prometheusOperator.tls.enabled }}
+ - port: {{ .Values.prometheusOperator.tls.internalPort }}
+ {{- else }}
+ - port: 8080
+ {{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/psp-clusterrole.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/psp-clusterrole.yaml
new file mode 100644
index 0000000..f701222
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus-operator/psp-clusterrole.yaml
@@ -0,0 +1,22 @@
+{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
+{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-operator-psp
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-operator
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+rules:
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }}
+- apiGroups: ['policy']
+{{- else }}
+- apiGroups: ['extensions']
+{{- end }}
+ resources: ['podsecuritypolicies']
+ verbs: ['use']
+ resourceNames:
+ - {{ template "kube-prometheus-stack.fullname" . }}-operator
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/psp-clusterrolebinding.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/psp-clusterrolebinding.yaml
new file mode 100644
index 0000000..8a13fbb
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus-operator/psp-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
+{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-operator-psp
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-operator
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "kube-prometheus-stack.fullname" . }}-operator-psp
+subjects:
+ - kind: ServiceAccount
+ name: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/psp.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/psp.yaml
new file mode 100644
index 0000000..0b42e97
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus-operator/psp.yaml
@@ -0,0 +1,47 @@
+{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
+{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-operator
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-operator
+{{- if .Values.global.rbac.pspAnnotations }}
+ annotations:
+{{ toYaml .Values.global.rbac.pspAnnotations | indent 4 }}
+{{- end }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+spec:
+ privileged: false
+ # Allow core volume types.
+ volumes:
+ - 'configMap'
+ - 'emptyDir'
+ - 'projected'
+ - 'secret'
+ - 'downwardAPI'
+ - 'persistentVolumeClaim'
+ hostNetwork: {{ .Values.prometheusOperator.hostNetwork }}
+ hostIPC: false
+ hostPID: false
+ runAsUser:
+ # Permits the container to run with root privileges as well.
+ rule: 'RunAsAny'
+ seLinux:
+ # This policy assumes the nodes are using AppArmor rather than SELinux.
+ rule: 'RunAsAny'
+ supplementalGroups:
+ rule: 'MustRunAs'
+ ranges:
+ # Allow adding the root group.
+ - min: 0
+ max: 65535
+ fsGroup:
+ rule: 'MustRunAs'
+ ranges:
+ # Allow adding the root group.
+ - min: 0
+ max: 65535
+ readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/service.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/service.yaml
new file mode 100644
index 0000000..b5ef5b9
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus-operator/service.yaml
@@ -0,0 +1,58 @@
+{{- if .Values.prometheusOperator.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-operator
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-operator
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.prometheusOperator.service.labels }}
+{{ toYaml .Values.prometheusOperator.service.labels | indent 4 }}
+{{- end }}
+{{- if .Values.prometheusOperator.service.annotations }}
+ annotations:
+{{ toYaml .Values.prometheusOperator.service.annotations | indent 4 }}
+{{- end }}
+spec:
+{{- if .Values.prometheusOperator.service.clusterIP }}
+ clusterIP: {{ .Values.prometheusOperator.service.clusterIP }}
+{{- end }}
+{{- if .Values.prometheusOperator.service.externalIPs }}
+ externalIPs:
+{{ toYaml .Values.prometheusOperator.service.externalIPs | indent 4 }}
+{{- end }}
+{{- if .Values.prometheusOperator.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.prometheusOperator.service.loadBalancerIP }}
+{{- end }}
+{{- if .Values.prometheusOperator.service.loadBalancerSourceRanges }}
+ loadBalancerSourceRanges:
+ {{- range $cidr := .Values.prometheusOperator.service.loadBalancerSourceRanges }}
+ - {{ $cidr }}
+ {{- end }}
+{{- end }}
+{{- if ne .Values.prometheusOperator.service.type "ClusterIP" }}
+ externalTrafficPolicy: {{ .Values.prometheusOperator.service.externalTrafficPolicy }}
+{{- end }}
+ ports:
+ {{- if not .Values.prometheusOperator.tls.enabled }}
+ - name: http
+ {{- if eq .Values.prometheusOperator.service.type "NodePort" }}
+ nodePort: {{ .Values.prometheusOperator.service.nodePort }}
+ {{- end }}
+ port: 8080
+ targetPort: http
+ {{- end }}
+ {{- if .Values.prometheusOperator.tls.enabled }}
+ - name: https
+ {{- if eq .Values.prometheusOperator.service.type "NodePort"}}
+ nodePort: {{ .Values.prometheusOperator.service.nodePortTls }}
+ {{- end }}
+ port: 443
+ targetPort: https
+ {{- end }}
+ selector:
+ app: {{ template "kube-prometheus-stack.name" . }}-operator
+ release: {{ $.Release.Name | quote }}
+ type: "{{ .Values.prometheusOperator.service.type }}"
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/serviceaccount.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/serviceaccount.yaml
new file mode 100644
index 0000000..781975f
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus-operator/serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-operator
+ app.kubernetes.io/name: {{ template "kube-prometheus-stack.name" . }}-prometheus-operator
+ app.kubernetes.io/component: prometheus-operator
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.global.imagePullSecrets }}
+imagePullSecrets:
+{{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 2 }}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/servicemonitor.yaml
new file mode 100644
index 0000000..b7bd952
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus-operator/servicemonitor.yaml
@@ -0,0 +1,44 @@
+{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.serviceMonitor.selfMonitor }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-operator
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-operator
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+spec:
+ endpoints:
+ {{- if .Values.prometheusOperator.tls.enabled }}
+ - port: https
+ scheme: https
+ tlsConfig:
+ serverName: {{ template "kube-prometheus-stack.operator.fullname" . }}
+ ca:
+ secret:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-admission
+ key: {{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}ca.crt{{ else }}ca{{ end }}
+ optional: false
+ {{- else }}
+ - port: http
+ {{- end }}
+ honorLabels: true
+ {{- if .Values.prometheusOperator.serviceMonitor.interval }}
+ interval: {{ .Values.prometheusOperator.serviceMonitor.interval }}
+ {{- end }}
+{{- if .Values.prometheusOperator.serviceMonitor.metricRelabelings }}
+ metricRelabelings:
+{{ tpl (toYaml .Values.prometheusOperator.serviceMonitor.metricRelabelings | indent 6) . }}
+{{- end }}
+{{- if .Values.prometheusOperator.serviceMonitor.relabelings }}
+ relabelings:
+{{ toYaml .Values.prometheusOperator.serviceMonitor.relabelings | indent 6 }}
+{{- end }}
+ selector:
+ matchLabels:
+ app: {{ template "kube-prometheus-stack.name" . }}-operator
+ release: {{ $.Release.Name | quote }}
+ namespaceSelector:
+ matchNames:
+ - {{ printf "%s" (include "kube-prometheus-stack.namespace" .) | quote }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/verticalpodautoscaler.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/verticalpodautoscaler.yaml
new file mode 100644
index 0000000..9208c34
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus-operator/verticalpodautoscaler.yaml
@@ -0,0 +1,35 @@
+{{- if and (.Capabilities.APIVersions.Has "autoscaling.k8s.io/v1") (.Values.prometheusOperator.verticalPodAutoscaler.enabled) }}
+apiVersion: autoscaling.k8s.io/v1
+kind: VerticalPodAutoscaler
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-operator
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-operator
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+spec:
+ resourcePolicy:
+ containerPolicies:
+ - containerName: {{ template "kube-prometheus-stack.name" . }}
+ {{- if .Values.prometheusOperator.verticalPodAutoscaler.controlledResources }}
+ controlledResources: {{ .Values.prometheusOperator.verticalPodAutoscaler.controlledResources }}
+ {{- end }}
+ {{- if .Values.prometheusOperator.verticalPodAutoscaler.maxAllowed }}
+ maxAllowed:
+ {{ toYaml .Values.prometheusOperator.verticalPodAutoscaler.maxAllowed | nindent 8 }}
+ {{- end }}
+ {{- if .Values.prometheusOperator.verticalPodAutoscaler.minAllowed }}
+ minAllowed:
+ {{ toYaml .Values.prometheusOperator.verticalPodAutoscaler.minAllowed | nindent 8 }}
+ {{- end }}
+ targetRef:
+ apiVersion: apps/v1
+ kind: Deployment
+ name: {{ template "kube-prometheus-stack.fullname" . }}
+ {{- if .Values.prometheusOperator.verticalPodAutoscaler.updatePolicy }}
+ updatePolicy:
+ {{- if .Values.prometheusOperator.verticalPodAutoscaler.updatePolicy.updateMode }}
+ updateMode: {{ .Values.prometheusOperator.verticalPodAutoscaler.updatePolicy.updateMode }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus/_rules.tpl b/charts/kube-prometheus-stack/templates/prometheus/_rules.tpl
new file mode 100644
index 0000000..e8baf98
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/_rules.tpl
@@ -0,0 +1,36 @@
+{{- /*
+Generated file. Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- define "rules.names" }}
+rules:
+ - "alertmanager.rules"
+ - "config-reloaders"
+ - "etcd"
+ - "general.rules"
+ - "k8s.rules"
+ - "kube-apiserver-availability.rules"
+ - "kube-apiserver-burnrate.rules"
+ - "kube-apiserver-histogram.rules"
+ - "kube-apiserver-slos"
+ - "kube-prometheus-general.rules"
+ - "kube-prometheus-node-recording.rules"
+ - "kube-scheduler.rules"
+ - "kube-state-metrics"
+ - "kubelet.rules"
+ - "kubernetes-apps"
+ - "kubernetes-resources"
+ - "kubernetes-storage"
+ - "kubernetes-system"
+ - "kubernetes-system-kube-proxy"
+ - "kubernetes-system-apiserver"
+ - "kubernetes-system-kubelet"
+ - "kubernetes-system-controller-manager"
+ - "kubernetes-system-scheduler"
+ - "node-exporter.rules"
+ - "node-exporter"
+ - "node.rules"
+ - "node-network"
+ - "prometheus-operator"
+ - "prometheus"
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/prometheus/additionalAlertRelabelConfigs.yaml b/charts/kube-prometheus-stack/templates/prometheus/additionalAlertRelabelConfigs.yaml
new file mode 100644
index 0000000..bff9309
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/additionalAlertRelabelConfigs.yaml
@@ -0,0 +1,16 @@
+{{- if and .Values.prometheus.enabled .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigs }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-am-relabel-confg
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+{{- if .Values.prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations }}
+ annotations:
+{{ toYaml .Values.prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations | indent 4 }}
+{{- end }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-prometheus-am-relabel-confg
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+data:
+ additional-alert-relabel-configs.yaml: {{ toYaml .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigs | b64enc | quote }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus/additionalAlertmanagerConfigs.yaml b/charts/kube-prometheus-stack/templates/prometheus/additionalAlertmanagerConfigs.yaml
new file mode 100644
index 0000000..2fe8fdb
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/additionalAlertmanagerConfigs.yaml
@@ -0,0 +1,16 @@
+{{- if and .Values.prometheus.enabled .Values.prometheus.prometheusSpec.additionalAlertManagerConfigs }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-am-confg
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+{{- if .Values.prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations }}
+ annotations:
+{{ toYaml .Values.prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations | indent 4 }}
+{{- end }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-prometheus-am-confg
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+data:
+ additional-alertmanager-configs.yaml: {{ tpl (toYaml .Values.prometheus.prometheusSpec.additionalAlertManagerConfigs) . | b64enc | quote }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus/additionalPrometheusRules.yaml b/charts/kube-prometheus-stack/templates/prometheus/additionalPrometheusRules.yaml
new file mode 100644
index 0000000..cb4aaba
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/additionalPrometheusRules.yaml
@@ -0,0 +1,43 @@
+{{- if or .Values.additionalPrometheusRules .Values.additionalPrometheusRulesMap}}
+apiVersion: v1
+kind: List
+metadata:
+ name: {{ include "kube-prometheus-stack.fullname" $ }}-additional-prometheus-rules
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+items:
+{{- if .Values.additionalPrometheusRulesMap }}
+{{- range $prometheusRuleName, $prometheusRule := .Values.additionalPrometheusRulesMap }}
+ - apiVersion: monitoring.coreos.com/v1
+ kind: PrometheusRule
+ metadata:
+ name: {{ template "kube-prometheus-stack.name" $ }}-{{ $prometheusRuleName }}
+ namespace: {{ template "kube-prometheus-stack.namespace" $ }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" $ }}
+{{ include "kube-prometheus-stack.labels" $ | indent 8 }}
+ {{- if $prometheusRule.additionalLabels }}
+{{ toYaml $prometheusRule.additionalLabels | indent 8 }}
+ {{- end }}
+ spec:
+ groups:
+{{ toYaml $prometheusRule.groups| indent 8 }}
+{{- end }}
+{{- else }}
+{{- range .Values.additionalPrometheusRules }}
+ - apiVersion: monitoring.coreos.com/v1
+ kind: PrometheusRule
+ metadata:
+ name: {{ template "kube-prometheus-stack.name" $ }}-{{ .name }}
+ namespace: {{ template "kube-prometheus-stack.namespace" $ }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" $ }}
+{{ include "kube-prometheus-stack.labels" $ | indent 8 }}
+ {{- if .additionalLabels }}
+{{ toYaml .additionalLabels | indent 8 }}
+ {{- end }}
+ spec:
+ groups:
+{{ toYaml .groups| indent 8 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus/additionalScrapeConfigs.yaml b/charts/kube-prometheus-stack/templates/prometheus/additionalScrapeConfigs.yaml
new file mode 100644
index 0000000..ebdf766
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/additionalScrapeConfigs.yaml
@@ -0,0 +1,20 @@
+{{- if and .Values.prometheus.enabled .Values.prometheus.prometheusSpec.additionalScrapeConfigs }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-scrape-confg
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+{{- if .Values.prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations }}
+ annotations:
+{{ toYaml .Values.prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations | indent 4 }}
+{{- end }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-prometheus-scrape-confg
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+data:
+{{- if eq ( typeOf .Values.prometheus.prometheusSpec.additionalScrapeConfigs ) "string" }}
+ additional-scrape-configs.yaml: {{ tpl .Values.prometheus.prometheusSpec.additionalScrapeConfigs $ | b64enc | quote }}
+{{- else }}
+ additional-scrape-configs.yaml: {{ tpl (toYaml .Values.prometheus.prometheusSpec.additionalScrapeConfigs) $ | b64enc | quote }}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus/clusterrole.yaml b/charts/kube-prometheus-stack/templates/prometheus/clusterrole.yaml
new file mode 100644
index 0000000..3585b5d
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/clusterrole.yaml
@@ -0,0 +1,30 @@
+{{- if and .Values.prometheus.enabled .Values.global.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-prometheus
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+rules:
+# This permission are not in the kube-prometheus repo
+# they're grabbed from https://github.com/prometheus/prometheus/blob/master/documentation/examples/rbac-setup.yml
+- apiGroups: [""]
+ resources:
+ - nodes
+ - nodes/metrics
+ - services
+ - endpoints
+ - pods
+ verbs: ["get", "list", "watch"]
+- apiGroups:
+ - "networking.k8s.io"
+ resources:
+ - ingresses
+ verbs: ["get", "list", "watch"]
+- nonResourceURLs: ["/metrics", "/metrics/cadvisor"]
+ verbs: ["get"]
+{{- if .Values.prometheus.additionalRulesForClusterRole }}
+{{ toYaml .Values.prometheus.additionalRulesForClusterRole | indent 0 }}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus/clusterrolebinding.yaml b/charts/kube-prometheus-stack/templates/prometheus/clusterrolebinding.yaml
new file mode 100644
index 0000000..9fc4f65
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/clusterrolebinding.yaml
@@ -0,0 +1,18 @@
+{{- if and .Values.prometheus.enabled .Values.global.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-prometheus
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus
+subjects:
+ - kind: ServiceAccount
+ name: {{ template "kube-prometheus-stack.prometheus.serviceAccountName" . }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+{{- end }}
+
diff --git a/charts/kube-prometheus-stack/templates/prometheus/csi-secret.yaml b/charts/kube-prometheus-stack/templates/prometheus/csi-secret.yaml
new file mode 100644
index 0000000..89399ce
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/csi-secret.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.prometheus.prometheusSpec.thanos.secretProviderClass }}
+---
+apiVersion: secrets-store.csi.x-k8s.io/v1alpha1
+kind: SecretProviderClass
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-prometheus
+spec:
+{{ toYaml .Values.prometheus.prometheusSpec.thanos.secretProviderClass | indent 2 }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/prometheus/extrasecret.yaml b/charts/kube-prometheus-stack/templates/prometheus/extrasecret.yaml
new file mode 100644
index 0000000..17f3478
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/extrasecret.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.prometheus.extraSecret.data -}}
+{{- $secretName := printf "prometheus-%s-extra" (include "kube-prometheus-stack.fullname" . ) -}}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ default $secretName .Values.prometheus.extraSecret.name }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+{{- if .Values.prometheus.extraSecret.annotations }}
+ annotations:
+{{ toYaml .Values.prometheus.extraSecret.annotations | indent 4 }}
+{{- end }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-prometheus
+ app.kubernetes.io/component: prometheus
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+data:
+{{- range $key, $val := .Values.prometheus.extraSecret.data }}
+ {{ $key }}: {{ $val | b64enc | quote }}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus/ingress.yaml b/charts/kube-prometheus-stack/templates/prometheus/ingress.yaml
new file mode 100644
index 0000000..91fadf9
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/ingress.yaml
@@ -0,0 +1,77 @@
+{{- if and .Values.prometheus.enabled .Values.prometheus.ingress.enabled -}}
+ {{- $pathType := .Values.prometheus.ingress.pathType | default "ImplementationSpecific" -}}
+ {{- $serviceName := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus" -}}
+ {{- $servicePort := .Values.prometheus.ingress.servicePort | default .Values.prometheus.service.port -}}
+ {{- $routePrefix := list .Values.prometheus.prometheusSpec.routePrefix -}}
+ {{- $paths := .Values.prometheus.ingress.paths | default $routePrefix -}}
+ {{- $apiIsStable := eq (include "kube-prometheus-stack.ingress.isStable" .) "true" -}}
+ {{- $ingressSupportsPathType := eq (include "kube-prometheus-stack.ingress.supportsPathType" .) "true" -}}
+apiVersion: {{ include "kube-prometheus-stack.ingress.apiVersion" . }}
+kind: Ingress
+metadata:
+{{- if .Values.prometheus.ingress.annotations }}
+ annotations:
+{{ toYaml .Values.prometheus.ingress.annotations | indent 4 }}
+{{- end }}
+ name: {{ $serviceName }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-prometheus
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.prometheus.ingress.labels }}
+{{ toYaml .Values.prometheus.ingress.labels | indent 4 }}
+{{- end }}
+spec:
+ {{- if $apiIsStable }}
+ {{- if .Values.prometheus.ingress.ingressClassName }}
+ ingressClassName: {{ .Values.prometheus.ingress.ingressClassName }}
+ {{- end }}
+ {{- end }}
+ rules:
+ {{- if .Values.prometheus.ingress.hosts }}
+ {{- range $host := .Values.prometheus.ingress.hosts }}
+ - host: {{ tpl $host $ }}
+ http:
+ paths:
+ {{- range $p := $paths }}
+ - path: {{ tpl $p $ }}
+ {{- if and $pathType $ingressSupportsPathType }}
+ pathType: {{ $pathType }}
+ {{- end }}
+ backend:
+ {{- if $apiIsStable }}
+ service:
+ name: {{ $serviceName }}
+ port:
+ number: {{ $servicePort }}
+ {{- else }}
+ serviceName: {{ $serviceName }}
+ servicePort: {{ $servicePort }}
+ {{- end }}
+ {{- end -}}
+ {{- end -}}
+ {{- else }}
+ - http:
+ paths:
+ {{- range $p := $paths }}
+ - path: {{ tpl $p $ }}
+ {{- if and $pathType $ingressSupportsPathType }}
+ pathType: {{ $pathType }}
+ {{- end }}
+ backend:
+ {{- if $apiIsStable }}
+ service:
+ name: {{ $serviceName }}
+ port:
+ number: {{ $servicePort }}
+ {{- else }}
+ serviceName: {{ $serviceName }}
+ servicePort: {{ $servicePort }}
+ {{- end }}
+ {{- end -}}
+ {{- end -}}
+ {{- if .Values.prometheus.ingress.tls }}
+ tls:
+{{ tpl (toYaml .Values.prometheus.ingress.tls | indent 4) . }}
+ {{- end -}}
+{{- end -}}
diff --git a/charts/kube-prometheus-stack/templates/prometheus/ingressThanosSidecar.yaml b/charts/kube-prometheus-stack/templates/prometheus/ingressThanosSidecar.yaml
new file mode 100644
index 0000000..7a33859
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/ingressThanosSidecar.yaml
@@ -0,0 +1,76 @@
+{{- if and .Values.prometheus.enabled .Values.prometheus.thanosIngress.enabled }}
+{{- $pathType := .Values.prometheus.thanosIngress.pathType | default "" }}
+{{- $serviceName := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus" }}
+{{- $thanosPort := .Values.prometheus.thanosIngress.servicePort -}}
+{{- $routePrefix := list .Values.prometheus.prometheusSpec.routePrefix }}
+{{- $paths := .Values.prometheus.thanosIngress.paths | default $routePrefix -}}
+{{- $apiIsStable := eq (include "kube-prometheus-stack.ingress.isStable" .) "true" -}}
+{{- $ingressSupportsPathType := eq (include "kube-prometheus-stack.ingress.supportsPathType" .) "true" -}}
+apiVersion: {{ include "kube-prometheus-stack.ingress.apiVersion" . }}
+kind: Ingress
+metadata:
+{{- if .Values.prometheus.thanosIngress.annotations }}
+ annotations:
+{{ toYaml .Values.prometheus.thanosIngress.annotations | indent 4 }}
+{{- end }}
+ name: {{ template "kube-prometheus-stack.fullname" . }}-thanos-gateway
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-prometheus
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.prometheus.thanosIngress.labels }}
+{{ toYaml .Values.prometheus.thanosIngress.labels | indent 4 }}
+{{- end }}
+spec:
+ {{- if $apiIsStable }}
+ {{- if .Values.prometheus.thanosIngress.ingressClassName }}
+ ingressClassName: {{ .Values.prometheus.thanosIngress.ingressClassName }}
+ {{- end }}
+ {{- end }}
+ rules:
+ {{- if .Values.prometheus.thanosIngress.hosts }}
+ {{- range $host := .Values.prometheus.thanosIngress.hosts }}
+ - host: {{ tpl $host $ }}
+ http:
+ paths:
+ {{- range $p := $paths }}
+ - path: {{ tpl $p $ }}
+ {{- if and $pathType $ingressSupportsPathType }}
+ pathType: {{ $pathType }}
+ {{- end }}
+ backend:
+ {{- if $apiIsStable }}
+ service:
+ name: {{ $serviceName }}
+ port:
+ number: {{ $thanosPort }}
+ {{- else }}
+ serviceName: {{ $serviceName }}
+ servicePort: {{ $thanosPort }}
+ {{- end }}
+ {{- end -}}
+ {{- end -}}
+ {{- else }}
+ - http:
+ paths:
+ {{- range $p := $paths }}
+ - path: {{ tpl $p $ }}
+ {{- if and $pathType $ingressSupportsPathType }}
+ pathType: {{ $pathType }}
+ {{- end }}
+ backend:
+ {{- if $apiIsStable }}
+ service:
+ name: {{ $serviceName }}
+ port:
+ number: {{ $thanosPort }}
+ {{- else }}
+ serviceName: {{ $serviceName }}
+ servicePort: {{ $thanosPort }}
+ {{- end }}
+ {{- end -}}
+ {{- end -}}
+ {{- if .Values.prometheus.thanosIngress.tls }}
+ tls:
+{{ tpl (toYaml .Values.prometheus.thanosIngress.tls | indent 4) . }}
+ {{- end -}}
+{{- end -}}
diff --git a/charts/kube-prometheus-stack/templates/prometheus/ingressperreplica.yaml b/charts/kube-prometheus-stack/templates/prometheus/ingressperreplica.yaml
new file mode 100644
index 0000000..df63199
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/ingressperreplica.yaml
@@ -0,0 +1,67 @@
+{{- if and .Values.prometheus.enabled .Values.prometheus.servicePerReplica.enabled .Values.prometheus.ingressPerReplica.enabled }}
+{{- $pathType := .Values.prometheus.ingressPerReplica.pathType | default "" }}
+{{- $count := .Values.prometheus.prometheusSpec.replicas | int -}}
+{{- $servicePort := .Values.prometheus.servicePerReplica.port -}}
+{{- $ingressValues := .Values.prometheus.ingressPerReplica -}}
+{{- $apiIsStable := eq (include "kube-prometheus-stack.ingress.isStable" .) "true" -}}
+{{- $ingressSupportsPathType := eq (include "kube-prometheus-stack.ingress.supportsPathType" .) "true" -}}
+apiVersion: v1
+kind: List
+metadata:
+ name: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-ingressperreplica
+ namespace: {{ template "kube-prometheus-stack.namespace" $ }}
+items:
+{{ range $i, $e := until $count }}
+ - kind: Ingress
+ apiVersion: {{ include "kube-prometheus-stack.ingress.apiVersion" $ }}
+ metadata:
+ name: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-{{ $i }}
+ namespace: {{ template "kube-prometheus-stack.namespace" $ }}
+ labels:
+ app: {{ include "kube-prometheus-stack.name" $ }}-prometheus
+ {{ include "kube-prometheus-stack.labels" $ | indent 8 }}
+ {{- if $ingressValues.labels }}
+{{ toYaml $ingressValues.labels | indent 8 }}
+ {{- end }}
+ {{- if $ingressValues.annotations }}
+ annotations:
+{{ toYaml $ingressValues.annotations | indent 8 }}
+ {{- end }}
+ spec:
+ {{- if $apiIsStable }}
+ {{- if $ingressValues.ingressClassName }}
+ ingressClassName: {{ $ingressValues.ingressClassName }}
+ {{- end }}
+ {{- end }}
+ rules:
+ - host: {{ $ingressValues.hostPrefix }}-{{ $i }}.{{ $ingressValues.hostDomain }}
+ http:
+ paths:
+ {{- range $p := $ingressValues.paths }}
+ - path: {{ tpl $p $ }}
+ {{- if and $pathType $ingressSupportsPathType }}
+ pathType: {{ $pathType }}
+ {{- end }}
+ backend:
+ {{- if $apiIsStable }}
+ service:
+ name: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-{{ $i }}
+ port:
+ number: {{ $servicePort }}
+ {{- else }}
+ serviceName: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-{{ $i }}
+ servicePort: {{ $servicePort }}
+ {{- end }}
+ {{- end -}}
+ {{- if or $ingressValues.tlsSecretName $ingressValues.tlsSecretPerReplica.enabled }}
+ tls:
+ - hosts:
+ - {{ $ingressValues.hostPrefix }}-{{ $i }}.{{ $ingressValues.hostDomain }}
+ {{- if $ingressValues.tlsSecretPerReplica.enabled }}
+ secretName: {{ $ingressValues.tlsSecretPerReplica.prefix }}-{{ $i }}
+ {{- else }}
+ secretName: {{ $ingressValues.tlsSecretName }}
+ {{- end }}
+ {{- end }}
+{{- end -}}
+{{- end -}}
diff --git a/charts/kube-prometheus-stack/templates/prometheus/podDisruptionBudget.yaml b/charts/kube-prometheus-stack/templates/prometheus/podDisruptionBudget.yaml
new file mode 100644
index 0000000..02a320e
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/podDisruptionBudget.yaml
@@ -0,0 +1,21 @@
+{{- if and .Values.prometheus.enabled .Values.prometheus.podDisruptionBudget.enabled }}
+apiVersion: {{ include "kube-prometheus-stack.pdb.apiVersion" . }}
+kind: PodDisruptionBudget
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-prometheus
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+spec:
+ {{- if .Values.prometheus.podDisruptionBudget.minAvailable }}
+ minAvailable: {{ .Values.prometheus.podDisruptionBudget.minAvailable }}
+ {{- end }}
+ {{- if .Values.prometheus.podDisruptionBudget.maxUnavailable }}
+ maxUnavailable: {{ .Values.prometheus.podDisruptionBudget.maxUnavailable }}
+ {{- end }}
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: prometheus
+ prometheus: {{ template "kube-prometheus-stack.prometheus.crname" . }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus/podmonitors.yaml b/charts/kube-prometheus-stack/templates/prometheus/podmonitors.yaml
new file mode 100644
index 0000000..95d568e
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/podmonitors.yaml
@@ -0,0 +1,37 @@
+{{- if and .Values.prometheus.enabled .Values.prometheus.additionalPodMonitors }}
+apiVersion: v1
+kind: List
+items:
+{{- range .Values.prometheus.additionalPodMonitors }}
+ - apiVersion: monitoring.coreos.com/v1
+ kind: PodMonitor
+ metadata:
+ name: {{ .name }}
+ namespace: {{ template "kube-prometheus-stack.namespace" $ }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" $ }}-prometheus
+{{ include "kube-prometheus-stack.labels" $ | indent 8 }}
+ {{- if .additionalLabels }}
+{{ toYaml .additionalLabels | indent 8 }}
+ {{- end }}
+ spec:
+ podMetricsEndpoints:
+{{ toYaml .podMetricsEndpoints | indent 8 }}
+ {{- if .jobLabel }}
+ jobLabel: {{ .jobLabel }}
+ {{- end }}
+ {{- if .namespaceSelector }}
+ namespaceSelector:
+{{ toYaml .namespaceSelector | indent 8 }}
+ {{- end }}
+ selector:
+{{ toYaml .selector | indent 8 }}
+ {{- if .podTargetLabels }}
+ podTargetLabels:
+{{ toYaml .podTargetLabels | indent 8 }}
+ {{- end }}
+ {{- if .sampleLimit }}
+ sampleLimit: {{ .sampleLimit }}
+ {{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus/prometheus.yaml b/charts/kube-prometheus-stack/templates/prometheus/prometheus.yaml
new file mode 100644
index 0000000..7ccc949
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/prometheus.yaml
@@ -0,0 +1,390 @@
+{{- if .Values.prometheus.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: Prometheus
+metadata:
+ name: {{ template "kube-prometheus-stack.prometheus.crname" . }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-prometheus
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.prometheus.annotations }}
+ annotations:
+{{ toYaml .Values.prometheus.annotations | indent 4 }}
+{{- end }}
+spec:
+{{- if or .Values.prometheus.prometheusSpec.alertingEndpoints .Values.alertmanager.enabled }}
+ alerting:
+ alertmanagers:
+{{- if .Values.prometheus.prometheusSpec.alertingEndpoints }}
+{{ toYaml .Values.prometheus.prometheusSpec.alertingEndpoints | indent 6 }}
+{{- else if .Values.alertmanager.enabled }}
+ - namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
+ port: {{ .Values.alertmanager.alertmanagerSpec.portName }}
+ {{- if .Values.alertmanager.alertmanagerSpec.routePrefix }}
+ pathPrefix: "{{ .Values.alertmanager.alertmanagerSpec.routePrefix }}"
+ {{- end }}
+ apiVersion: {{ .Values.alertmanager.apiVersion }}
+{{- end }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.apiserverConfig }}
+ apiserverConfig:
+{{ toYaml .Values.prometheus.prometheusSpec.apiserverConfig | indent 4}}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.image }}
+ {{- if and .Values.prometheus.prometheusSpec.image.tag .Values.prometheus.prometheusSpec.image.sha }}
+ image: "{{ .Values.prometheus.prometheusSpec.image.repository }}:{{ .Values.prometheus.prometheusSpec.image.tag }}@sha256:{{ .Values.prometheus.prometheusSpec.image.sha }}"
+ {{- else if .Values.prometheus.prometheusSpec.image.sha }}
+ image: "{{ .Values.prometheus.prometheusSpec.image.repository }}@sha256:{{ .Values.prometheus.prometheusSpec.image.sha }}"
+ {{- else if .Values.prometheus.prometheusSpec.image.tag }}
+ image: "{{ .Values.prometheus.prometheusSpec.image.repository }}:{{ .Values.prometheus.prometheusSpec.image.tag }}"
+ {{- else }}
+ image: "{{ .Values.prometheus.prometheusSpec.image.repository }}"
+ {{- end }}
+ version: {{ .Values.prometheus.prometheusSpec.image.tag }}
+ {{- if .Values.prometheus.prometheusSpec.image.sha }}
+ sha: {{ .Values.prometheus.prometheusSpec.image.sha }}
+ {{- end }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.additionalArgs }}
+ additionalArgs:
+{{ toYaml .Values.prometheus.prometheusSpec.additionalArgs | indent 4}}
+{{- end -}}
+{{- if .Values.prometheus.prometheusSpec.externalLabels }}
+ externalLabels:
+{{ tpl (toYaml .Values.prometheus.prometheusSpec.externalLabels | indent 4) . }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.prometheusExternalLabelNameClear }}
+ prometheusExternalLabelName: ""
+{{- else if .Values.prometheus.prometheusSpec.prometheusExternalLabelName }}
+ prometheusExternalLabelName: "{{ .Values.prometheus.prometheusSpec.prometheusExternalLabelName }}"
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.replicaExternalLabelNameClear }}
+ replicaExternalLabelName: ""
+{{- else if .Values.prometheus.prometheusSpec.replicaExternalLabelName }}
+ replicaExternalLabelName: "{{ .Values.prometheus.prometheusSpec.replicaExternalLabelName }}"
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.enableRemoteWriteReceiver }}
+ enableRemoteWriteReceiver: {{ .Values.prometheus.prometheusSpec.enableRemoteWriteReceiver }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.externalUrl }}
+ externalUrl: "{{ tpl .Values.prometheus.prometheusSpec.externalUrl . }}"
+{{- else if and .Values.prometheus.ingress.enabled .Values.prometheus.ingress.hosts }}
+ externalUrl: "http://{{ tpl (index .Values.prometheus.ingress.hosts 0) . }}{{ .Values.prometheus.prometheusSpec.routePrefix }}"
+{{- else }}
+ externalUrl: http://{{ template "kube-prometheus-stack.fullname" . }}-prometheus.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.prometheus.service.port }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.prometheus.prometheusSpec.nodeSelector | indent 4 }}
+{{- end }}
+ paused: {{ .Values.prometheus.prometheusSpec.paused }}
+ replicas: {{ .Values.prometheus.prometheusSpec.replicas }}
+ shards: {{ .Values.prometheus.prometheusSpec.shards }}
+ logLevel: {{ .Values.prometheus.prometheusSpec.logLevel }}
+ logFormat: {{ .Values.prometheus.prometheusSpec.logFormat }}
+ listenLocal: {{ .Values.prometheus.prometheusSpec.listenLocal }}
+ enableAdminAPI: {{ .Values.prometheus.prometheusSpec.enableAdminAPI }}
+{{- if .Values.prometheus.prometheusSpec.web }}
+ web:
+{{ toYaml .Values.prometheus.prometheusSpec.web | indent 4 }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.exemplars }}
+ exemplars:
+ {{ toYaml .Values.prometheus.prometheusSpec.exemplars | indent 4 }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.enableFeatures }}
+ enableFeatures:
+{{- range $enableFeatures := .Values.prometheus.prometheusSpec.enableFeatures }}
+ - {{ tpl $enableFeatures $ }}
+{{- end }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.scrapeInterval }}
+ scrapeInterval: {{ .Values.prometheus.prometheusSpec.scrapeInterval }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.scrapeTimeout }}
+ scrapeTimeout: {{ .Values.prometheus.prometheusSpec.scrapeTimeout }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.evaluationInterval }}
+ evaluationInterval: {{ .Values.prometheus.prometheusSpec.evaluationInterval }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.resources }}
+ resources:
+{{ toYaml .Values.prometheus.prometheusSpec.resources | indent 4 }}
+{{- end }}
+ retention: {{ .Values.prometheus.prometheusSpec.retention | quote }}
+{{- if .Values.prometheus.prometheusSpec.retentionSize }}
+ retentionSize: {{ .Values.prometheus.prometheusSpec.retentionSize | quote }}
+{{- end }}
+{{- if eq .Values.prometheus.prometheusSpec.walCompression false }}
+ walCompression: false
+{{ else }}
+ walCompression: true
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.routePrefix }}
+ routePrefix: {{ .Values.prometheus.prometheusSpec.routePrefix | quote }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.secrets }}
+ secrets:
+{{ toYaml .Values.prometheus.prometheusSpec.secrets | indent 4 }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.configMaps }}
+ configMaps:
+{{ toYaml .Values.prometheus.prometheusSpec.configMaps | indent 4 }}
+{{- end }}
+ serviceAccountName: {{ template "kube-prometheus-stack.prometheus.serviceAccountName" . }}
+{{- if .Values.prometheus.prometheusSpec.serviceMonitorSelector }}
+ serviceMonitorSelector:
+{{ toYaml .Values.prometheus.prometheusSpec.serviceMonitorSelector | indent 4 }}
+{{ else if .Values.prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues }}
+ serviceMonitorSelector:
+ matchLabels:
+ release: {{ $.Release.Name | quote }}
+{{ else }}
+ serviceMonitorSelector: {}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.serviceMonitorNamespaceSelector }}
+ serviceMonitorNamespaceSelector:
+{{ toYaml .Values.prometheus.prometheusSpec.serviceMonitorNamespaceSelector | indent 4 }}
+{{ else }}
+ serviceMonitorNamespaceSelector: {}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.podMonitorSelector }}
+ podMonitorSelector:
+{{ toYaml .Values.prometheus.prometheusSpec.podMonitorSelector | indent 4 }}
+{{ else if .Values.prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues }}
+ podMonitorSelector:
+ matchLabels:
+ release: {{ $.Release.Name | quote }}
+{{ else }}
+ podMonitorSelector: {}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.podMonitorNamespaceSelector }}
+ podMonitorNamespaceSelector:
+{{ toYaml .Values.prometheus.prometheusSpec.podMonitorNamespaceSelector | indent 4 }}
+{{ else }}
+ podMonitorNamespaceSelector: {}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.probeSelector }}
+ probeSelector:
+{{ toYaml .Values.prometheus.prometheusSpec.probeSelector | indent 4 }}
+{{ else if .Values.prometheus.prometheusSpec.probeSelectorNilUsesHelmValues }}
+ probeSelector:
+ matchLabels:
+ release: {{ $.Release.Name | quote }}
+{{ else }}
+ probeSelector: {}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.probeNamespaceSelector }}
+ probeNamespaceSelector:
+{{ toYaml .Values.prometheus.prometheusSpec.probeNamespaceSelector | indent 4 }}
+{{ else }}
+ probeNamespaceSelector: {}
+{{- end }}
+{{- if (or .Values.prometheus.prometheusSpec.remoteRead .Values.prometheus.prometheusSpec.additionalRemoteRead) }}
+ remoteRead:
+{{- if .Values.prometheus.prometheusSpec.remoteRead }}
+{{ tpl (toYaml .Values.prometheus.prometheusSpec.remoteRead | indent 4) . }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.additionalRemoteRead }}
+{{ toYaml .Values.prometheus.prometheusSpec.additionalRemoteRead | indent 4 }}
+{{- end }}
+{{- end }}
+{{- if (or .Values.prometheus.prometheusSpec.remoteWrite .Values.prometheus.prometheusSpec.additionalRemoteWrite) }}
+ remoteWrite:
+{{- if .Values.prometheus.prometheusSpec.remoteWrite }}
+{{ tpl (toYaml .Values.prometheus.prometheusSpec.remoteWrite | indent 4) . }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.additionalRemoteWrite }}
+{{ toYaml .Values.prometheus.prometheusSpec.additionalRemoteWrite | indent 4 }}
+{{- end }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.securityContext }}
+ securityContext:
+{{ toYaml .Values.prometheus.prometheusSpec.securityContext | indent 4 }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.ruleNamespaceSelector }}
+ ruleNamespaceSelector:
+{{ toYaml .Values.prometheus.prometheusSpec.ruleNamespaceSelector | indent 4 }}
+{{ else }}
+ ruleNamespaceSelector: {}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.ruleSelector }}
+ ruleSelector:
+{{ toYaml .Values.prometheus.prometheusSpec.ruleSelector | indent 4}}
+{{- else if .Values.prometheus.prometheusSpec.ruleSelectorNilUsesHelmValues }}
+ ruleSelector:
+ matchLabels:
+ release: {{ $.Release.Name | quote }}
+{{ else }}
+ ruleSelector: {}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.storageSpec }}
+ storage:
+{{ tpl (toYaml .Values.prometheus.prometheusSpec.storageSpec | indent 4) . }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.podMetadata }}
+ podMetadata:
+{{ tpl (toYaml .Values.prometheus.prometheusSpec.podMetadata | indent 4) . }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.query }}
+ query:
+{{ toYaml .Values.prometheus.prometheusSpec.query | indent 4}}
+{{- end }}
+{{- if or .Values.prometheus.prometheusSpec.podAntiAffinity .Values.prometheus.prometheusSpec.affinity }}
+ affinity:
+{{- if .Values.prometheus.prometheusSpec.affinity }}
+{{ toYaml .Values.prometheus.prometheusSpec.affinity | indent 4 }}
+{{- end }}
+{{- if eq .Values.prometheus.prometheusSpec.podAntiAffinity "hard" }}
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - topologyKey: {{ .Values.prometheus.prometheusSpec.podAntiAffinityTopologyKey }}
+ labelSelector:
+ matchExpressions:
+ - {key: app.kubernetes.io/name, operator: In, values: [prometheus]}
+ - {key: prometheus, operator: In, values: [{{ template "kube-prometheus-stack.prometheus.crname" . }}]}
+{{- else if eq .Values.prometheus.prometheusSpec.podAntiAffinity "soft" }}
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 100
+ podAffinityTerm:
+ topologyKey: {{ .Values.prometheus.prometheusSpec.podAntiAffinityTopologyKey }}
+ labelSelector:
+ matchExpressions:
+ - {key: app.kubernetes.io/name, operator: In, values: [prometheus]}
+ - {key: prometheus, operator: In, values: [{{ template "kube-prometheus-stack.prometheus.crname" . }}]}
+{{- end }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.tolerations }}
+ tolerations:
+{{ toYaml .Values.prometheus.prometheusSpec.tolerations | indent 4 }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.topologySpreadConstraints }}
+ topologySpreadConstraints:
+{{ toYaml .Values.prometheus.prometheusSpec.topologySpreadConstraints | indent 4 }}
+{{- end }}
+{{- if .Values.global.imagePullSecrets }}
+ imagePullSecrets:
+{{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 4 }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.additionalScrapeConfigs }}
+ additionalScrapeConfigs:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-scrape-confg
+ key: additional-scrape-configs.yaml
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.additionalScrapeConfigsSecret.enabled }}
+ additionalScrapeConfigs:
+ name: {{ .Values.prometheus.prometheusSpec.additionalScrapeConfigsSecret.name }}
+ key: {{ .Values.prometheus.prometheusSpec.additionalScrapeConfigsSecret.key }}
+{{- end }}
+{{- if or .Values.prometheus.prometheusSpec.additionalAlertManagerConfigs .Values.prometheus.prometheusSpec.additionalAlertManagerConfigsSecret }}
+ additionalAlertManagerConfigs:
+{{- if .Values.prometheus.prometheusSpec.additionalAlertManagerConfigs }}
+ name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-am-confg
+ key: additional-alertmanager-configs.yaml
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.additionalAlertManagerConfigsSecret }}
+ name: {{ .Values.prometheus.prometheusSpec.additionalAlertManagerConfigsSecret.name }}
+ key: {{ .Values.prometheus.prometheusSpec.additionalAlertManagerConfigsSecret.key }}
+ {{- if hasKey .Values.prometheus.prometheusSpec.additionalAlertManagerConfigsSecret "optional" }}
+ optional: {{ .Values.prometheus.prometheusSpec.additionalAlertManagerConfigsSecret.optional }}
+ {{- end }}
+{{- end }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigs }}
+ additionalAlertRelabelConfigs:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-am-relabel-confg
+ key: additional-alert-relabel-configs.yaml
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigsSecret }}
+ additionalAlertRelabelConfigs:
+ name: {{ .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigsSecret.name }}
+ key: {{ .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigsSecret.key }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.containers }}
+ containers:
+{{ toYaml .Values.prometheus.prometheusSpec.containers | indent 4 }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.initContainers }}
+ initContainers:
+{{ toYaml .Values.prometheus.prometheusSpec.initContainers | indent 4 }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.priorityClassName }}
+ priorityClassName: {{ .Values.prometheus.prometheusSpec.priorityClassName }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.thanos }}
+ thanos:
+{{ toYaml .Values.prometheus.prometheusSpec.thanos | indent 4 }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.disableCompaction }}
+ disableCompaction: {{ .Values.prometheus.prometheusSpec.disableCompaction }}
+{{- end }}
+ portName: {{ .Values.prometheus.prometheusSpec.portName }}
+{{- if .Values.prometheus.prometheusSpec.volumes }}
+ volumes:
+{{ toYaml .Values.prometheus.prometheusSpec.volumes | indent 4 }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.volumeMounts }}
+ volumeMounts:
+{{ toYaml .Values.prometheus.prometheusSpec.volumeMounts | indent 4 }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.arbitraryFSAccessThroughSMs }}
+ arbitraryFSAccessThroughSMs:
+{{ toYaml .Values.prometheus.prometheusSpec.arbitraryFSAccessThroughSMs | indent 4 }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.overrideHonorLabels }}
+ overrideHonorLabels: {{ .Values.prometheus.prometheusSpec.overrideHonorLabels }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.overrideHonorTimestamps }}
+ overrideHonorTimestamps: {{ .Values.prometheus.prometheusSpec.overrideHonorTimestamps }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }}
+ ignoreNamespaceSelectors: {{ .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.enforcedNamespaceLabel }}
+ enforcedNamespaceLabel: {{ .Values.prometheus.prometheusSpec.enforcedNamespaceLabel }}
+{{- $prometheusDefaultRulesExcludedFromEnforce := (include "rules.names" .) | fromYaml }}
+ prometheusRulesExcludedFromEnforce:
+{{- range $prometheusDefaultRulesExcludedFromEnforce.rules }}
+ - ruleNamespace: "{{ template "kube-prometheus-stack.namespace" $ }}"
+ ruleName: "{{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) . | trunc 63 | trimSuffix "-" }}"
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.prometheusRulesExcludedFromEnforce }}
+{{ toYaml .Values.prometheus.prometheusSpec.prometheusRulesExcludedFromEnforce | indent 4 }}
+{{- end }}
+ excludedFromEnforcement:
+{{- range $prometheusDefaultRulesExcludedFromEnforce.rules }}
+ - resource: prometheusrules
+ namespace: "{{ template "kube-prometheus-stack.namespace" $ }}"
+ name: "{{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) . | trunc 63 | trimSuffix "-" }}"
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.excludedFromEnforcement }}
+{{ tpl (toYaml .Values.prometheus.prometheusSpec.excludedFromEnforcement | indent 4) . }}
+{{- end }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.queryLogFile }}
+ queryLogFile: {{ .Values.prometheus.prometheusSpec.queryLogFile }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.enforcedSampleLimit }}
+ enforcedSampleLimit: {{ .Values.prometheus.prometheusSpec.enforcedSampleLimit }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.enforcedTargetLimit }}
+ enforcedTargetLimit: {{ .Values.prometheus.prometheusSpec.enforcedTargetLimit }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.enforcedLabelLimit }}
+ enforcedLabelLimit: {{ .Values.prometheus.prometheusSpec.enforcedLabelLimit }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.enforcedLabelNameLengthLimit }}
+ enforcedLabelNameLengthLimit: {{ .Values.prometheus.prometheusSpec.enforcedLabelNameLengthLimit }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.enforcedLabelValueLengthLimit}}
+ enforcedLabelValueLengthLimit: {{ .Values.prometheus.prometheusSpec.enforcedLabelValueLengthLimit }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.allowOverlappingBlocks }}
+ allowOverlappingBlocks: {{ .Values.prometheus.prometheusSpec.allowOverlappingBlocks }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.minReadySeconds }}
+ minReadySeconds: {{ .Values.prometheus.prometheusSpec.minReadySeconds }}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus/psp-clusterrole.yaml b/charts/kube-prometheus-stack/templates/prometheus/psp-clusterrole.yaml
new file mode 100644
index 0000000..872feb6
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/psp-clusterrole.yaml
@@ -0,0 +1,22 @@
+{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
+{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-psp
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-prometheus
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+rules:
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }}
+- apiGroups: ['policy']
+{{- else }}
+- apiGroups: ['extensions']
+{{- end }}
+ resources: ['podsecuritypolicies']
+ verbs: ['use']
+ resourceNames:
+ - {{ template "kube-prometheus-stack.fullname" . }}-prometheus
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus/psp-clusterrolebinding.yaml b/charts/kube-prometheus-stack/templates/prometheus/psp-clusterrolebinding.yaml
new file mode 100644
index 0000000..50e3617
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/psp-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
+{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-psp
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-prometheus
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-psp
+subjects:
+ - kind: ServiceAccount
+ name: {{ template "kube-prometheus-stack.prometheus.serviceAccountName" . }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus/psp.yaml b/charts/kube-prometheus-stack/templates/prometheus/psp.yaml
new file mode 100644
index 0000000..b53808d
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/psp.yaml
@@ -0,0 +1,58 @@
+{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
+{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-prometheus
+{{- if .Values.global.rbac.pspAnnotations }}
+ annotations:
+{{ toYaml .Values.global.rbac.pspAnnotations | indent 4 }}
+{{- end }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+spec:
+ privileged: false
+ # Allow core volume types.
+ volumes:
+ - 'configMap'
+ - 'emptyDir'
+ - 'projected'
+ - 'secret'
+ - 'downwardAPI'
+ - 'persistentVolumeClaim'
+{{- if .Values.prometheus.podSecurityPolicy.volumes }}
+{{ toYaml .Values.prometheus.podSecurityPolicy.volumes | indent 4 }}
+{{- end }}
+ hostNetwork: false
+ hostIPC: false
+ hostPID: false
+ runAsUser:
+ # Permits the container to run with root privileges as well.
+ rule: 'RunAsAny'
+ seLinux:
+ # This policy assumes the nodes are using AppArmor rather than SELinux.
+ rule: 'RunAsAny'
+ supplementalGroups:
+ rule: 'MustRunAs'
+ ranges:
+ # Allow adding the root group.
+ - min: 0
+ max: 65535
+ fsGroup:
+ rule: 'MustRunAs'
+ ranges:
+ # Allow adding the root group.
+ - min: 0
+ max: 65535
+ readOnlyRootFilesystem: false
+{{- if .Values.prometheus.podSecurityPolicy.allowedCapabilities }}
+ allowedCapabilities:
+{{ toYaml .Values.prometheus.podSecurityPolicy.allowedCapabilities | indent 4 }}
+{{- end }}
+{{- if .Values.prometheus.podSecurityPolicy.allowedHostPaths }}
+ allowedHostPaths:
+{{ toYaml .Values.prometheus.podSecurityPolicy.allowedHostPaths | indent 4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/alertmanager.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/alertmanager.rules.yaml
new file mode 100644
index 0000000..f2fcc1c
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/alertmanager.rules.yaml
@@ -0,0 +1,215 @@
+{{- /*
+Generated from 'alertmanager.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/alertmanager-prometheusRule.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.alertmanager }}
+{{- $alertmanagerJob := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager" }}
+{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager.rules" | trunc 63 | trimSuffix "-" }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.defaultRules.labels }}
+{{ toYaml .Values.defaultRules.labels | indent 4 }}
+{{- end }}
+{{- if .Values.defaultRules.annotations }}
+ annotations:
+{{ toYaml .Values.defaultRules.annotations | indent 4 }}
+{{- end }}
+spec:
+ groups:
+ - name: alertmanager.rules
+ rules:
+{{- if not (.Values.defaultRules.disabled.AlertmanagerFailedReload | default false) }}
+ - alert: AlertmanagerFailedReload
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Configuration has failed to load for {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod{{`}}`}}.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/alertmanager/alertmanagerfailedreload
+ summary: Reloading an Alertmanager configuration has failed.
+ expr: |-
+ # Without max_over_time, failed scrapes could create false negatives, see
+ # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details.
+ max_over_time(alertmanager_config_last_reload_successful{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}[5m]) == 0
+ for: 10m
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.AlertmanagerMembersInconsistent | default false) }}
+ - alert: AlertmanagerMembersInconsistent
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Alertmanager {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod{{`}}`}} has only found {{`{{`}} $value {{`}}`}} members of the {{`{{`}}$labels.job{{`}}`}} cluster.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/alertmanager/alertmanagermembersinconsistent
+ summary: A member of an Alertmanager cluster has not found all other cluster members.
+ expr: |-
+ # Without max_over_time, failed scrapes could create false negatives, see
+ # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details.
+ max_over_time(alertmanager_cluster_members{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}[5m])
+ < on (namespace,service) group_left
+ count by (namespace,service) (max_over_time(alertmanager_cluster_members{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}[5m]))
+ for: 15m
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.AlertmanagerFailedToSendAlerts | default false) }}
+ - alert: AlertmanagerFailedToSendAlerts
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Alertmanager {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod{{`}}`}} failed to send {{`{{`}} $value | humanizePercentage {{`}}`}} of notifications to {{`{{`}} $labels.integration {{`}}`}}.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/alertmanager/alertmanagerfailedtosendalerts
+ summary: An Alertmanager instance failed to send notifications.
+ expr: |-
+ (
+ rate(alertmanager_notifications_failed_total{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}[5m])
+ /
+ rate(alertmanager_notifications_total{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}[5m])
+ )
+ > 0.01
+ for: 5m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.AlertmanagerClusterFailedToSendAlerts | default false) }}
+ - alert: AlertmanagerClusterFailedToSendAlerts
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: The minimum notification failure rate to {{`{{`}} $labels.integration {{`}}`}} sent from any instance in the {{`{{`}}$labels.job{{`}}`}} cluster is {{`{{`}} $value | humanizePercentage {{`}}`}}.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/alertmanager/alertmanagerclusterfailedtosendalerts
+ summary: All Alertmanager instances in a cluster failed to send notifications to a critical integration.
+ expr: |-
+ min by (namespace,service, integration) (
+ rate(alertmanager_notifications_failed_total{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}", integration=~`.*`}[5m])
+ /
+ rate(alertmanager_notifications_total{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}", integration=~`.*`}[5m])
+ )
+ > 0.01
+ for: 5m
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.AlertmanagerClusterFailedToSendAlerts | default false) }}
+ - alert: AlertmanagerClusterFailedToSendAlerts
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: The minimum notification failure rate to {{`{{`}} $labels.integration {{`}}`}} sent from any instance in the {{`{{`}}$labels.job{{`}}`}} cluster is {{`{{`}} $value | humanizePercentage {{`}}`}}.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/alertmanager/alertmanagerclusterfailedtosendalerts
+ summary: All Alertmanager instances in a cluster failed to send notifications to a non-critical integration.
+ expr: |-
+ min by (namespace,service, integration) (
+ rate(alertmanager_notifications_failed_total{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}", integration!~`.*`}[5m])
+ /
+ rate(alertmanager_notifications_total{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}", integration!~`.*`}[5m])
+ )
+ > 0.01
+ for: 5m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.AlertmanagerConfigInconsistent | default false) }}
+ - alert: AlertmanagerConfigInconsistent
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Alertmanager instances within the {{`{{`}}$labels.job{{`}}`}} cluster have different configurations.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/alertmanager/alertmanagerconfiginconsistent
+ summary: Alertmanager instances within the same cluster have different configurations.
+ expr: |-
+ count by (namespace,service) (
+ count_values by (namespace,service) ("config_hash", alertmanager_config_hash{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"})
+ )
+ != 1
+ for: 20m
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.AlertmanagerClusterDown | default false) }}
+ - alert: AlertmanagerClusterDown
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: '{{`{{`}} $value | humanizePercentage {{`}}`}} of Alertmanager instances within the {{`{{`}}$labels.job{{`}}`}} cluster have been up for less than half of the last 5m.'
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/alertmanager/alertmanagerclusterdown
+ summary: Half or more of the Alertmanager instances within the same cluster are down.
+ expr: |-
+ (
+ count by (namespace,service) (
+ avg_over_time(up{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}[5m]) < 0.5
+ )
+ /
+ count by (namespace,service) (
+ up{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}
+ )
+ )
+ >= 0.5
+ for: 5m
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.AlertmanagerClusterCrashlooping | default false) }}
+ - alert: AlertmanagerClusterCrashlooping
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: '{{`{{`}} $value | humanizePercentage {{`}}`}} of Alertmanager instances within the {{`{{`}}$labels.job{{`}}`}} cluster have restarted at least 5 times in the last 10m.'
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/alertmanager/alertmanagerclustercrashlooping
+ summary: Half or more of the Alertmanager instances within the same cluster are crashlooping.
+ expr: |-
+ (
+ count by (namespace,service) (
+ changes(process_start_time_seconds{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}[10m]) > 4
+ )
+ /
+ count by (namespace,service) (
+ up{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}
+ )
+ )
+ >= 0.5
+ for: 5m
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/config-reloaders.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/config-reloaders.yaml
new file mode 100644
index 0000000..37109eb
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/config-reloaders.yaml
@@ -0,0 +1,46 @@
+{{- /*
+Generated from 'config-reloaders' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/prometheusOperator-prometheusRule.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.configReloaders }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "config-reloaders" | trunc 63 | trimSuffix "-" }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.defaultRules.labels }}
+{{ toYaml .Values.defaultRules.labels | indent 4 }}
+{{- end }}
+{{- if .Values.defaultRules.annotations }}
+ annotations:
+{{ toYaml .Values.defaultRules.annotations | indent 4 }}
+{{- end }}
+spec:
+ groups:
+ - name: config-reloaders
+ rules:
+{{- if not (.Values.defaultRules.disabled.ConfigReloaderSidecarErrors | default false) }}
+ - alert: ConfigReloaderSidecarErrors
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: 'Errors encountered while the {{`{{`}}$labels.pod{{`}}`}} config-reloader sidecar attempts to sync config in {{`{{`}}$labels.namespace{{`}}`}} namespace.
+
+ As a result, configuration for service running in {{`{{`}}$labels.pod{{`}}`}} may be stale and cannot be updated anymore.'
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus-operator/configreloadersidecarerrors
+ summary: config-reloader sidecar has not had a successful reload for 10m
+ expr: max_over_time(reloader_last_reload_successful{namespace=~".+"}[5m]) == 0
+ for: 10m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/etcd.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/etcd.yaml
new file mode 100644
index 0000000..a0af358
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/etcd.yaml
@@ -0,0 +1,294 @@
+{{- /*
+Generated from 'etcd' group from https://raw.githubusercontent.com/etcd-io/etcd/main/contrib/mixin/mixin.libsonnet
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeEtcd.enabled .Values.defaultRules.rules.etcd }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "etcd" | trunc 63 | trimSuffix "-" }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.defaultRules.labels }}
+{{ toYaml .Values.defaultRules.labels | indent 4 }}
+{{- end }}
+{{- if .Values.defaultRules.annotations }}
+ annotations:
+{{ toYaml .Values.defaultRules.annotations | indent 4 }}
+{{- end }}
+spec:
+ groups:
+ - name: etcd
+ rules:
+{{- if not (.Values.defaultRules.disabled.etcdMembersDown | default false) }}
+ - alert: etcdMembersDown
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": members are down ({{`{{`}} $value {{`}}`}}).'
+ summary: etcd cluster members are down.
+ expr: |-
+ max without (endpoint) (
+ sum without (instance) (up{job=~".*etcd.*"} == bool 0)
+ or
+ count without (To) (
+ sum without (instance) (rate(etcd_network_peer_sent_failures_total{job=~".*etcd.*"}[120s])) > 0.01
+ )
+ )
+ > 0
+ for: 10m
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.etcdInsufficientMembers | default false) }}
+ - alert: etcdInsufficientMembers
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": insufficient members ({{`{{`}} $value {{`}}`}}).'
+ summary: etcd cluster has insufficient number of members.
+ expr: sum(up{job=~".*etcd.*"} == bool 1) without (instance) < ((count(up{job=~".*etcd.*"}) without (instance) + 1) / 2)
+ for: 3m
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.etcdNoLeader | default false) }}
+ - alert: etcdNoLeader
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": member {{`{{`}} $labels.instance {{`}}`}} has no leader.'
+ summary: etcd cluster has no leader.
+ expr: etcd_server_has_leader{job=~".*etcd.*"} == 0
+ for: 1m
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.etcdHighNumberOfLeaderChanges | default false) }}
+ - alert: etcdHighNumberOfLeaderChanges
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": {{`{{`}} $value {{`}}`}} leader changes within the last 15 minutes. Frequent elections may be a sign of insufficient resources, high network latency, or disruptions by other components and should be investigated.'
+ summary: etcd cluster has high number of leader changes.
+ expr: increase((max without (instance) (etcd_server_leader_changes_seen_total{job=~".*etcd.*"}) or 0*absent(etcd_server_leader_changes_seen_total{job=~".*etcd.*"}))[15m:1m]) >= 4
+ for: 5m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.etcdHighNumberOfFailedGRPCRequests | default false) }}
+ - alert: etcdHighNumberOfFailedGRPCRequests
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": {{`{{`}} $value {{`}}`}}% of requests for {{`{{`}} $labels.grpc_method {{`}}`}} failed on etcd instance {{`{{`}} $labels.instance {{`}}`}}.'
+ summary: etcd cluster has high number of failed grpc requests.
+ expr: |-
+ 100 * sum(rate(grpc_server_handled_total{job=~".*etcd.*", grpc_code=~"Unknown|FailedPrecondition|ResourceExhausted|Internal|Unavailable|DataLoss|DeadlineExceeded"}[5m])) without (grpc_type, grpc_code)
+ /
+ sum(rate(grpc_server_handled_total{job=~".*etcd.*"}[5m])) without (grpc_type, grpc_code)
+ > 1
+ for: 10m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.etcdHighNumberOfFailedGRPCRequests | default false) }}
+ - alert: etcdHighNumberOfFailedGRPCRequests
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": {{`{{`}} $value {{`}}`}}% of requests for {{`{{`}} $labels.grpc_method {{`}}`}} failed on etcd instance {{`{{`}} $labels.instance {{`}}`}}.'
+ summary: etcd cluster has high number of failed grpc requests.
+ expr: |-
+ 100 * sum(rate(grpc_server_handled_total{job=~".*etcd.*", grpc_code=~"Unknown|FailedPrecondition|ResourceExhausted|Internal|Unavailable|DataLoss|DeadlineExceeded"}[5m])) without (grpc_type, grpc_code)
+ /
+ sum(rate(grpc_server_handled_total{job=~".*etcd.*"}[5m])) without (grpc_type, grpc_code)
+ > 5
+ for: 5m
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.etcdGRPCRequestsSlow | default false) }}
+ - alert: etcdGRPCRequestsSlow
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": 99th percentile of gRPC requests is {{`{{`}} $value {{`}}`}}s on etcd instance {{`{{`}} $labels.instance {{`}}`}} for {{`{{`}} $labels.grpc_method {{`}}`}} method.'
+ summary: etcd grpc requests are slow
+ expr: |-
+ histogram_quantile(0.99, sum(rate(grpc_server_handling_seconds_bucket{job=~".*etcd.*", grpc_method!="Defragment", grpc_type="unary"}[5m])) without(grpc_type))
+ > 0.15
+ for: 10m
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.etcdMemberCommunicationSlow | default false) }}
+ - alert: etcdMemberCommunicationSlow
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": member communication with {{`{{`}} $labels.To {{`}}`}} is taking {{`{{`}} $value {{`}}`}}s on etcd instance {{`{{`}} $labels.instance {{`}}`}}.'
+ summary: etcd cluster member communication is slow.
+ expr: |-
+ histogram_quantile(0.99, rate(etcd_network_peer_round_trip_time_seconds_bucket{job=~".*etcd.*"}[5m]))
+ > 0.15
+ for: 10m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.etcdHighNumberOfFailedProposals | default false) }}
+ - alert: etcdHighNumberOfFailedProposals
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": {{`{{`}} $value {{`}}`}} proposal failures within the last 30 minutes on etcd instance {{`{{`}} $labels.instance {{`}}`}}.'
+ summary: etcd cluster has high number of proposal failures.
+ expr: rate(etcd_server_proposals_failed_total{job=~".*etcd.*"}[15m]) > 5
+ for: 15m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.etcdHighFsyncDurations | default false) }}
+ - alert: etcdHighFsyncDurations
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": 99th percentile fsync durations are {{`{{`}} $value {{`}}`}}s on etcd instance {{`{{`}} $labels.instance {{`}}`}}.'
+ summary: etcd cluster 99th percentile fsync durations are too high.
+ expr: |-
+ histogram_quantile(0.99, rate(etcd_disk_wal_fsync_duration_seconds_bucket{job=~".*etcd.*"}[5m]))
+ > 0.5
+ for: 10m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.etcdHighFsyncDurations | default false) }}
+ - alert: etcdHighFsyncDurations
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": 99th percentile fsync durations are {{`{{`}} $value {{`}}`}}s on etcd instance {{`{{`}} $labels.instance {{`}}`}}.'
+ summary: etcd cluster 99th percentile fsync durations are too high.
+ expr: |-
+ histogram_quantile(0.99, rate(etcd_disk_wal_fsync_duration_seconds_bucket{job=~".*etcd.*"}[5m]))
+ > 1
+ for: 10m
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.etcdHighCommitDurations | default false) }}
+ - alert: etcdHighCommitDurations
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": 99th percentile commit durations {{`{{`}} $value {{`}}`}}s on etcd instance {{`{{`}} $labels.instance {{`}}`}}.'
+ summary: etcd cluster 99th percentile commit durations are too high.
+ expr: |-
+ histogram_quantile(0.99, rate(etcd_disk_backend_commit_duration_seconds_bucket{job=~".*etcd.*"}[5m]))
+ > 0.25
+ for: 10m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.etcdDatabaseQuotaLowSpace | default false) }}
+ - alert: etcdDatabaseQuotaLowSpace
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": database size exceeds the defined quota on etcd instance {{`{{`}} $labels.instance {{`}}`}}, please defrag or increase the quota as the writes to etcd will be disabled when it is full.'
+ summary: etcd cluster database is running full.
+ expr: (last_over_time(etcd_mvcc_db_total_size_in_bytes[5m]) / last_over_time(etcd_server_quota_backend_bytes[5m]))*100 > 95
+ for: 10m
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.etcdExcessiveDatabaseGrowth | default false) }}
+ - alert: etcdExcessiveDatabaseGrowth
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": Predicting running out of disk space in the next four hours, based on write observations within the past four hours on etcd instance {{`{{`}} $labels.instance {{`}}`}}, please check as it might be disruptive.'
+ summary: etcd cluster database growing very fast.
+ expr: predict_linear(etcd_mvcc_db_total_size_in_bytes[4h], 4*60*60) > etcd_server_quota_backend_bytes
+ for: 10m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.etcdDatabaseHighFragmentationRatio | default false) }}
+ - alert: etcdDatabaseHighFragmentationRatio
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": database size in use on instance {{`{{`}} $labels.instance {{`}}`}} is {{`{{`}} $value | humanizePercentage {{`}}`}} of the actual allocated disk space, please run defragmentation (e.g. etcdctl defrag) to retrieve the unused fragmented disk space.'
+ runbook_url: https://etcd.io/docs/v3.5/op-guide/maintenance/#defragmentation
+ summary: etcd database size in use is less than 50% of the actual allocated storage.
+ expr: (last_over_time(etcd_mvcc_db_total_size_in_use_in_bytes[5m]) / last_over_time(etcd_mvcc_db_total_size_in_bytes[5m])) < 0.5
+ for: 10m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/general.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/general.rules.yaml
new file mode 100644
index 0000000..7ab648b
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/general.rules.yaml
@@ -0,0 +1,98 @@
+{{- /*
+Generated from 'general.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubePrometheus-prometheusRule.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.general }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "general.rules" | trunc 63 | trimSuffix "-" }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.defaultRules.labels }}
+{{ toYaml .Values.defaultRules.labels | indent 4 }}
+{{- end }}
+{{- if .Values.defaultRules.annotations }}
+ annotations:
+{{ toYaml .Values.defaultRules.annotations | indent 4 }}
+{{- end }}
+spec:
+ groups:
+ - name: general.rules
+ rules:
+{{- if not (.Values.defaultRules.disabled.TargetDown | default false) }}
+ - alert: TargetDown
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: '{{`{{`}} printf "%.4g" $value {{`}}`}}% of the {{`{{`}} $labels.job {{`}}`}}/{{`{{`}} $labels.service {{`}}`}} targets in {{`{{`}} $labels.namespace {{`}}`}} namespace are down.'
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/general/targetdown
+ summary: One or more targets are unreachable.
+ expr: 100 * (count(up == 0) BY (job, namespace, service) / count(up) BY (job, namespace, service)) > 10
+ for: 10m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.Watchdog | default false) }}
+ - alert: Watchdog
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: 'This is an alert meant to ensure that the entire alerting pipeline is functional.
+
+ This alert is always firing, therefore it should always be firing in Alertmanager
+
+ and always fire against a receiver. There are integrations with various notification
+
+ mechanisms that send a notification when this alert is not firing. For example the
+
+ "DeadMansSnitch" integration in PagerDuty.
+
+ '
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/general/watchdog
+ summary: An alert that should always be firing to certify that Alertmanager is working properly.
+ expr: vector(1)
+ labels:
+ severity: none
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.InfoInhibitor | default false) }}
+ - alert: InfoInhibitor
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: 'This is an alert that is used to inhibit info alerts.
+
+ By themselves, the info-level alerts are sometimes very noisy, but they are relevant when combined with
+
+ other alerts.
+
+ This alert fires whenever there''s a severity="info" alert, and stops firing when another alert with a
+
+ severity of ''warning'' or ''critical'' starts firing on the same namespace.
+
+ This alert should be routed to a null receiver and configured to inhibit alerts with severity="info".
+
+ '
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/general/infoinhibitor
+ summary: Info-level alert inhibition.
+ expr: ALERTS{severity = "info"} == 1 unless on(namespace) ALERTS{alertname != "InfoInhibitor", severity =~ "warning|critical", alertstate="firing"} == 1
+ labels:
+ severity: none
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.yaml
new file mode 100644
index 0000000..b88b9b2
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.yaml
@@ -0,0 +1,173 @@
+{{- /*
+Generated from 'k8s.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.k8s }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "k8s.rules" | trunc 63 | trimSuffix "-" }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.defaultRules.labels }}
+{{ toYaml .Values.defaultRules.labels | indent 4 }}
+{{- end }}
+{{- if .Values.defaultRules.annotations }}
+ annotations:
+{{ toYaml .Values.defaultRules.annotations | indent 4 }}
+{{- end }}
+spec:
+ groups:
+ - name: k8s.rules
+ rules:
+ - expr: |-
+ sum by (cluster, namespace, pod, container) (
+ irate(container_cpu_usage_seconds_total{job="kubelet", metrics_path="/metrics/cadvisor", image!=""}[5m])
+ ) * on (cluster, namespace, pod) group_left(node) topk by (cluster, namespace, pod) (
+ 1, max by(cluster, namespace, pod, node) (kube_pod_info{node!=""})
+ )
+ record: node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate
+ - expr: |-
+ container_memory_working_set_bytes{job="kubelet", metrics_path="/metrics/cadvisor", image!=""}
+ * on (namespace, pod) group_left(node) topk by(namespace, pod) (1,
+ max by(namespace, pod, node) (kube_pod_info{node!=""})
+ )
+ record: node_namespace_pod_container:container_memory_working_set_bytes
+ - expr: |-
+ container_memory_rss{job="kubelet", metrics_path="/metrics/cadvisor", image!=""}
+ * on (namespace, pod) group_left(node) topk by(namespace, pod) (1,
+ max by(namespace, pod, node) (kube_pod_info{node!=""})
+ )
+ record: node_namespace_pod_container:container_memory_rss
+ - expr: |-
+ container_memory_cache{job="kubelet", metrics_path="/metrics/cadvisor", image!=""}
+ * on (namespace, pod) group_left(node) topk by(namespace, pod) (1,
+ max by(namespace, pod, node) (kube_pod_info{node!=""})
+ )
+ record: node_namespace_pod_container:container_memory_cache
+ - expr: |-
+ container_memory_swap{job="kubelet", metrics_path="/metrics/cadvisor", image!=""}
+ * on (namespace, pod) group_left(node) topk by(namespace, pod) (1,
+ max by(namespace, pod, node) (kube_pod_info{node!=""})
+ )
+ record: node_namespace_pod_container:container_memory_swap
+ - expr: |-
+ kube_pod_container_resource_requests{resource="memory",job="kube-state-metrics"} * on (namespace, pod, cluster)
+ group_left() max by (namespace, pod, cluster) (
+ (kube_pod_status_phase{phase=~"Pending|Running"} == 1)
+ )
+ record: cluster:namespace:pod_memory:active:kube_pod_container_resource_requests
+ - expr: |-
+ sum by (namespace, cluster) (
+ sum by (namespace, pod, cluster) (
+ max by (namespace, pod, container, cluster) (
+ kube_pod_container_resource_requests{resource="memory",job="kube-state-metrics"}
+ ) * on(namespace, pod, cluster) group_left() max by (namespace, pod, cluster) (
+ kube_pod_status_phase{phase=~"Pending|Running"} == 1
+ )
+ )
+ )
+ record: namespace_memory:kube_pod_container_resource_requests:sum
+ - expr: |-
+ kube_pod_container_resource_requests{resource="cpu",job="kube-state-metrics"} * on (namespace, pod, cluster)
+ group_left() max by (namespace, pod, cluster) (
+ (kube_pod_status_phase{phase=~"Pending|Running"} == 1)
+ )
+ record: cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests
+ - expr: |-
+ sum by (namespace, cluster) (
+ sum by (namespace, pod, cluster) (
+ max by (namespace, pod, container, cluster) (
+ kube_pod_container_resource_requests{resource="cpu",job="kube-state-metrics"}
+ ) * on(namespace, pod, cluster) group_left() max by (namespace, pod, cluster) (
+ kube_pod_status_phase{phase=~"Pending|Running"} == 1
+ )
+ )
+ )
+ record: namespace_cpu:kube_pod_container_resource_requests:sum
+ - expr: |-
+ kube_pod_container_resource_limits{resource="memory",job="kube-state-metrics"} * on (namespace, pod, cluster)
+ group_left() max by (namespace, pod, cluster) (
+ (kube_pod_status_phase{phase=~"Pending|Running"} == 1)
+ )
+ record: cluster:namespace:pod_memory:active:kube_pod_container_resource_limits
+ - expr: |-
+ sum by (namespace, cluster) (
+ sum by (namespace, pod, cluster) (
+ max by (namespace, pod, container, cluster) (
+ kube_pod_container_resource_limits{resource="memory",job="kube-state-metrics"}
+ ) * on(namespace, pod, cluster) group_left() max by (namespace, pod, cluster) (
+ kube_pod_status_phase{phase=~"Pending|Running"} == 1
+ )
+ )
+ )
+ record: namespace_memory:kube_pod_container_resource_limits:sum
+ - expr: |-
+ kube_pod_container_resource_limits{resource="cpu",job="kube-state-metrics"} * on (namespace, pod, cluster)
+ group_left() max by (namespace, pod, cluster) (
+ (kube_pod_status_phase{phase=~"Pending|Running"} == 1)
+ )
+ record: cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits
+ - expr: |-
+ sum by (namespace, cluster) (
+ sum by (namespace, pod, cluster) (
+ max by (namespace, pod, container, cluster) (
+ kube_pod_container_resource_limits{resource="cpu",job="kube-state-metrics"}
+ ) * on(namespace, pod, cluster) group_left() max by (namespace, pod, cluster) (
+ kube_pod_status_phase{phase=~"Pending|Running"} == 1
+ )
+ )
+ )
+ record: namespace_cpu:kube_pod_container_resource_limits:sum
+ - expr: |-
+ max by (cluster, namespace, workload, pod) (
+ label_replace(
+ label_replace(
+ kube_pod_owner{job="kube-state-metrics", owner_kind="ReplicaSet"},
+ "replicaset", "$1", "owner_name", "(.*)"
+ ) * on(replicaset, namespace) group_left(owner_name) topk by(replicaset, namespace) (
+ 1, max by (replicaset, namespace, owner_name) (
+ kube_replicaset_owner{job="kube-state-metrics"}
+ )
+ ),
+ "workload", "$1", "owner_name", "(.*)"
+ )
+ )
+ labels:
+ workload_type: deployment
+ record: namespace_workload_pod:kube_pod_owner:relabel
+ - expr: |-
+ max by (cluster, namespace, workload, pod) (
+ label_replace(
+ kube_pod_owner{job="kube-state-metrics", owner_kind="DaemonSet"},
+ "workload", "$1", "owner_name", "(.*)"
+ )
+ )
+ labels:
+ workload_type: daemonset
+ record: namespace_workload_pod:kube_pod_owner:relabel
+ - expr: |-
+ max by (cluster, namespace, workload, pod) (
+ label_replace(
+ kube_pod_owner{job="kube-state-metrics", owner_kind="StatefulSet"},
+ "workload", "$1", "owner_name", "(.*)"
+ )
+ )
+ labels:
+ workload_type: statefulset
+ record: namespace_workload_pod:kube_pod_owner:relabel
+ - expr: |-
+ max by (cluster, namespace, workload, pod) (
+ label_replace(
+ kube_pod_owner{job="kube-state-metrics", owner_kind="Job"},
+ "workload", "$1", "owner_name", "(.*)"
+ )
+ )
+ labels:
+ workload_type: job
+ record: namespace_workload_pod:kube_pod_owner:relabel
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml
new file mode 100644
index 0000000..bae96b9
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml
@@ -0,0 +1,136 @@
+{{- /*
+Generated from 'kube-apiserver-availability.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeApiServer.enabled .Values.defaultRules.rules.kubeApiserverAvailability }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-apiserver-availability.rules" | trunc 63 | trimSuffix "-" }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.defaultRules.labels }}
+{{ toYaml .Values.defaultRules.labels | indent 4 }}
+{{- end }}
+{{- if .Values.defaultRules.annotations }}
+ annotations:
+{{ toYaml .Values.defaultRules.annotations | indent 4 }}
+{{- end }}
+spec:
+ groups:
+ - interval: 3m
+ name: kube-apiserver-availability.rules
+ rules:
+ - expr: avg_over_time(code_verb:apiserver_request_total:increase1h[30d]) * 24 * 30
+ record: code_verb:apiserver_request_total:increase30d
+ - expr: sum by (cluster, code) (code_verb:apiserver_request_total:increase30d{verb=~"LIST|GET"})
+ labels:
+ verb: read
+ record: code:apiserver_request_total:increase30d
+ - expr: sum by (cluster, code) (code_verb:apiserver_request_total:increase30d{verb=~"POST|PUT|PATCH|DELETE"})
+ labels:
+ verb: write
+ record: code:apiserver_request_total:increase30d
+ - expr: sum by (cluster, verb, scope) (increase(apiserver_request_slo_duration_seconds_count[1h]))
+ record: cluster_verb_scope:apiserver_request_slo_duration_seconds_count:increase1h
+ - expr: sum by (cluster, verb, scope) (avg_over_time(cluster_verb_scope:apiserver_request_slo_duration_seconds_count:increase1h[30d]) * 24 * 30)
+ record: cluster_verb_scope:apiserver_request_slo_duration_seconds_count:increase30d
+ - expr: sum by (cluster, verb, scope, le) (increase(apiserver_request_slo_duration_seconds_bucket[1h]))
+ record: cluster_verb_scope_le:apiserver_request_slo_duration_seconds_bucket:increase1h
+ - expr: sum by (cluster, verb, scope, le) (avg_over_time(cluster_verb_scope_le:apiserver_request_slo_duration_seconds_bucket:increase1h[30d]) * 24 * 30)
+ record: cluster_verb_scope_le:apiserver_request_slo_duration_seconds_bucket:increase30d
+ - expr: |-
+ 1 - (
+ (
+ # write too slow
+ sum by (cluster) (cluster_verb_scope:apiserver_request_slo_duration_seconds_count:increase30d{verb=~"POST|PUT|PATCH|DELETE"})
+ -
+ sum by (cluster) (cluster_verb_scope_le:apiserver_request_slo_duration_seconds_bucket:increase30d{verb=~"POST|PUT|PATCH|DELETE",le="1"})
+ ) +
+ (
+ # read too slow
+ sum by (cluster) (cluster_verb_scope:apiserver_request_slo_duration_seconds_count:increase30d{verb=~"LIST|GET"})
+ -
+ (
+ (
+ sum by (cluster) (cluster_verb_scope_le:apiserver_request_slo_duration_seconds_bucket:increase30d{verb=~"LIST|GET",scope=~"resource|",le="1"})
+ or
+ vector(0)
+ )
+ +
+ sum by (cluster) (cluster_verb_scope_le:apiserver_request_slo_duration_seconds_bucket:increase30d{verb=~"LIST|GET",scope="namespace",le="5"})
+ +
+ sum by (cluster) (cluster_verb_scope_le:apiserver_request_slo_duration_seconds_bucket:increase30d{verb=~"LIST|GET",scope="cluster",le="30"})
+ )
+ ) +
+ # errors
+ sum by (cluster) (code:apiserver_request_total:increase30d{code=~"5.."} or vector(0))
+ )
+ /
+ sum by (cluster) (code:apiserver_request_total:increase30d)
+ labels:
+ verb: all
+ record: apiserver_request:availability30d
+ - expr: |-
+ 1 - (
+ sum by (cluster) (cluster_verb_scope:apiserver_request_slo_duration_seconds_count:increase30d{verb=~"LIST|GET"})
+ -
+ (
+ # too slow
+ (
+ sum by (cluster) (cluster_verb_scope_le:apiserver_request_slo_duration_seconds_bucket:increase30d{verb=~"LIST|GET",scope=~"resource|",le="1"})
+ or
+ vector(0)
+ )
+ +
+ sum by (cluster) (cluster_verb_scope_le:apiserver_request_slo_duration_seconds_bucket:increase30d{verb=~"LIST|GET",scope="namespace",le="5"})
+ +
+ sum by (cluster) (cluster_verb_scope_le:apiserver_request_slo_duration_seconds_bucket:increase30d{verb=~"LIST|GET",scope="cluster",le="30"})
+ )
+ +
+ # errors
+ sum by (cluster) (code:apiserver_request_total:increase30d{verb="read",code=~"5.."} or vector(0))
+ )
+ /
+ sum by (cluster) (code:apiserver_request_total:increase30d{verb="read"})
+ labels:
+ verb: read
+ record: apiserver_request:availability30d
+ - expr: |-
+ 1 - (
+ (
+ # too slow
+ sum by (cluster) (cluster_verb_scope:apiserver_request_slo_duration_seconds_count:increase30d{verb=~"POST|PUT|PATCH|DELETE"})
+ -
+ sum by (cluster) (cluster_verb_scope_le:apiserver_request_slo_duration_seconds_bucket:increase30d{verb=~"POST|PUT|PATCH|DELETE",le="1"})
+ )
+ +
+ # errors
+ sum by (cluster) (code:apiserver_request_total:increase30d{verb="write",code=~"5.."} or vector(0))
+ )
+ /
+ sum by (cluster) (code:apiserver_request_total:increase30d{verb="write"})
+ labels:
+ verb: write
+ record: apiserver_request:availability30d
+ - expr: sum by (cluster,code,resource) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[5m]))
+ labels:
+ verb: read
+ record: code_resource:apiserver_request_total:rate5m
+ - expr: sum by (cluster,code,resource) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m]))
+ labels:
+ verb: write
+ record: code_resource:apiserver_request_total:rate5m
+ - expr: sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb=~"LIST|GET|POST|PUT|PATCH|DELETE",code=~"2.."}[1h]))
+ record: code_verb:apiserver_request_total:increase1h
+ - expr: sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb=~"LIST|GET|POST|PUT|PATCH|DELETE",code=~"3.."}[1h]))
+ record: code_verb:apiserver_request_total:increase1h
+ - expr: sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb=~"LIST|GET|POST|PUT|PATCH|DELETE",code=~"4.."}[1h]))
+ record: code_verb:apiserver_request_total:increase1h
+ - expr: sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb=~"LIST|GET|POST|PUT|PATCH|DELETE",code=~"5.."}[1h]))
+ record: code_verb:apiserver_request_total:increase1h
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-burnrate.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-burnrate.rules.yaml
new file mode 100644
index 0000000..6774fc3
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-burnrate.rules.yaml
@@ -0,0 +1,328 @@
+{{- /*
+Generated from 'kube-apiserver-burnrate.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeApiServer.enabled .Values.defaultRules.rules.kubeApiserverBurnrate }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-apiserver-burnrate.rules" | trunc 63 | trimSuffix "-" }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.defaultRules.labels }}
+{{ toYaml .Values.defaultRules.labels | indent 4 }}
+{{- end }}
+{{- if .Values.defaultRules.annotations }}
+ annotations:
+{{ toYaml .Values.defaultRules.annotations | indent 4 }}
+{{- end }}
+spec:
+ groups:
+ - name: kube-apiserver-burnrate.rules
+ rules:
+ - expr: |-
+ (
+ (
+ # too slow
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_count{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward"}[1d]))
+ -
+ (
+ (
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope=~"resource|",le="1"}[1d]))
+ or
+ vector(0)
+ )
+ +
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope="namespace",le="5"}[1d]))
+ +
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope="cluster",le="30"}[1d]))
+ )
+ )
+ +
+ # errors
+ sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[1d]))
+ )
+ /
+ sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[1d]))
+ labels:
+ verb: read
+ record: apiserver_request:burnrate1d
+ - expr: |-
+ (
+ (
+ # too slow
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_count{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward"}[1h]))
+ -
+ (
+ (
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope=~"resource|",le="1"}[1h]))
+ or
+ vector(0)
+ )
+ +
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope="namespace",le="5"}[1h]))
+ +
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope="cluster",le="30"}[1h]))
+ )
+ )
+ +
+ # errors
+ sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[1h]))
+ )
+ /
+ sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[1h]))
+ labels:
+ verb: read
+ record: apiserver_request:burnrate1h
+ - expr: |-
+ (
+ (
+ # too slow
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_count{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward"}[2h]))
+ -
+ (
+ (
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope=~"resource|",le="1"}[2h]))
+ or
+ vector(0)
+ )
+ +
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope="namespace",le="5"}[2h]))
+ +
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope="cluster",le="30"}[2h]))
+ )
+ )
+ +
+ # errors
+ sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[2h]))
+ )
+ /
+ sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[2h]))
+ labels:
+ verb: read
+ record: apiserver_request:burnrate2h
+ - expr: |-
+ (
+ (
+ # too slow
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_count{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward"}[30m]))
+ -
+ (
+ (
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope=~"resource|",le="1"}[30m]))
+ or
+ vector(0)
+ )
+ +
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope="namespace",le="5"}[30m]))
+ +
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope="cluster",le="30"}[30m]))
+ )
+ )
+ +
+ # errors
+ sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[30m]))
+ )
+ /
+ sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[30m]))
+ labels:
+ verb: read
+ record: apiserver_request:burnrate30m
+ - expr: |-
+ (
+ (
+ # too slow
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_count{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward"}[3d]))
+ -
+ (
+ (
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope=~"resource|",le="1"}[3d]))
+ or
+ vector(0)
+ )
+ +
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope="namespace",le="5"}[3d]))
+ +
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope="cluster",le="30"}[3d]))
+ )
+ )
+ +
+ # errors
+ sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[3d]))
+ )
+ /
+ sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[3d]))
+ labels:
+ verb: read
+ record: apiserver_request:burnrate3d
+ - expr: |-
+ (
+ (
+ # too slow
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_count{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward"}[5m]))
+ -
+ (
+ (
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope=~"resource|",le="1"}[5m]))
+ or
+ vector(0)
+ )
+ +
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope="namespace",le="5"}[5m]))
+ +
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope="cluster",le="30"}[5m]))
+ )
+ )
+ +
+ # errors
+ sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[5m]))
+ )
+ /
+ sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[5m]))
+ labels:
+ verb: read
+ record: apiserver_request:burnrate5m
+ - expr: |-
+ (
+ (
+ # too slow
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_count{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward"}[6h]))
+ -
+ (
+ (
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope=~"resource|",le="1"}[6h]))
+ or
+ vector(0)
+ )
+ +
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope="namespace",le="5"}[6h]))
+ +
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope="cluster",le="30"}[6h]))
+ )
+ )
+ +
+ # errors
+ sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[6h]))
+ )
+ /
+ sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[6h]))
+ labels:
+ verb: read
+ record: apiserver_request:burnrate6h
+ - expr: |-
+ (
+ (
+ # too slow
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",subresource!~"proxy|attach|log|exec|portforward"}[1d]))
+ -
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",subresource!~"proxy|attach|log|exec|portforward",le="1"}[1d]))
+ )
+ +
+ sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[1d]))
+ )
+ /
+ sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[1d]))
+ labels:
+ verb: write
+ record: apiserver_request:burnrate1d
+ - expr: |-
+ (
+ (
+ # too slow
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",subresource!~"proxy|attach|log|exec|portforward"}[1h]))
+ -
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",subresource!~"proxy|attach|log|exec|portforward",le="1"}[1h]))
+ )
+ +
+ sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[1h]))
+ )
+ /
+ sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[1h]))
+ labels:
+ verb: write
+ record: apiserver_request:burnrate1h
+ - expr: |-
+ (
+ (
+ # too slow
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",subresource!~"proxy|attach|log|exec|portforward"}[2h]))
+ -
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",subresource!~"proxy|attach|log|exec|portforward",le="1"}[2h]))
+ )
+ +
+ sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[2h]))
+ )
+ /
+ sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[2h]))
+ labels:
+ verb: write
+ record: apiserver_request:burnrate2h
+ - expr: |-
+ (
+ (
+ # too slow
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",subresource!~"proxy|attach|log|exec|portforward"}[30m]))
+ -
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",subresource!~"proxy|attach|log|exec|portforward",le="1"}[30m]))
+ )
+ +
+ sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[30m]))
+ )
+ /
+ sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[30m]))
+ labels:
+ verb: write
+ record: apiserver_request:burnrate30m
+ - expr: |-
+ (
+ (
+ # too slow
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",subresource!~"proxy|attach|log|exec|portforward"}[3d]))
+ -
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",subresource!~"proxy|attach|log|exec|portforward",le="1"}[3d]))
+ )
+ +
+ sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[3d]))
+ )
+ /
+ sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[3d]))
+ labels:
+ verb: write
+ record: apiserver_request:burnrate3d
+ - expr: |-
+ (
+ (
+ # too slow
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",subresource!~"proxy|attach|log|exec|portforward"}[5m]))
+ -
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",subresource!~"proxy|attach|log|exec|portforward",le="1"}[5m]))
+ )
+ +
+ sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[5m]))
+ )
+ /
+ sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m]))
+ labels:
+ verb: write
+ record: apiserver_request:burnrate5m
+ - expr: |-
+ (
+ (
+ # too slow
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",subresource!~"proxy|attach|log|exec|portforward"}[6h]))
+ -
+ sum by (cluster) (rate(apiserver_request_slo_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",subresource!~"proxy|attach|log|exec|portforward",le="1"}[6h]))
+ )
+ +
+ sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[6h]))
+ )
+ /
+ sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[6h]))
+ labels:
+ verb: write
+ record: apiserver_request:burnrate6h
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-histogram.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-histogram.rules.yaml
new file mode 100644
index 0000000..762bcc6
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-histogram.rules.yaml
@@ -0,0 +1,37 @@
+{{- /*
+Generated from 'kube-apiserver-histogram.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeApiServer.enabled .Values.defaultRules.rules.kubeApiserverHistogram }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-apiserver-histogram.rules" | trunc 63 | trimSuffix "-" }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.defaultRules.labels }}
+{{ toYaml .Values.defaultRules.labels | indent 4 }}
+{{- end }}
+{{- if .Values.defaultRules.annotations }}
+ annotations:
+{{ toYaml .Values.defaultRules.annotations | indent 4 }}
+{{- end }}
+spec:
+ groups:
+ - name: kube-apiserver-histogram.rules
+ rules:
+ - expr: histogram_quantile(0.99, sum by (cluster, le, resource) (rate(apiserver_request_slo_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward"}[5m]))) > 0
+ labels:
+ quantile: '0.99'
+ verb: read
+ record: cluster_quantile:apiserver_request_slo_duration_seconds:histogram_quantile
+ - expr: histogram_quantile(0.99, sum by (cluster, le, resource) (rate(apiserver_request_slo_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",subresource!~"proxy|attach|log|exec|portforward"}[5m]))) > 0
+ labels:
+ quantile: '0.99'
+ verb: write
+ record: cluster_quantile:apiserver_request_slo_duration_seconds:histogram_quantile
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml
new file mode 100644
index 0000000..867fe20
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml
@@ -0,0 +1,115 @@
+{{- /*
+Generated from 'kube-apiserver-slos' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeApiServer.enabled .Values.defaultRules.rules.kubeApiserverSlos }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-apiserver-slos" | trunc 63 | trimSuffix "-" }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.defaultRules.labels }}
+{{ toYaml .Values.defaultRules.labels | indent 4 }}
+{{- end }}
+{{- if .Values.defaultRules.annotations }}
+ annotations:
+{{ toYaml .Values.defaultRules.annotations | indent 4 }}
+{{- end }}
+spec:
+ groups:
+ - name: kube-apiserver-slos
+ rules:
+{{- if not (.Values.defaultRules.disabled.KubeAPIErrorBudgetBurn | default false) }}
+ - alert: KubeAPIErrorBudgetBurn
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: The API server is burning too much error budget.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeapierrorbudgetburn
+ summary: The API server is burning too much error budget.
+ expr: |-
+ sum(apiserver_request:burnrate1h) > (14.40 * 0.01000)
+ and
+ sum(apiserver_request:burnrate5m) > (14.40 * 0.01000)
+ for: 2m
+ labels:
+ long: 1h
+ severity: critical
+ short: 5m
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeAPIErrorBudgetBurn | default false) }}
+ - alert: KubeAPIErrorBudgetBurn
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: The API server is burning too much error budget.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeapierrorbudgetburn
+ summary: The API server is burning too much error budget.
+ expr: |-
+ sum(apiserver_request:burnrate6h) > (6.00 * 0.01000)
+ and
+ sum(apiserver_request:burnrate30m) > (6.00 * 0.01000)
+ for: 15m
+ labels:
+ long: 6h
+ severity: critical
+ short: 30m
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeAPIErrorBudgetBurn | default false) }}
+ - alert: KubeAPIErrorBudgetBurn
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: The API server is burning too much error budget.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeapierrorbudgetburn
+ summary: The API server is burning too much error budget.
+ expr: |-
+ sum(apiserver_request:burnrate1d) > (3.00 * 0.01000)
+ and
+ sum(apiserver_request:burnrate2h) > (3.00 * 0.01000)
+ for: 1h
+ labels:
+ long: 1d
+ severity: warning
+ short: 2h
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeAPIErrorBudgetBurn | default false) }}
+ - alert: KubeAPIErrorBudgetBurn
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: The API server is burning too much error budget.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeapierrorbudgetburn
+ summary: The API server is burning too much error budget.
+ expr: |-
+ sum(apiserver_request:burnrate3d) > (1.00 * 0.01000)
+ and
+ sum(apiserver_request:burnrate6h) > (1.00 * 0.01000)
+ for: 3h
+ labels:
+ long: 3d
+ severity: warning
+ short: 6h
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml
new file mode 100644
index 0000000..78a3db1
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml
@@ -0,0 +1,31 @@
+{{- /*
+Generated from 'kube-prometheus-general.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubePrometheus-prometheusRule.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubePrometheusGeneral }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-prometheus-general.rules" | trunc 63 | trimSuffix "-" }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.defaultRules.labels }}
+{{ toYaml .Values.defaultRules.labels | indent 4 }}
+{{- end }}
+{{- if .Values.defaultRules.annotations }}
+ annotations:
+{{ toYaml .Values.defaultRules.annotations | indent 4 }}
+{{- end }}
+spec:
+ groups:
+ - name: kube-prometheus-general.rules
+ rules:
+ - expr: count without(instance, pod, node) (up == 1)
+ record: count:up1
+ - expr: count without(instance, pod, node) (up == 0)
+ record: count:up0
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml
new file mode 100644
index 0000000..0cd0ba5
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml
@@ -0,0 +1,39 @@
+{{- /*
+Generated from 'kube-prometheus-node-recording.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubePrometheus-prometheusRule.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubePrometheusNodeRecording }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-prometheus-node-recording.rules" | trunc 63 | trimSuffix "-" }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.defaultRules.labels }}
+{{ toYaml .Values.defaultRules.labels | indent 4 }}
+{{- end }}
+{{- if .Values.defaultRules.annotations }}
+ annotations:
+{{ toYaml .Values.defaultRules.annotations | indent 4 }}
+{{- end }}
+spec:
+ groups:
+ - name: kube-prometheus-node-recording.rules
+ rules:
+ - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[3m])) BY (instance)
+ record: instance:node_cpu:rate:sum
+ - expr: sum(rate(node_network_receive_bytes_total[3m])) BY (instance)
+ record: instance:node_network_receive_bytes:rate:sum
+ - expr: sum(rate(node_network_transmit_bytes_total[3m])) BY (instance)
+ record: instance:node_network_transmit_bytes:rate:sum
+ - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[5m])) WITHOUT (cpu, mode) / ON(instance) GROUP_LEFT() count(sum(node_cpu_seconds_total) BY (instance, cpu)) BY (instance)
+ record: instance:node_cpu:ratio
+ - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[5m]))
+ record: cluster:node_cpu:sum_rate5m
+ - expr: cluster:node_cpu:sum_rate5m / count(sum(node_cpu_seconds_total) BY (instance, cpu))
+ record: cluster:node_cpu:ratio
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml
new file mode 100644
index 0000000..355575d
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml
@@ -0,0 +1,63 @@
+{{- /*
+Generated from 'kube-scheduler.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeScheduler.enabled .Values.defaultRules.rules.kubeSchedulerRecording }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-scheduler.rules" | trunc 63 | trimSuffix "-" }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.defaultRules.labels }}
+{{ toYaml .Values.defaultRules.labels | indent 4 }}
+{{- end }}
+{{- if .Values.defaultRules.annotations }}
+ annotations:
+{{ toYaml .Values.defaultRules.annotations | indent 4 }}
+{{- end }}
+spec:
+ groups:
+ - name: kube-scheduler.rules
+ rules:
+ - expr: histogram_quantile(0.99, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{job="kube-scheduler"}[5m])) without(instance, pod))
+ labels:
+ quantile: '0.99'
+ record: cluster_quantile:scheduler_e2e_scheduling_duration_seconds:histogram_quantile
+ - expr: histogram_quantile(0.99, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{job="kube-scheduler"}[5m])) without(instance, pod))
+ labels:
+ quantile: '0.99'
+ record: cluster_quantile:scheduler_scheduling_algorithm_duration_seconds:histogram_quantile
+ - expr: histogram_quantile(0.99, sum(rate(scheduler_binding_duration_seconds_bucket{job="kube-scheduler"}[5m])) without(instance, pod))
+ labels:
+ quantile: '0.99'
+ record: cluster_quantile:scheduler_binding_duration_seconds:histogram_quantile
+ - expr: histogram_quantile(0.9, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{job="kube-scheduler"}[5m])) without(instance, pod))
+ labels:
+ quantile: '0.9'
+ record: cluster_quantile:scheduler_e2e_scheduling_duration_seconds:histogram_quantile
+ - expr: histogram_quantile(0.9, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{job="kube-scheduler"}[5m])) without(instance, pod))
+ labels:
+ quantile: '0.9'
+ record: cluster_quantile:scheduler_scheduling_algorithm_duration_seconds:histogram_quantile
+ - expr: histogram_quantile(0.9, sum(rate(scheduler_binding_duration_seconds_bucket{job="kube-scheduler"}[5m])) without(instance, pod))
+ labels:
+ quantile: '0.9'
+ record: cluster_quantile:scheduler_binding_duration_seconds:histogram_quantile
+ - expr: histogram_quantile(0.5, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{job="kube-scheduler"}[5m])) without(instance, pod))
+ labels:
+ quantile: '0.5'
+ record: cluster_quantile:scheduler_e2e_scheduling_duration_seconds:histogram_quantile
+ - expr: histogram_quantile(0.5, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{job="kube-scheduler"}[5m])) without(instance, pod))
+ labels:
+ quantile: '0.5'
+ record: cluster_quantile:scheduler_scheduling_algorithm_duration_seconds:histogram_quantile
+ - expr: histogram_quantile(0.5, sum(rate(scheduler_binding_duration_seconds_bucket{job="kube-scheduler"}[5m])) without(instance, pod))
+ labels:
+ quantile: '0.5'
+ record: cluster_quantile:scheduler_binding_duration_seconds:histogram_quantile
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-state-metrics.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-state-metrics.yaml
new file mode 100644
index 0000000..7547436
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-state-metrics.yaml
@@ -0,0 +1,107 @@
+{{- /*
+Generated from 'kube-state-metrics' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubeStateMetrics-prometheusRule.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubeStateMetrics }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-state-metrics" | trunc 63 | trimSuffix "-" }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.defaultRules.labels }}
+{{ toYaml .Values.defaultRules.labels | indent 4 }}
+{{- end }}
+{{- if .Values.defaultRules.annotations }}
+ annotations:
+{{ toYaml .Values.defaultRules.annotations | indent 4 }}
+{{- end }}
+spec:
+ groups:
+ - name: kube-state-metrics
+ rules:
+{{- if not (.Values.defaultRules.disabled.KubeStateMetricsListErrors | default false) }}
+ - alert: KubeStateMetricsListErrors
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: kube-state-metrics is experiencing errors at an elevated rate in list operations. This is likely causing it to not be able to expose metrics about Kubernetes objects correctly or at all.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kube-state-metrics/kubestatemetricslisterrors
+ summary: kube-state-metrics is experiencing errors in list operations.
+ expr: |-
+ (sum(rate(kube_state_metrics_list_total{job="kube-state-metrics",result="error"}[5m]))
+ /
+ sum(rate(kube_state_metrics_list_total{job="kube-state-metrics"}[5m])))
+ > 0.01
+ for: 15m
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeStateMetricsWatchErrors | default false) }}
+ - alert: KubeStateMetricsWatchErrors
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: kube-state-metrics is experiencing errors at an elevated rate in watch operations. This is likely causing it to not be able to expose metrics about Kubernetes objects correctly or at all.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kube-state-metrics/kubestatemetricswatcherrors
+ summary: kube-state-metrics is experiencing errors in watch operations.
+ expr: |-
+ (sum(rate(kube_state_metrics_watch_total{job="kube-state-metrics",result="error"}[5m]))
+ /
+ sum(rate(kube_state_metrics_watch_total{job="kube-state-metrics"}[5m])))
+ > 0.01
+ for: 15m
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeStateMetricsShardingMismatch | default false) }}
+ - alert: KubeStateMetricsShardingMismatch
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: kube-state-metrics pods are running with different --total-shards configuration, some Kubernetes objects may be exposed multiple times or not exposed at all.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kube-state-metrics/kubestatemetricsshardingmismatch
+ summary: kube-state-metrics sharding is misconfigured.
+ expr: stdvar (kube_state_metrics_total_shards{job="kube-state-metrics"}) != 0
+ for: 15m
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeStateMetricsShardsMissing | default false) }}
+ - alert: KubeStateMetricsShardsMissing
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: kube-state-metrics shards are missing, some Kubernetes objects are not being exposed.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kube-state-metrics/kubestatemetricsshardsmissing
+ summary: kube-state-metrics shards are missing.
+ expr: |-
+ 2^max(kube_state_metrics_total_shards{job="kube-state-metrics"}) - 1
+ -
+ sum( 2 ^ max by (shard_ordinal) (kube_state_metrics_shard_ordinal{job="kube-state-metrics"}) )
+ != 0
+ for: 15m
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubelet.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubelet.rules.yaml
new file mode 100644
index 0000000..9176cd0
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubelet.rules.yaml
@@ -0,0 +1,39 @@
+{{- /*
+Generated from 'kubelet.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubelet.enabled .Values.defaultRules.rules.kubelet }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubelet.rules" | trunc 63 | trimSuffix "-" }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.defaultRules.labels }}
+{{ toYaml .Values.defaultRules.labels | indent 4 }}
+{{- end }}
+{{- if .Values.defaultRules.annotations }}
+ annotations:
+{{ toYaml .Values.defaultRules.annotations | indent 4 }}
+{{- end }}
+spec:
+ groups:
+ - name: kubelet.rules
+ rules:
+ - expr: histogram_quantile(0.99, sum(rate(kubelet_pleg_relist_duration_seconds_bucket[5m])) by (cluster, instance, le) * on(cluster, instance) group_left(node) kubelet_node_name{job="kubelet", metrics_path="/metrics"})
+ labels:
+ quantile: '0.99'
+ record: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile
+ - expr: histogram_quantile(0.9, sum(rate(kubelet_pleg_relist_duration_seconds_bucket[5m])) by (cluster, instance, le) * on(cluster, instance) group_left(node) kubelet_node_name{job="kubelet", metrics_path="/metrics"})
+ labels:
+ quantile: '0.9'
+ record: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile
+ - expr: histogram_quantile(0.5, sum(rate(kubelet_pleg_relist_duration_seconds_bucket[5m])) by (cluster, instance, le) * on(cluster, instance) group_left(node) kubelet_node_name{job="kubelet", metrics_path="/metrics"})
+ labels:
+ quantile: '0.5'
+ record: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-apps.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-apps.yaml
new file mode 100644
index 0000000..78ce26f
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-apps.yaml
@@ -0,0 +1,375 @@
+{{- /*
+Generated from 'kubernetes-apps' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesApps }}
+{{- $targetNamespace := .Values.defaultRules.appNamespacesTarget }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-apps" | trunc 63 | trimSuffix "-" }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.defaultRules.labels }}
+{{ toYaml .Values.defaultRules.labels | indent 4 }}
+{{- end }}
+{{- if .Values.defaultRules.annotations }}
+ annotations:
+{{ toYaml .Values.defaultRules.annotations | indent 4 }}
+{{- end }}
+spec:
+ groups:
+ - name: kubernetes-apps
+ rules:
+{{- if not (.Values.defaultRules.disabled.KubePodCrashLooping | default false) }}
+ - alert: KubePodCrashLooping
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: 'Pod {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}} ({{`{{`}} $labels.container {{`}}`}}) is in waiting state (reason: "CrashLoopBackOff").'
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubepodcrashlooping
+ summary: Pod is crash looping.
+ expr: max_over_time(kube_pod_container_status_waiting_reason{reason="CrashLoopBackOff", job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[5m]) >= 1
+ for: 15m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubePodNotReady | default false) }}
+ - alert: KubePodNotReady
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Pod {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}} has been in a non-ready state for longer than 15 minutes.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubepodnotready
+ summary: Pod has been in a non-ready state for more than 15 minutes.
+ expr: |-
+ sum by (namespace, pod, cluster) (
+ max by(namespace, pod, cluster) (
+ kube_pod_status_phase{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}", phase=~"Pending|Unknown|Failed"}
+ ) * on(namespace, pod, cluster) group_left(owner_kind) topk by(namespace, pod, cluster) (
+ 1, max by(namespace, pod, owner_kind, cluster) (kube_pod_owner{owner_kind!="Job"})
+ )
+ ) > 0
+ for: 15m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeDeploymentGenerationMismatch | default false) }}
+ - alert: KubeDeploymentGenerationMismatch
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Deployment generation for {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.deployment {{`}}`}} does not match, this indicates that the Deployment has failed but has not been rolled back.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubedeploymentgenerationmismatch
+ summary: Deployment generation mismatch due to possible roll-back
+ expr: |-
+ kube_deployment_status_observed_generation{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
+ !=
+ kube_deployment_metadata_generation{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
+ for: 15m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeDeploymentReplicasMismatch | default false) }}
+ - alert: KubeDeploymentReplicasMismatch
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Deployment {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.deployment {{`}}`}} has not matched the expected number of replicas for longer than 15 minutes.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubedeploymentreplicasmismatch
+ summary: Deployment has not matched the expected number of replicas.
+ expr: |-
+ (
+ kube_deployment_spec_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
+ >
+ kube_deployment_status_replicas_available{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
+ ) and (
+ changes(kube_deployment_status_replicas_updated{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[10m])
+ ==
+ 0
+ )
+ for: 15m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeStatefulSetReplicasMismatch | default false) }}
+ - alert: KubeStatefulSetReplicasMismatch
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: StatefulSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.statefulset {{`}}`}} has not matched the expected number of replicas for longer than 15 minutes.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubestatefulsetreplicasmismatch
+ summary: Deployment has not matched the expected number of replicas.
+ expr: |-
+ (
+ kube_statefulset_status_replicas_ready{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
+ !=
+ kube_statefulset_status_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
+ ) and (
+ changes(kube_statefulset_status_replicas_updated{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[10m])
+ ==
+ 0
+ )
+ for: 15m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeStatefulSetGenerationMismatch | default false) }}
+ - alert: KubeStatefulSetGenerationMismatch
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: StatefulSet generation for {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.statefulset {{`}}`}} does not match, this indicates that the StatefulSet has failed but has not been rolled back.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubestatefulsetgenerationmismatch
+ summary: StatefulSet generation mismatch due to possible roll-back
+ expr: |-
+ kube_statefulset_status_observed_generation{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
+ !=
+ kube_statefulset_metadata_generation{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
+ for: 15m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeStatefulSetUpdateNotRolledOut | default false) }}
+ - alert: KubeStatefulSetUpdateNotRolledOut
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: StatefulSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.statefulset {{`}}`}} update has not been rolled out.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubestatefulsetupdatenotrolledout
+ summary: StatefulSet update has not been rolled out.
+ expr: |-
+ (
+ max without (revision) (
+ kube_statefulset_status_current_revision{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
+ unless
+ kube_statefulset_status_update_revision{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
+ )
+ *
+ (
+ kube_statefulset_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
+ !=
+ kube_statefulset_status_replicas_updated{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
+ )
+ ) and (
+ changes(kube_statefulset_status_replicas_updated{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[5m])
+ ==
+ 0
+ )
+ for: 15m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeDaemonSetRolloutStuck | default false) }}
+ - alert: KubeDaemonSetRolloutStuck
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: DaemonSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.daemonset {{`}}`}} has not finished or progressed for at least 15 minutes.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubedaemonsetrolloutstuck
+ summary: DaemonSet rollout is stuck.
+ expr: |-
+ (
+ (
+ kube_daemonset_status_current_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
+ !=
+ kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
+ ) or (
+ kube_daemonset_status_number_misscheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
+ !=
+ 0
+ ) or (
+ kube_daemonset_status_updated_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
+ !=
+ kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
+ ) or (
+ kube_daemonset_status_number_available{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
+ !=
+ kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
+ )
+ ) and (
+ changes(kube_daemonset_status_updated_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[5m])
+ ==
+ 0
+ )
+ for: 15m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeContainerWaiting | default false) }}
+ - alert: KubeContainerWaiting
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: pod/{{`{{`}} $labels.pod {{`}}`}} in namespace {{`{{`}} $labels.namespace {{`}}`}} on container {{`{{`}} $labels.container{{`}}`}} has been in waiting state for longer than 1 hour.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubecontainerwaiting
+ summary: Pod container waiting longer than 1 hour
+ expr: sum by (namespace, pod, container, cluster) (kube_pod_container_status_waiting_reason{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}) > 0
+ for: 1h
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeDaemonSetNotScheduled | default false) }}
+ - alert: KubeDaemonSetNotScheduled
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: '{{`{{`}} $value {{`}}`}} Pods of DaemonSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.daemonset {{`}}`}} are not scheduled.'
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubedaemonsetnotscheduled
+ summary: DaemonSet pods are not scheduled.
+ expr: |-
+ kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
+ -
+ kube_daemonset_status_current_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} > 0
+ for: 10m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeDaemonSetMisScheduled | default false) }}
+ - alert: KubeDaemonSetMisScheduled
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: '{{`{{`}} $value {{`}}`}} Pods of DaemonSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.daemonset {{`}}`}} are running where they are not supposed to run.'
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubedaemonsetmisscheduled
+ summary: DaemonSet pods are misscheduled.
+ expr: kube_daemonset_status_number_misscheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} > 0
+ for: 15m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeJobNotCompleted | default false) }}
+ - alert: KubeJobNotCompleted
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Job {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.job_name {{`}}`}} is taking more than {{`{{`}} "43200" | humanizeDuration {{`}}`}} to complete.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubejobnotcompleted
+ summary: Job did not complete in time
+ expr: |-
+ time() - max by(namespace, job_name, cluster) (kube_job_status_start_time{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
+ and
+ kube_job_status_active{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} > 0) > 43200
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeJobFailed | default false) }}
+ - alert: KubeJobFailed
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Job {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.job_name {{`}}`}} failed to complete. Removing failed job after investigation should clear this alert.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubejobfailed
+ summary: Job failed to complete.
+ expr: kube_job_failed{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} > 0
+ for: 15m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeHpaReplicasMismatch | default false) }}
+ - alert: KubeHpaReplicasMismatch
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: HPA {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.horizontalpodautoscaler {{`}}`}} has not matched the desired number of replicas for longer than 15 minutes.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubehpareplicasmismatch
+ summary: HPA has not matched desired number of replicas.
+ expr: |-
+ (kube_horizontalpodautoscaler_status_desired_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
+ !=
+ kube_horizontalpodautoscaler_status_current_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"})
+ and
+ (kube_horizontalpodautoscaler_status_current_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
+ >
+ kube_horizontalpodautoscaler_spec_min_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"})
+ and
+ (kube_horizontalpodautoscaler_status_current_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
+ <
+ kube_horizontalpodautoscaler_spec_max_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"})
+ and
+ changes(kube_horizontalpodautoscaler_status_current_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[15m]) == 0
+ for: 15m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeHpaMaxedOut | default false) }}
+ - alert: KubeHpaMaxedOut
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: HPA {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.horizontalpodautoscaler {{`}}`}} has been running at max replicas for longer than 15 minutes.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubehpamaxedout
+ summary: HPA is running at max replicas
+ expr: |-
+ kube_horizontalpodautoscaler_status_current_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
+ ==
+ kube_horizontalpodautoscaler_spec_max_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
+ for: 15m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-resources.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-resources.yaml
new file mode 100644
index 0000000..5fab8d7
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-resources.yaml
@@ -0,0 +1,193 @@
+{{- /*
+Generated from 'kubernetes-resources' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesResources }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-resources" | trunc 63 | trimSuffix "-" }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.defaultRules.labels }}
+{{ toYaml .Values.defaultRules.labels | indent 4 }}
+{{- end }}
+{{- if .Values.defaultRules.annotations }}
+ annotations:
+{{ toYaml .Values.defaultRules.annotations | indent 4 }}
+{{- end }}
+spec:
+ groups:
+ - name: kubernetes-resources
+ rules:
+{{- if not (.Values.defaultRules.disabled.KubeCPUOvercommit | default false) }}
+ - alert: KubeCPUOvercommit
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Cluster has overcommitted CPU resource requests for Pods by {{`{{`}} $value {{`}}`}} CPU shares and cannot tolerate node failure.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubecpuovercommit
+ summary: Cluster has overcommitted CPU resource requests.
+ expr: |-
+ sum(namespace_cpu:kube_pod_container_resource_requests:sum{}) - (sum(kube_node_status_allocatable{resource="cpu"}) - max(kube_node_status_allocatable{resource="cpu"})) > 0
+ and
+ (sum(kube_node_status_allocatable{resource="cpu"}) - max(kube_node_status_allocatable{resource="cpu"})) > 0
+ for: 10m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeMemoryOvercommit | default false) }}
+ - alert: KubeMemoryOvercommit
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Cluster has overcommitted memory resource requests for Pods by {{`{{`}} $value | humanize {{`}}`}} bytes and cannot tolerate node failure.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubememoryovercommit
+ summary: Cluster has overcommitted memory resource requests.
+ expr: |-
+ sum(namespace_memory:kube_pod_container_resource_requests:sum{}) - (sum(kube_node_status_allocatable{resource="memory"}) - max(kube_node_status_allocatable{resource="memory"})) > 0
+ and
+ (sum(kube_node_status_allocatable{resource="memory"}) - max(kube_node_status_allocatable{resource="memory"})) > 0
+ for: 10m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeCPUQuotaOvercommit | default false) }}
+ - alert: KubeCPUQuotaOvercommit
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Cluster has overcommitted CPU resource requests for Namespaces.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubecpuquotaovercommit
+ summary: Cluster has overcommitted CPU resource requests.
+ expr: |-
+ sum(min without(resource) (kube_resourcequota{job="kube-state-metrics", type="hard", resource=~"(cpu|requests.cpu)"}))
+ /
+ sum(kube_node_status_allocatable{resource="cpu", job="kube-state-metrics"})
+ > 1.5
+ for: 5m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeMemoryQuotaOvercommit | default false) }}
+ - alert: KubeMemoryQuotaOvercommit
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Cluster has overcommitted memory resource requests for Namespaces.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubememoryquotaovercommit
+ summary: Cluster has overcommitted memory resource requests.
+ expr: |-
+ sum(min without(resource) (kube_resourcequota{job="kube-state-metrics", type="hard", resource=~"(memory|requests.memory)"}))
+ /
+ sum(kube_node_status_allocatable{resource="memory", job="kube-state-metrics"})
+ > 1.5
+ for: 5m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeQuotaAlmostFull | default false) }}
+ - alert: KubeQuotaAlmostFull
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Namespace {{`{{`}} $labels.namespace {{`}}`}} is using {{`{{`}} $value | humanizePercentage {{`}}`}} of its {{`{{`}} $labels.resource {{`}}`}} quota.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubequotaalmostfull
+ summary: Namespace quota is going to be full.
+ expr: |-
+ kube_resourcequota{job="kube-state-metrics", type="used"}
+ / ignoring(instance, job, type)
+ (kube_resourcequota{job="kube-state-metrics", type="hard"} > 0)
+ > 0.9 < 1
+ for: 15m
+ labels:
+ severity: info
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeQuotaFullyUsed | default false) }}
+ - alert: KubeQuotaFullyUsed
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Namespace {{`{{`}} $labels.namespace {{`}}`}} is using {{`{{`}} $value | humanizePercentage {{`}}`}} of its {{`{{`}} $labels.resource {{`}}`}} quota.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubequotafullyused
+ summary: Namespace quota is fully used.
+ expr: |-
+ kube_resourcequota{job="kube-state-metrics", type="used"}
+ / ignoring(instance, job, type)
+ (kube_resourcequota{job="kube-state-metrics", type="hard"} > 0)
+ == 1
+ for: 15m
+ labels:
+ severity: info
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeQuotaExceeded | default false) }}
+ - alert: KubeQuotaExceeded
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Namespace {{`{{`}} $labels.namespace {{`}}`}} is using {{`{{`}} $value | humanizePercentage {{`}}`}} of its {{`{{`}} $labels.resource {{`}}`}} quota.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubequotaexceeded
+ summary: Namespace quota has exceeded the limits.
+ expr: |-
+ kube_resourcequota{job="kube-state-metrics", type="used"}
+ / ignoring(instance, job, type)
+ (kube_resourcequota{job="kube-state-metrics", type="hard"} > 0)
+ > 1
+ for: 15m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.CPUThrottlingHigh | default false) }}
+ - alert: CPUThrottlingHigh
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: '{{`{{`}} $value | humanizePercentage {{`}}`}} throttling of CPU in namespace {{`{{`}} $labels.namespace {{`}}`}} for container {{`{{`}} $labels.container {{`}}`}} in pod {{`{{`}} $labels.pod {{`}}`}}.'
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/cputhrottlinghigh
+ summary: Processes experience elevated CPU throttling.
+ expr: |-
+ sum(increase(container_cpu_cfs_throttled_periods_total{container!="", }[5m])) by (container, pod, namespace)
+ /
+ sum(increase(container_cpu_cfs_periods_total{}[5m])) by (container, pod, namespace)
+ > ( 25 / 100 )
+ for: 15m
+ labels:
+ severity: info
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-storage.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-storage.yaml
new file mode 100644
index 0000000..fd19339
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-storage.yaml
@@ -0,0 +1,161 @@
+{{- /*
+Generated from 'kubernetes-storage' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesStorage }}
+{{- $targetNamespace := .Values.defaultRules.appNamespacesTarget }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-storage" | trunc 63 | trimSuffix "-" }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.defaultRules.labels }}
+{{ toYaml .Values.defaultRules.labels | indent 4 }}
+{{- end }}
+{{- if .Values.defaultRules.annotations }}
+ annotations:
+{{ toYaml .Values.defaultRules.annotations | indent 4 }}
+{{- end }}
+spec:
+ groups:
+ - name: kubernetes-storage
+ rules:
+{{- if not (.Values.defaultRules.disabled.KubePersistentVolumeFillingUp | default false) }}
+ - alert: KubePersistentVolumeFillingUp
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: The PersistentVolume claimed by {{`{{`}} $labels.persistentvolumeclaim {{`}}`}} in Namespace {{`{{`}} $labels.namespace {{`}}`}} is only {{`{{`}} $value | humanizePercentage {{`}}`}} free.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubepersistentvolumefillingup
+ summary: PersistentVolume is filling up.
+ expr: |-
+ (
+ kubelet_volume_stats_available_bytes{job="kubelet", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"}
+ /
+ kubelet_volume_stats_capacity_bytes{job="kubelet", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"}
+ ) < 0.03
+ and
+ kubelet_volume_stats_used_bytes{job="kubelet", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} > 0
+ unless on(namespace, persistentvolumeclaim)
+ kube_persistentvolumeclaim_access_mode{ access_mode="ReadOnlyMany"} == 1
+ unless on(namespace, persistentvolumeclaim)
+ kube_persistentvolumeclaim_labels{label_excluded_from_alerts="true"} == 1
+ for: 1m
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubePersistentVolumeFillingUp | default false) }}
+ - alert: KubePersistentVolumeFillingUp
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Based on recent sampling, the PersistentVolume claimed by {{`{{`}} $labels.persistentvolumeclaim {{`}}`}} in Namespace {{`{{`}} $labels.namespace {{`}}`}} is expected to fill up within four days. Currently {{`{{`}} $value | humanizePercentage {{`}}`}} is available.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubepersistentvolumefillingup
+ summary: PersistentVolume is filling up.
+ expr: |-
+ (
+ kubelet_volume_stats_available_bytes{job="kubelet", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"}
+ /
+ kubelet_volume_stats_capacity_bytes{job="kubelet", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"}
+ ) < 0.15
+ and
+ kubelet_volume_stats_used_bytes{job="kubelet", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} > 0
+ and
+ predict_linear(kubelet_volume_stats_available_bytes{job="kubelet", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"}[6h], 4 * 24 * 3600) < 0
+ unless on(namespace, persistentvolumeclaim)
+ kube_persistentvolumeclaim_access_mode{ access_mode="ReadOnlyMany"} == 1
+ unless on(namespace, persistentvolumeclaim)
+ kube_persistentvolumeclaim_labels{label_excluded_from_alerts="true"} == 1
+ for: 1h
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubePersistentVolumeInodesFillingUp | default false) }}
+ - alert: KubePersistentVolumeInodesFillingUp
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: The PersistentVolume claimed by {{`{{`}} $labels.persistentvolumeclaim {{`}}`}} in Namespace {{`{{`}} $labels.namespace {{`}}`}} only has {{`{{`}} $value | humanizePercentage {{`}}`}} free inodes.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubepersistentvolumeinodesfillingup
+ summary: PersistentVolumeInodes are filling up.
+ expr: |-
+ (
+ kubelet_volume_stats_inodes_free{job="kubelet", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"}
+ /
+ kubelet_volume_stats_inodes{job="kubelet", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"}
+ ) < 0.03
+ and
+ kubelet_volume_stats_inodes_used{job="kubelet", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} > 0
+ unless on(namespace, persistentvolumeclaim)
+ kube_persistentvolumeclaim_access_mode{ access_mode="ReadOnlyMany"} == 1
+ unless on(namespace, persistentvolumeclaim)
+ kube_persistentvolumeclaim_labels{label_excluded_from_alerts="true"} == 1
+ for: 1m
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubePersistentVolumeInodesFillingUp | default false) }}
+ - alert: KubePersistentVolumeInodesFillingUp
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Based on recent sampling, the PersistentVolume claimed by {{`{{`}} $labels.persistentvolumeclaim {{`}}`}} in Namespace {{`{{`}} $labels.namespace {{`}}`}} is expected to run out of inodes within four days. Currently {{`{{`}} $value | humanizePercentage {{`}}`}} of its inodes are free.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubepersistentvolumeinodesfillingup
+ summary: PersistentVolumeInodes are filling up.
+ expr: |-
+ (
+ kubelet_volume_stats_inodes_free{job="kubelet", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"}
+ /
+ kubelet_volume_stats_inodes{job="kubelet", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"}
+ ) < 0.15
+ and
+ kubelet_volume_stats_inodes_used{job="kubelet", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} > 0
+ and
+ predict_linear(kubelet_volume_stats_inodes_free{job="kubelet", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"}[6h], 4 * 24 * 3600) < 0
+ unless on(namespace, persistentvolumeclaim)
+ kube_persistentvolumeclaim_access_mode{ access_mode="ReadOnlyMany"} == 1
+ unless on(namespace, persistentvolumeclaim)
+ kube_persistentvolumeclaim_labels{label_excluded_from_alerts="true"} == 1
+ for: 1h
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubePersistentVolumeErrors | default false) }}
+ - alert: KubePersistentVolumeErrors
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: The persistent volume {{`{{`}} $labels.persistentvolume {{`}}`}} has status {{`{{`}} $labels.phase {{`}}`}}.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubepersistentvolumeerrors
+ summary: PersistentVolume is having issues with provisioning.
+ expr: kube_persistentvolume_status_phase{phase=~"Failed|Pending",job="kube-state-metrics"} > 0
+ for: 5m
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml
new file mode 100644
index 0000000..fcb5298
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml
@@ -0,0 +1,130 @@
+{{- /*
+Generated from 'kubernetes-system-apiserver' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesSystem }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-system-apiserver" | trunc 63 | trimSuffix "-" }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.defaultRules.labels }}
+{{ toYaml .Values.defaultRules.labels | indent 4 }}
+{{- end }}
+{{- if .Values.defaultRules.annotations }}
+ annotations:
+{{ toYaml .Values.defaultRules.annotations | indent 4 }}
+{{- end }}
+spec:
+ groups:
+ - name: kubernetes-system-apiserver
+ rules:
+{{- if not (.Values.defaultRules.disabled.KubeClientCertificateExpiration | default false) }}
+ - alert: KubeClientCertificateExpiration
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: A client certificate used to authenticate to kubernetes apiserver is expiring in less than 7.0 days.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeclientcertificateexpiration
+ summary: Client certificate is about to expire.
+ expr: apiserver_client_certificate_expiration_seconds_count{job="apiserver"} > 0 and on(job) histogram_quantile(0.01, sum by (job, le) (rate(apiserver_client_certificate_expiration_seconds_bucket{job="apiserver"}[5m]))) < 604800
+ for: 5m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeClientCertificateExpiration | default false) }}
+ - alert: KubeClientCertificateExpiration
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: A client certificate used to authenticate to kubernetes apiserver is expiring in less than 24.0 hours.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeclientcertificateexpiration
+ summary: Client certificate is about to expire.
+ expr: apiserver_client_certificate_expiration_seconds_count{job="apiserver"} > 0 and on(job) histogram_quantile(0.01, sum by (job, le) (rate(apiserver_client_certificate_expiration_seconds_bucket{job="apiserver"}[5m]))) < 86400
+ for: 5m
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeAggregatedAPIErrors | default false) }}
+ - alert: KubeAggregatedAPIErrors
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Kubernetes aggregated API {{`{{`}} $labels.name {{`}}`}}/{{`{{`}} $labels.namespace {{`}}`}} has reported errors. It has appeared unavailable {{`{{`}} $value | humanize {{`}}`}} times averaged over the past 10m.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeaggregatedapierrors
+ summary: Kubernetes aggregated API has reported errors.
+ expr: sum by(name, namespace, cluster)(increase(aggregator_unavailable_apiservice_total[10m])) > 4
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeAggregatedAPIDown | default false) }}
+ - alert: KubeAggregatedAPIDown
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Kubernetes aggregated API {{`{{`}} $labels.name {{`}}`}}/{{`{{`}} $labels.namespace {{`}}`}} has been only {{`{{`}} $value | humanize {{`}}`}}% available over the last 10m.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeaggregatedapidown
+ summary: Kubernetes aggregated API is down.
+ expr: (1 - max by(name, namespace, cluster)(avg_over_time(aggregator_unavailable_apiservice[10m]))) * 100 < 85
+ for: 5m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if .Values.kubeApiServer.enabled }}
+{{- if not (.Values.defaultRules.disabled.KubeAPIDown | default false) }}
+ - alert: KubeAPIDown
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: KubeAPI has disappeared from Prometheus target discovery.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeapidown
+ summary: Target disappeared from Prometheus target discovery.
+ expr: absent(up{job="apiserver"} == 1)
+ for: 15m
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeAPITerminatedRequests | default false) }}
+ - alert: KubeAPITerminatedRequests
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: The kubernetes apiserver has terminated {{`{{`}} $value | humanizePercentage {{`}}`}} of its incoming requests.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeapiterminatedrequests
+ summary: The kubernetes apiserver has terminated {{`{{`}} $value | humanizePercentage {{`}}`}} of its incoming requests.
+ expr: sum(rate(apiserver_request_terminations_total{job="apiserver"}[10m])) / ( sum(rate(apiserver_request_total{job="apiserver"}[10m])) + sum(rate(apiserver_request_terminations_total{job="apiserver"}[10m])) ) > 0.20
+ for: 5m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml
new file mode 100644
index 0000000..c423fb8
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml
@@ -0,0 +1,46 @@
+{{- /*
+Generated from 'kubernetes-system-controller-manager' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeControllerManager.enabled .Values.defaultRules.rules.kubeControllerManager }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-system-controller-manager" | trunc 63 | trimSuffix "-" }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.defaultRules.labels }}
+{{ toYaml .Values.defaultRules.labels | indent 4 }}
+{{- end }}
+{{- if .Values.defaultRules.annotations }}
+ annotations:
+{{ toYaml .Values.defaultRules.annotations | indent 4 }}
+{{- end }}
+spec:
+ groups:
+ - name: kubernetes-system-controller-manager
+ rules:
+{{- if .Values.kubeControllerManager.enabled }}
+{{- if not (.Values.defaultRules.disabled.KubeControllerManagerDown | default false) }}
+ - alert: KubeControllerManagerDown
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: KubeControllerManager has disappeared from Prometheus target discovery.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubecontrollermanagerdown
+ summary: Target disappeared from Prometheus target discovery.
+ expr: absent(up{job="kube-controller-manager"} == 1)
+ for: 15m
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-kube-proxy.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-kube-proxy.yaml
new file mode 100644
index 0000000..8082fdc
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-kube-proxy.yaml
@@ -0,0 +1,44 @@
+{{- /*
+Generated from 'kubernetes-system-kube-proxy' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeProxy.enabled .Values.defaultRules.rules.kubeProxy }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-system-kube-proxy" | trunc 63 | trimSuffix "-" }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.defaultRules.labels }}
+{{ toYaml .Values.defaultRules.labels | indent 4 }}
+{{- end }}
+{{- if .Values.defaultRules.annotations }}
+ annotations:
+{{ toYaml .Values.defaultRules.annotations | indent 4 }}
+{{- end }}
+spec:
+ groups:
+ - name: kubernetes-system-kube-proxy
+ rules:
+{{- if not (.Values.defaultRules.disabled.KubeProxyDown | default false) }}
+ - alert: KubeProxyDown
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: KubeProxy has disappeared from Prometheus target discovery.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeproxydown
+ summary: Target disappeared from Prometheus target discovery.
+ expr: absent(up{job="kube-proxy"} == 1)
+ for: 15m
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml
new file mode 100644
index 0000000..fe558cf
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml
@@ -0,0 +1,253 @@
+{{- /*
+Generated from 'kubernetes-system-kubelet' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesSystem }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-system-kubelet" | trunc 63 | trimSuffix "-" }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.defaultRules.labels }}
+{{ toYaml .Values.defaultRules.labels | indent 4 }}
+{{- end }}
+{{- if .Values.defaultRules.annotations }}
+ annotations:
+{{ toYaml .Values.defaultRules.annotations | indent 4 }}
+{{- end }}
+spec:
+ groups:
+ - name: kubernetes-system-kubelet
+ rules:
+{{- if not (.Values.defaultRules.disabled.KubeNodeNotReady | default false) }}
+ - alert: KubeNodeNotReady
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: '{{`{{`}} $labels.node {{`}}`}} has been unready for more than 15 minutes.'
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubenodenotready
+ summary: Node is not ready.
+ expr: kube_node_status_condition{job="kube-state-metrics",condition="Ready",status="true"} == 0
+ for: 15m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeNodeUnreachable | default false) }}
+ - alert: KubeNodeUnreachable
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: '{{`{{`}} $labels.node {{`}}`}} is unreachable and some workloads may be rescheduled.'
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubenodeunreachable
+ summary: Node is unreachable.
+ expr: (kube_node_spec_taint{job="kube-state-metrics",key="node.kubernetes.io/unreachable",effect="NoSchedule"} unless ignoring(key,value) kube_node_spec_taint{job="kube-state-metrics",key=~"ToBeDeletedByClusterAutoscaler|cloud.google.com/impending-node-termination|aws-node-termination-handler/spot-itn"}) == 1
+ for: 15m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeletTooManyPods | default false) }}
+ - alert: KubeletTooManyPods
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Kubelet '{{`{{`}} $labels.node {{`}}`}}' is running at {{`{{`}} $value | humanizePercentage {{`}}`}} of its Pod capacity.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubelettoomanypods
+ summary: Kubelet is running at capacity.
+ expr: |-
+ count by(cluster, node) (
+ (kube_pod_status_phase{job="kube-state-metrics",phase="Running"} == 1) * on(instance,pod,namespace,cluster) group_left(node) topk by(instance,pod,namespace,cluster) (1, kube_pod_info{job="kube-state-metrics"})
+ )
+ /
+ max by(cluster, node) (
+ kube_node_status_capacity{job="kube-state-metrics",resource="pods"} != 1
+ ) > 0.95
+ for: 15m
+ labels:
+ severity: info
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeNodeReadinessFlapping | default false) }}
+ - alert: KubeNodeReadinessFlapping
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: The readiness status of node {{`{{`}} $labels.node {{`}}`}} has changed {{`{{`}} $value {{`}}`}} times in the last 15 minutes.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubenodereadinessflapping
+ summary: Node readiness status is flapping.
+ expr: sum(changes(kube_node_status_condition{status="true",condition="Ready"}[15m])) by (cluster, node) > 2
+ for: 15m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeletPlegDurationHigh | default false) }}
+ - alert: KubeletPlegDurationHigh
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: The Kubelet Pod Lifecycle Event Generator has a 99th percentile duration of {{`{{`}} $value {{`}}`}} seconds on node {{`{{`}} $labels.node {{`}}`}}.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeletplegdurationhigh
+ summary: Kubelet Pod Lifecycle Event Generator is taking too long to relist.
+ expr: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile{quantile="0.99"} >= 10
+ for: 5m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeletPodStartUpLatencyHigh | default false) }}
+ - alert: KubeletPodStartUpLatencyHigh
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Kubelet Pod startup 99th percentile latency is {{`{{`}} $value {{`}}`}} seconds on node {{`{{`}} $labels.node {{`}}`}}.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeletpodstartuplatencyhigh
+ summary: Kubelet Pod startup latency is too high.
+ expr: histogram_quantile(0.99, sum(rate(kubelet_pod_worker_duration_seconds_bucket{job="kubelet", metrics_path="/metrics"}[5m])) by (cluster, instance, le)) * on(cluster, instance) group_left(node) kubelet_node_name{job="kubelet", metrics_path="/metrics"} > 60
+ for: 15m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeletClientCertificateExpiration | default false) }}
+ - alert: KubeletClientCertificateExpiration
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Client certificate for Kubelet on node {{`{{`}} $labels.node {{`}}`}} expires in {{`{{`}} $value | humanizeDuration {{`}}`}}.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeletclientcertificateexpiration
+ summary: Kubelet client certificate is about to expire.
+ expr: kubelet_certificate_manager_client_ttl_seconds < 604800
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeletClientCertificateExpiration | default false) }}
+ - alert: KubeletClientCertificateExpiration
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Client certificate for Kubelet on node {{`{{`}} $labels.node {{`}}`}} expires in {{`{{`}} $value | humanizeDuration {{`}}`}}.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeletclientcertificateexpiration
+ summary: Kubelet client certificate is about to expire.
+ expr: kubelet_certificate_manager_client_ttl_seconds < 86400
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeletServerCertificateExpiration | default false) }}
+ - alert: KubeletServerCertificateExpiration
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Server certificate for Kubelet on node {{`{{`}} $labels.node {{`}}`}} expires in {{`{{`}} $value | humanizeDuration {{`}}`}}.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeletservercertificateexpiration
+ summary: Kubelet server certificate is about to expire.
+ expr: kubelet_certificate_manager_server_ttl_seconds < 604800
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeletServerCertificateExpiration | default false) }}
+ - alert: KubeletServerCertificateExpiration
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Server certificate for Kubelet on node {{`{{`}} $labels.node {{`}}`}} expires in {{`{{`}} $value | humanizeDuration {{`}}`}}.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeletservercertificateexpiration
+ summary: Kubelet server certificate is about to expire.
+ expr: kubelet_certificate_manager_server_ttl_seconds < 86400
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeletClientCertificateRenewalErrors | default false) }}
+ - alert: KubeletClientCertificateRenewalErrors
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Kubelet on node {{`{{`}} $labels.node {{`}}`}} has failed to renew its client certificate ({{`{{`}} $value | humanize {{`}}`}} errors in the last 5 minutes).
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeletclientcertificaterenewalerrors
+ summary: Kubelet has failed to renew its client certificate.
+ expr: increase(kubelet_certificate_manager_client_expiration_renew_errors[5m]) > 0
+ for: 15m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeletServerCertificateRenewalErrors | default false) }}
+ - alert: KubeletServerCertificateRenewalErrors
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Kubelet on node {{`{{`}} $labels.node {{`}}`}} has failed to renew its server certificate ({{`{{`}} $value | humanize {{`}}`}} errors in the last 5 minutes).
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeletservercertificaterenewalerrors
+ summary: Kubelet has failed to renew its server certificate.
+ expr: increase(kubelet_server_expiration_renew_errors[5m]) > 0
+ for: 15m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if .Values.prometheusOperator.kubeletService.enabled }}
+{{- if not (.Values.defaultRules.disabled.KubeletDown | default false) }}
+ - alert: KubeletDown
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Kubelet has disappeared from Prometheus target discovery.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeletdown
+ summary: Target disappeared from Prometheus target discovery.
+ expr: absent(up{job="kubelet", metrics_path="/metrics"} == 1)
+ for: 15m
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml
new file mode 100644
index 0000000..19c974d
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml
@@ -0,0 +1,46 @@
+{{- /*
+Generated from 'kubernetes-system-scheduler' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeScheduler.enabled .Values.defaultRules.rules.kubeSchedulerAlerting }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-system-scheduler" | trunc 63 | trimSuffix "-" }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.defaultRules.labels }}
+{{ toYaml .Values.defaultRules.labels | indent 4 }}
+{{- end }}
+{{- if .Values.defaultRules.annotations }}
+ annotations:
+{{ toYaml .Values.defaultRules.annotations | indent 4 }}
+{{- end }}
+spec:
+ groups:
+ - name: kubernetes-system-scheduler
+ rules:
+{{- if .Values.kubeScheduler.enabled }}
+{{- if not (.Values.defaultRules.disabled.KubeSchedulerDown | default false) }}
+ - alert: KubeSchedulerDown
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: KubeScheduler has disappeared from Prometheus target discovery.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeschedulerdown
+ summary: Target disappeared from Prometheus target discovery.
+ expr: absent(up{job="kube-scheduler"} == 1)
+ for: 15m
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system.yaml
new file mode 100644
index 0000000..3260592
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system.yaml
@@ -0,0 +1,65 @@
+{{- /*
+Generated from 'kubernetes-system' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesSystem }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-system" | trunc 63 | trimSuffix "-" }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.defaultRules.labels }}
+{{ toYaml .Values.defaultRules.labels | indent 4 }}
+{{- end }}
+{{- if .Values.defaultRules.annotations }}
+ annotations:
+{{ toYaml .Values.defaultRules.annotations | indent 4 }}
+{{- end }}
+spec:
+ groups:
+ - name: kubernetes-system
+ rules:
+{{- if not (.Values.defaultRules.disabled.KubeVersionMismatch | default false) }}
+ - alert: KubeVersionMismatch
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: There are {{`{{`}} $value {{`}}`}} different semantic versions of Kubernetes components running.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeversionmismatch
+ summary: Different semantic versions of Kubernetes components running.
+ expr: count by (cluster) (count by (git_version, cluster) (label_replace(kubernetes_build_info{job!~"kube-dns|coredns"},"git_version","$1","git_version","(v[0-9]*.[0-9]*).*"))) > 1
+ for: 15m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.KubeClientErrors | default false) }}
+ - alert: KubeClientErrors
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Kubernetes API server client '{{`{{`}} $labels.job {{`}}`}}/{{`{{`}} $labels.instance {{`}}`}}' is experiencing {{`{{`}} $value | humanizePercentage {{`}}`}} errors.'
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeclienterrors
+ summary: Kubernetes API server client is experiencing errors.
+ expr: |-
+ (sum(rate(rest_client_requests_total{code=~"5.."}[5m])) by (cluster, instance, job, namespace)
+ /
+ sum(rate(rest_client_requests_total[5m])) by (cluster, instance, job, namespace))
+ > 0.01
+ for: 15m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-exporter.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-exporter.rules.yaml
new file mode 100644
index 0000000..c3cfe36
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-exporter.rules.yaml
@@ -0,0 +1,89 @@
+{{- /*
+Generated from 'node-exporter.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/nodeExporter-prometheusRule.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.nodeExporterRecording }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "node-exporter.rules" | trunc 63 | trimSuffix "-" }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.defaultRules.labels }}
+{{ toYaml .Values.defaultRules.labels | indent 4 }}
+{{- end }}
+{{- if .Values.defaultRules.annotations }}
+ annotations:
+{{ toYaml .Values.defaultRules.annotations | indent 4 }}
+{{- end }}
+spec:
+ groups:
+ - name: node-exporter.rules
+ rules:
+ - expr: |-
+ count without (cpu, mode) (
+ node_cpu_seconds_total{job="node-exporter",mode="idle"}
+ )
+ record: instance:node_num_cpu:sum
+ - expr: |-
+ 1 - avg without (cpu) (
+ sum without (mode) (rate(node_cpu_seconds_total{job="node-exporter", mode=~"idle|iowait|steal"}[5m]))
+ )
+ record: instance:node_cpu_utilisation:rate5m
+ - expr: |-
+ (
+ node_load1{job="node-exporter"}
+ /
+ instance:node_num_cpu:sum{job="node-exporter"}
+ )
+ record: instance:node_load1_per_cpu:ratio
+ - expr: |-
+ 1 - (
+ (
+ node_memory_MemAvailable_bytes{job="node-exporter"}
+ or
+ (
+ node_memory_Buffers_bytes{job="node-exporter"}
+ +
+ node_memory_Cached_bytes{job="node-exporter"}
+ +
+ node_memory_MemFree_bytes{job="node-exporter"}
+ +
+ node_memory_Slab_bytes{job="node-exporter"}
+ )
+ )
+ /
+ node_memory_MemTotal_bytes{job="node-exporter"}
+ )
+ record: instance:node_memory_utilisation:ratio
+ - expr: rate(node_vmstat_pgmajfault{job="node-exporter"}[5m])
+ record: instance:node_vmstat_pgmajfault:rate5m
+ - expr: rate(node_disk_io_time_seconds_total{job="node-exporter", device=~"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)"}[5m])
+ record: instance_device:node_disk_io_time_seconds:rate5m
+ - expr: rate(node_disk_io_time_weighted_seconds_total{job="node-exporter", device=~"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)"}[5m])
+ record: instance_device:node_disk_io_time_weighted_seconds:rate5m
+ - expr: |-
+ sum without (device) (
+ rate(node_network_receive_bytes_total{job="node-exporter", device!="lo"}[5m])
+ )
+ record: instance:node_network_receive_bytes_excluding_lo:rate5m
+ - expr: |-
+ sum without (device) (
+ rate(node_network_transmit_bytes_total{job="node-exporter", device!="lo"}[5m])
+ )
+ record: instance:node_network_transmit_bytes_excluding_lo:rate5m
+ - expr: |-
+ sum without (device) (
+ rate(node_network_receive_drop_total{job="node-exporter", device!="lo"}[5m])
+ )
+ record: instance:node_network_receive_drop_excluding_lo:rate5m
+ - expr: |-
+ sum without (device) (
+ rate(node_network_transmit_drop_total{job="node-exporter", device!="lo"}[5m])
+ )
+ record: instance:node_network_transmit_drop_excluding_lo:rate5m
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-exporter.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-exporter.yaml
new file mode 100644
index 0000000..2fa7e28
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-exporter.yaml
@@ -0,0 +1,398 @@
+{{- /*
+Generated from 'node-exporter' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/nodeExporter-prometheusRule.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.nodeExporterAlerting }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "node-exporter" | trunc 63 | trimSuffix "-" }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.defaultRules.labels }}
+{{ toYaml .Values.defaultRules.labels | indent 4 }}
+{{- end }}
+{{- if .Values.defaultRules.annotations }}
+ annotations:
+{{ toYaml .Values.defaultRules.annotations | indent 4 }}
+{{- end }}
+spec:
+ groups:
+ - name: node-exporter
+ rules:
+{{- if not (.Values.defaultRules.disabled.NodeFilesystemSpaceFillingUp | default false) }}
+ - alert: NodeFilesystemSpaceFillingUp
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available space left and is filling up.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/nodefilesystemspacefillingup
+ summary: Filesystem is predicted to run out of space within the next 24 hours.
+ expr: |-
+ (
+ node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 15
+ and
+ predict_linear(node_filesystem_avail_bytes{job="node-exporter",fstype!=""}[6h], 24*60*60) < 0
+ and
+ node_filesystem_readonly{job="node-exporter",fstype!=""} == 0
+ )
+ for: 1h
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.NodeFilesystemSpaceFillingUp | default false) }}
+ - alert: NodeFilesystemSpaceFillingUp
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available space left and is filling up fast.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/nodefilesystemspacefillingup
+ summary: Filesystem is predicted to run out of space within the next 4 hours.
+ expr: |-
+ (
+ node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 10
+ and
+ predict_linear(node_filesystem_avail_bytes{job="node-exporter",fstype!=""}[6h], 4*60*60) < 0
+ and
+ node_filesystem_readonly{job="node-exporter",fstype!=""} == 0
+ )
+ for: 1h
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.NodeFilesystemAlmostOutOfSpace | default false) }}
+ - alert: NodeFilesystemAlmostOutOfSpace
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available space left.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/nodefilesystemalmostoutofspace
+ summary: Filesystem has less than 5% space left.
+ expr: |-
+ (
+ node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 5
+ and
+ node_filesystem_readonly{job="node-exporter",fstype!=""} == 0
+ )
+ for: 30m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.NodeFilesystemAlmostOutOfSpace | default false) }}
+ - alert: NodeFilesystemAlmostOutOfSpace
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available space left.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/nodefilesystemalmostoutofspace
+ summary: Filesystem has less than 3% space left.
+ expr: |-
+ (
+ node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 3
+ and
+ node_filesystem_readonly{job="node-exporter",fstype!=""} == 0
+ )
+ for: 30m
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.NodeFilesystemFilesFillingUp | default false) }}
+ - alert: NodeFilesystemFilesFillingUp
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available inodes left and is filling up.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/nodefilesystemfilesfillingup
+ summary: Filesystem is predicted to run out of inodes within the next 24 hours.
+ expr: |-
+ (
+ node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 40
+ and
+ predict_linear(node_filesystem_files_free{job="node-exporter",fstype!=""}[6h], 24*60*60) < 0
+ and
+ node_filesystem_readonly{job="node-exporter",fstype!=""} == 0
+ )
+ for: 1h
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.NodeFilesystemFilesFillingUp | default false) }}
+ - alert: NodeFilesystemFilesFillingUp
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available inodes left and is filling up fast.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/nodefilesystemfilesfillingup
+ summary: Filesystem is predicted to run out of inodes within the next 4 hours.
+ expr: |-
+ (
+ node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 20
+ and
+ predict_linear(node_filesystem_files_free{job="node-exporter",fstype!=""}[6h], 4*60*60) < 0
+ and
+ node_filesystem_readonly{job="node-exporter",fstype!=""} == 0
+ )
+ for: 1h
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.NodeFilesystemAlmostOutOfFiles | default false) }}
+ - alert: NodeFilesystemAlmostOutOfFiles
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available inodes left.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/nodefilesystemalmostoutoffiles
+ summary: Filesystem has less than 5% inodes left.
+ expr: |-
+ (
+ node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 5
+ and
+ node_filesystem_readonly{job="node-exporter",fstype!=""} == 0
+ )
+ for: 1h
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.NodeFilesystemAlmostOutOfFiles | default false) }}
+ - alert: NodeFilesystemAlmostOutOfFiles
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available inodes left.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/nodefilesystemalmostoutoffiles
+ summary: Filesystem has less than 3% inodes left.
+ expr: |-
+ (
+ node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 3
+ and
+ node_filesystem_readonly{job="node-exporter",fstype!=""} == 0
+ )
+ for: 1h
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.NodeNetworkReceiveErrs | default false) }}
+ - alert: NodeNetworkReceiveErrs
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: '{{`{{`}} $labels.instance {{`}}`}} interface {{`{{`}} $labels.device {{`}}`}} has encountered {{`{{`}} printf "%.0f" $value {{`}}`}} receive errors in the last two minutes.'
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/nodenetworkreceiveerrs
+ summary: Network interface is reporting many receive errors.
+ expr: rate(node_network_receive_errs_total[2m]) / rate(node_network_receive_packets_total[2m]) > 0.01
+ for: 1h
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.NodeNetworkTransmitErrs | default false) }}
+ - alert: NodeNetworkTransmitErrs
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: '{{`{{`}} $labels.instance {{`}}`}} interface {{`{{`}} $labels.device {{`}}`}} has encountered {{`{{`}} printf "%.0f" $value {{`}}`}} transmit errors in the last two minutes.'
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/nodenetworktransmiterrs
+ summary: Network interface is reporting many transmit errors.
+ expr: rate(node_network_transmit_errs_total[2m]) / rate(node_network_transmit_packets_total[2m]) > 0.01
+ for: 1h
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.NodeHighNumberConntrackEntriesUsed | default false) }}
+ - alert: NodeHighNumberConntrackEntriesUsed
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: '{{`{{`}} $value | humanizePercentage {{`}}`}} of conntrack entries are used.'
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/nodehighnumberconntrackentriesused
+ summary: Number of conntrack are getting close to the limit.
+ expr: (node_nf_conntrack_entries / node_nf_conntrack_entries_limit) > 0.75
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.NodeTextFileCollectorScrapeError | default false) }}
+ - alert: NodeTextFileCollectorScrapeError
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Node Exporter text file collector failed to scrape.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/nodetextfilecollectorscrapeerror
+ summary: Node Exporter text file collector failed to scrape.
+ expr: node_textfile_scrape_error{job="node-exporter"} == 1
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.NodeClockSkewDetected | default false) }}
+ - alert: NodeClockSkewDetected
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Clock on {{`{{`}} $labels.instance {{`}}`}} is out of sync by more than 300s. Ensure NTP is configured correctly on this host.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/nodeclockskewdetected
+ summary: Clock skew detected.
+ expr: |-
+ (
+ node_timex_offset_seconds{job="node-exporter"} > 0.05
+ and
+ deriv(node_timex_offset_seconds{job="node-exporter"}[5m]) >= 0
+ )
+ or
+ (
+ node_timex_offset_seconds{job="node-exporter"} < -0.05
+ and
+ deriv(node_timex_offset_seconds{job="node-exporter"}[5m]) <= 0
+ )
+ for: 10m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.NodeClockNotSynchronising | default false) }}
+ - alert: NodeClockNotSynchronising
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Clock on {{`{{`}} $labels.instance {{`}}`}} is not synchronising. Ensure NTP is configured on this host.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/nodeclocknotsynchronising
+ summary: Clock not synchronising.
+ expr: |-
+ min_over_time(node_timex_sync_status{job="node-exporter"}[5m]) == 0
+ and
+ node_timex_maxerror_seconds{job="node-exporter"} >= 16
+ for: 10m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.NodeRAIDDegraded | default false) }}
+ - alert: NodeRAIDDegraded
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: RAID array '{{`{{`}} $labels.device {{`}}`}}' on {{`{{`}} $labels.instance {{`}}`}} is in degraded state due to one or more disks failures. Number of spare drives is insufficient to fix issue automatically.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/noderaiddegraded
+ summary: RAID Array is degraded
+ expr: node_md_disks_required{job="node-exporter",device=~"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)"} - ignoring (state) (node_md_disks{state="active",job="node-exporter",device=~"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)"}) > 0
+ for: 15m
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.NodeRAIDDiskFailure | default false) }}
+ - alert: NodeRAIDDiskFailure
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: At least one device in RAID array on {{`{{`}} $labels.instance {{`}}`}} failed. Array '{{`{{`}} $labels.device {{`}}`}}' needs attention and possibly a disk swap.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/noderaiddiskfailure
+ summary: Failed device in RAID array
+ expr: node_md_disks{state="failed",job="node-exporter",device=~"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)"} > 0
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.NodeFileDescriptorLimit | default false) }}
+ - alert: NodeFileDescriptorLimit
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: File descriptors limit at {{`{{`}} $labels.instance {{`}}`}} is currently at {{`{{`}} printf "%.2f" $value {{`}}`}}%.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/nodefiledescriptorlimit
+ summary: Kernel is predicted to exhaust file descriptors limit soon.
+ expr: |-
+ (
+ node_filefd_allocated{job="node-exporter"} * 100 / node_filefd_maximum{job="node-exporter"} > 70
+ )
+ for: 15m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.NodeFileDescriptorLimit | default false) }}
+ - alert: NodeFileDescriptorLimit
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: File descriptors limit at {{`{{`}} $labels.instance {{`}}`}} is currently at {{`{{`}} printf "%.2f" $value {{`}}`}}%.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/nodefiledescriptorlimit
+ summary: Kernel is predicted to exhaust file descriptors limit soon.
+ expr: |-
+ (
+ node_filefd_allocated{job="node-exporter"} * 100 / node_filefd_maximum{job="node-exporter"} > 90
+ )
+ for: 15m
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-network.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-network.yaml
new file mode 100644
index 0000000..9320973
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-network.yaml
@@ -0,0 +1,44 @@
+{{- /*
+Generated from 'node-network' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubePrometheus-prometheusRule.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.network }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "node-network" | trunc 63 | trimSuffix "-" }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.defaultRules.labels }}
+{{ toYaml .Values.defaultRules.labels | indent 4 }}
+{{- end }}
+{{- if .Values.defaultRules.annotations }}
+ annotations:
+{{ toYaml .Values.defaultRules.annotations | indent 4 }}
+{{- end }}
+spec:
+ groups:
+ - name: node-network
+ rules:
+{{- if not (.Values.defaultRules.disabled.NodeNetworkInterfaceFlapping | default false) }}
+ - alert: NodeNetworkInterfaceFlapping
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Network interface "{{`{{`}} $labels.device {{`}}`}}" changing its up status often on node-exporter {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}}
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/general/nodenetworkinterfaceflapping
+ summary: Network interface is often changing its status
+ expr: changes(node_network_up{job="node-exporter",device!~"veth.+"}[2m]) > 2
+ for: 2m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node.rules.yaml
new file mode 100644
index 0000000..4f8da29
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node.rules.yaml
@@ -0,0 +1,55 @@
+{{- /*
+Generated from 'node.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.node }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "node.rules" | trunc 63 | trimSuffix "-" }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.defaultRules.labels }}
+{{ toYaml .Values.defaultRules.labels | indent 4 }}
+{{- end }}
+{{- if .Values.defaultRules.annotations }}
+ annotations:
+{{ toYaml .Values.defaultRules.annotations | indent 4 }}
+{{- end }}
+spec:
+ groups:
+ - name: node.rules
+ rules:
+ - expr: |-
+ topk by(cluster, namespace, pod) (1,
+ max by (cluster, node, namespace, pod) (
+ label_replace(kube_pod_info{job="kube-state-metrics",node!=""}, "pod", "$1", "pod", "(.*)")
+ ))
+ record: 'node_namespace_pod:kube_pod_info:'
+ - expr: |-
+ count by (cluster, node) (sum by (node, cpu) (
+ node_cpu_seconds_total{job="node-exporter"}
+ * on (namespace, pod) group_left(node)
+ topk by(namespace, pod) (1, node_namespace_pod:kube_pod_info:)
+ ))
+ record: node:node_num_cpu:sum
+ - expr: |-
+ sum(
+ node_memory_MemAvailable_bytes{job="node-exporter"} or
+ (
+ node_memory_Buffers_bytes{job="node-exporter"} +
+ node_memory_Cached_bytes{job="node-exporter"} +
+ node_memory_MemFree_bytes{job="node-exporter"} +
+ node_memory_Slab_bytes{job="node-exporter"}
+ )
+ ) by (cluster)
+ record: :node_memory_MemAvailable_bytes:sum
+ - expr: |-
+ sum(rate(node_cpu_seconds_total{job="node-exporter",mode!="idle",mode!="iowait",mode!="steal"}[5m])) /
+ count(sum(node_cpu_seconds_total{job="node-exporter"}) by (cluster, instance, cpu))
+ record: cluster:node_cpu:ratio_rate5m
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/prometheus-operator.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/prometheus-operator.yaml
new file mode 100644
index 0000000..1c6b5c5
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/prometheus-operator.yaml
@@ -0,0 +1,148 @@
+{{- /*
+Generated from 'prometheus-operator' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/prometheusOperator-prometheusRule.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.prometheusOperator }}
+{{- $operatorJob := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "operator" }}
+{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus-operator" | trunc 63 | trimSuffix "-" }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.defaultRules.labels }}
+{{ toYaml .Values.defaultRules.labels | indent 4 }}
+{{- end }}
+{{- if .Values.defaultRules.annotations }}
+ annotations:
+{{ toYaml .Values.defaultRules.annotations | indent 4 }}
+{{- end }}
+spec:
+ groups:
+ - name: prometheus-operator
+ rules:
+{{- if not (.Values.defaultRules.disabled.PrometheusOperatorListErrors | default false) }}
+ - alert: PrometheusOperatorListErrors
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Errors while performing List operations in controller {{`{{`}}$labels.controller{{`}}`}} in {{`{{`}}$labels.namespace{{`}}`}} namespace.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus-operator/prometheusoperatorlisterrors
+ summary: Errors while performing list operations in controller.
+ expr: (sum by (controller,namespace) (rate(prometheus_operator_list_operations_failed_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[10m])) / sum by (controller,namespace) (rate(prometheus_operator_list_operations_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[10m]))) > 0.4
+ for: 15m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.PrometheusOperatorWatchErrors | default false) }}
+ - alert: PrometheusOperatorWatchErrors
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Errors while performing watch operations in controller {{`{{`}}$labels.controller{{`}}`}} in {{`{{`}}$labels.namespace{{`}}`}} namespace.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus-operator/prometheusoperatorwatcherrors
+ summary: Errors while performing watch operations in controller.
+ expr: (sum by (controller,namespace) (rate(prometheus_operator_watch_operations_failed_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m])) / sum by (controller,namespace) (rate(prometheus_operator_watch_operations_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]))) > 0.4
+ for: 15m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.PrometheusOperatorSyncFailed | default false) }}
+ - alert: PrometheusOperatorSyncFailed
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Controller {{`{{`}} $labels.controller {{`}}`}} in {{`{{`}} $labels.namespace {{`}}`}} namespace fails to reconcile {{`{{`}} $value {{`}}`}} objects.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus-operator/prometheusoperatorsyncfailed
+ summary: Last controller reconciliation failed
+ expr: min_over_time(prometheus_operator_syncs{status="failed",job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]) > 0
+ for: 10m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.PrometheusOperatorReconcileErrors | default false) }}
+ - alert: PrometheusOperatorReconcileErrors
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: '{{`{{`}} $value | humanizePercentage {{`}}`}} of reconciling operations failed for {{`{{`}} $labels.controller {{`}}`}} controller in {{`{{`}} $labels.namespace {{`}}`}} namespace.'
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus-operator/prometheusoperatorreconcileerrors
+ summary: Errors while reconciling controller.
+ expr: (sum by (controller,namespace) (rate(prometheus_operator_reconcile_errors_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]))) / (sum by (controller,namespace) (rate(prometheus_operator_reconcile_operations_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]))) > 0.1
+ for: 10m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.PrometheusOperatorNodeLookupErrors | default false) }}
+ - alert: PrometheusOperatorNodeLookupErrors
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Errors while reconciling Prometheus in {{`{{`}} $labels.namespace {{`}}`}} Namespace.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus-operator/prometheusoperatornodelookuperrors
+ summary: Errors while reconciling Prometheus.
+ expr: rate(prometheus_operator_node_address_lookup_errors_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]) > 0.1
+ for: 10m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.PrometheusOperatorNotReady | default false) }}
+ - alert: PrometheusOperatorNotReady
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Prometheus operator in {{`{{`}} $labels.namespace {{`}}`}} namespace isn't ready to reconcile {{`{{`}} $labels.controller {{`}}`}} resources.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus-operator/prometheusoperatornotready
+ summary: Prometheus operator not ready
+ expr: min by (controller,namespace) (max_over_time(prometheus_operator_ready{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]) == 0)
+ for: 5m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.PrometheusOperatorRejectedResources | default false) }}
+ - alert: PrometheusOperatorRejectedResources
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Prometheus operator in {{`{{`}} $labels.namespace {{`}}`}} namespace rejected {{`{{`}} printf "%0.0f" $value {{`}}`}} {{`{{`}} $labels.controller {{`}}`}}/{{`{{`}} $labels.resource {{`}}`}} resources.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus-operator/prometheusoperatorrejectedresources
+ summary: Resources rejected by Prometheus operator
+ expr: min_over_time(prometheus_operator_managed_resources{state="rejected",job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]) > 0
+ for: 5m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/prometheus.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/prometheus.yaml
new file mode 100644
index 0000000..358ca7a
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/prometheus.yaml
@@ -0,0 +1,448 @@
+{{- /*
+Generated from 'prometheus' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/prometheus-prometheusRule.yaml
+Do not change in-place! In order to change this file first read following link:
+https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
+*/ -}}
+{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.prometheus }}
+{{- $prometheusJob := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus" }}
+{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus" | trunc 63 | trimSuffix "-" }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.defaultRules.labels }}
+{{ toYaml .Values.defaultRules.labels | indent 4 }}
+{{- end }}
+{{- if .Values.defaultRules.annotations }}
+ annotations:
+{{ toYaml .Values.defaultRules.annotations | indent 4 }}
+{{- end }}
+spec:
+ groups:
+ - name: prometheus
+ rules:
+{{- if not (.Values.defaultRules.disabled.PrometheusBadConfig | default false) }}
+ - alert: PrometheusBadConfig
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has failed to reload its configuration.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheusbadconfig
+ summary: Failed Prometheus configuration reload.
+ expr: |-
+ # Without max_over_time, failed scrapes could create false negatives, see
+ # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details.
+ max_over_time(prometheus_config_last_reload_successful{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) == 0
+ for: 10m
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.PrometheusNotificationQueueRunningFull | default false) }}
+ - alert: PrometheusNotificationQueueRunningFull
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Alert notification queue of Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} is running full.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheusnotificationqueuerunningfull
+ summary: Prometheus alert notification queue predicted to run full in less than 30m.
+ expr: |-
+ # Without min_over_time, failed scrapes could create false negatives, see
+ # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details.
+ (
+ predict_linear(prometheus_notifications_queue_length{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m], 60 * 30)
+ >
+ min_over_time(prometheus_notifications_queue_capacity{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m])
+ )
+ for: 15m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.PrometheusErrorSendingAlertsToSomeAlertmanagers | default false) }}
+ - alert: PrometheusErrorSendingAlertsToSomeAlertmanagers
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: '{{`{{`}} printf "%.1f" $value {{`}}`}}% errors while sending alerts from Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} to Alertmanager {{`{{`}}$labels.alertmanager{{`}}`}}.'
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheuserrorsendingalertstosomealertmanagers
+ summary: Prometheus has encountered more than 1% errors sending alerts to a specific Alertmanager.
+ expr: |-
+ (
+ rate(prometheus_notifications_errors_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m])
+ /
+ rate(prometheus_notifications_sent_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m])
+ )
+ * 100
+ > 1
+ for: 15m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.PrometheusNotConnectedToAlertmanagers | default false) }}
+ - alert: PrometheusNotConnectedToAlertmanagers
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} is not connected to any Alertmanagers.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheusnotconnectedtoalertmanagers
+ summary: Prometheus is not connected to any Alertmanagers.
+ expr: |-
+ # Without max_over_time, failed scrapes could create false negatives, see
+ # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details.
+ max_over_time(prometheus_notifications_alertmanagers_discovered{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) < 1
+ for: 10m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.PrometheusTSDBReloadsFailing | default false) }}
+ - alert: PrometheusTSDBReloadsFailing
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has detected {{`{{`}}$value | humanize{{`}}`}} reload failures over the last 3h.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheustsdbreloadsfailing
+ summary: Prometheus has issues reloading blocks from disk.
+ expr: increase(prometheus_tsdb_reloads_failures_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[3h]) > 0
+ for: 4h
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.PrometheusTSDBCompactionsFailing | default false) }}
+ - alert: PrometheusTSDBCompactionsFailing
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has detected {{`{{`}}$value | humanize{{`}}`}} compaction failures over the last 3h.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheustsdbcompactionsfailing
+ summary: Prometheus has issues compacting blocks.
+ expr: increase(prometheus_tsdb_compactions_failed_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[3h]) > 0
+ for: 4h
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.PrometheusNotIngestingSamples | default false) }}
+ - alert: PrometheusNotIngestingSamples
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} is not ingesting samples.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheusnotingestingsamples
+ summary: Prometheus is not ingesting samples.
+ expr: |-
+ (
+ rate(prometheus_tsdb_head_samples_appended_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) <= 0
+ and
+ (
+ sum without(scrape_job) (prometheus_target_metadata_cache_entries{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}) > 0
+ or
+ sum without(rule_group) (prometheus_rule_group_rules{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}) > 0
+ )
+ )
+ for: 10m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.PrometheusDuplicateTimestamps | default false) }}
+ - alert: PrometheusDuplicateTimestamps
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} is dropping {{`{{`}} printf "%.4g" $value {{`}}`}} samples/s with different values but duplicated timestamp.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheusduplicatetimestamps
+ summary: Prometheus is dropping samples with duplicate timestamps.
+ expr: rate(prometheus_target_scrapes_sample_duplicate_timestamp_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0
+ for: 10m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.PrometheusOutOfOrderTimestamps | default false) }}
+ - alert: PrometheusOutOfOrderTimestamps
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} is dropping {{`{{`}} printf "%.4g" $value {{`}}`}} samples/s with timestamps arriving out of order.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheusoutofordertimestamps
+ summary: Prometheus drops samples with out-of-order timestamps.
+ expr: rate(prometheus_target_scrapes_sample_out_of_order_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0
+ for: 10m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.PrometheusRemoteStorageFailures | default false) }}
+ - alert: PrometheusRemoteStorageFailures
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} failed to send {{`{{`}} printf "%.1f" $value {{`}}`}}% of the samples to {{`{{`}} $labels.remote_name{{`}}`}}:{{`{{`}} $labels.url {{`}}`}}
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheusremotestoragefailures
+ summary: Prometheus fails to send samples to remote storage.
+ expr: |-
+ (
+ (rate(prometheus_remote_storage_failed_samples_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) or rate(prometheus_remote_storage_samples_failed_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]))
+ /
+ (
+ (rate(prometheus_remote_storage_failed_samples_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) or rate(prometheus_remote_storage_samples_failed_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]))
+ +
+ (rate(prometheus_remote_storage_succeeded_samples_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) or rate(prometheus_remote_storage_samples_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]))
+ )
+ )
+ * 100
+ > 1
+ for: 15m
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.PrometheusRemoteWriteBehind | default false) }}
+ - alert: PrometheusRemoteWriteBehind
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} remote write is {{`{{`}} printf "%.1f" $value {{`}}`}}s behind for {{`{{`}} $labels.remote_name{{`}}`}}:{{`{{`}} $labels.url {{`}}`}}.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheusremotewritebehind
+ summary: Prometheus remote write is behind.
+ expr: |-
+ # Without max_over_time, failed scrapes could create false negatives, see
+ # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details.
+ (
+ max_over_time(prometheus_remote_storage_highest_timestamp_in_seconds{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m])
+ - ignoring(remote_name, url) group_right
+ max_over_time(prometheus_remote_storage_queue_highest_sent_timestamp_seconds{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m])
+ )
+ > 120
+ for: 15m
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.PrometheusRemoteWriteDesiredShards | default false) }}
+ - alert: PrometheusRemoteWriteDesiredShards
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} remote write desired shards calculation wants to run {{`{{`}} $value {{`}}`}} shards for queue {{`{{`}} $labels.remote_name{{`}}`}}:{{`{{`}} $labels.url {{`}}`}}, which is more than the max of {{`{{`}} printf `prometheus_remote_storage_shards_max{instance="%s",job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}` $labels.instance | query | first | value {{`}}`}}.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheusremotewritedesiredshards
+ summary: Prometheus remote write desired shards calculation wants to run more than configured max shards.
+ expr: |-
+ # Without max_over_time, failed scrapes could create false negatives, see
+ # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details.
+ (
+ max_over_time(prometheus_remote_storage_shards_desired{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m])
+ >
+ max_over_time(prometheus_remote_storage_shards_max{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m])
+ )
+ for: 15m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.PrometheusRuleFailures | default false) }}
+ - alert: PrometheusRuleFailures
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has failed to evaluate {{`{{`}} printf "%.0f" $value {{`}}`}} rules in the last 5m.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheusrulefailures
+ summary: Prometheus is failing rule evaluations.
+ expr: increase(prometheus_rule_evaluation_failures_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0
+ for: 15m
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.PrometheusMissingRuleEvaluations | default false) }}
+ - alert: PrometheusMissingRuleEvaluations
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has missed {{`{{`}} printf "%.0f" $value {{`}}`}} rule group evaluations in the last 5m.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheusmissingruleevaluations
+ summary: Prometheus is missing rule evaluations due to slow rule group evaluation.
+ expr: increase(prometheus_rule_group_iterations_missed_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0
+ for: 15m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.PrometheusTargetLimitHit | default false) }}
+ - alert: PrometheusTargetLimitHit
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has dropped {{`{{`}} printf "%.0f" $value {{`}}`}} targets because the number of targets exceeded the configured target_limit.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheustargetlimithit
+ summary: Prometheus has dropped targets because some scrape configs have exceeded the targets limit.
+ expr: increase(prometheus_target_scrape_pool_exceeded_target_limit_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0
+ for: 15m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.PrometheusLabelLimitHit | default false) }}
+ - alert: PrometheusLabelLimitHit
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has dropped {{`{{`}} printf "%.0f" $value {{`}}`}} targets because some samples exceeded the configured label_limit, label_name_length_limit or label_value_length_limit.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheuslabellimithit
+ summary: Prometheus has dropped targets because some scrape configs have exceeded the labels limit.
+ expr: increase(prometheus_target_scrape_pool_exceeded_label_limits_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0
+ for: 15m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.PrometheusScrapeBodySizeLimitHit | default false) }}
+ - alert: PrometheusScrapeBodySizeLimitHit
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has failed {{`{{`}} printf "%.0f" $value {{`}}`}} scrapes in the last 5m because some targets exceeded the configured body_size_limit.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheusscrapebodysizelimithit
+ summary: Prometheus has dropped some targets that exceeded body size limit.
+ expr: increase(prometheus_target_scrapes_exceeded_body_size_limit_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0
+ for: 15m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.PrometheusScrapeSampleLimitHit | default false) }}
+ - alert: PrometheusScrapeSampleLimitHit
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has failed {{`{{`}} printf "%.0f" $value {{`}}`}} scrapes in the last 5m because some targets exceeded the configured sample_limit.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheusscrapesamplelimithit
+ summary: Prometheus has failed scrapes that have exceeded the configured sample limit.
+ expr: increase(prometheus_target_scrapes_exceeded_sample_limit_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0
+ for: 15m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.PrometheusTargetSyncFailure | default false) }}
+ - alert: PrometheusTargetSyncFailure
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: '{{`{{`}} printf "%.0f" $value {{`}}`}} targets in Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} have failed to sync because invalid configuration was supplied.'
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheustargetsyncfailure
+ summary: Prometheus has failed to sync targets.
+ expr: increase(prometheus_target_sync_failed_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[30m]) > 0
+ for: 5m
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.PrometheusHighQueryLoad | default false) }}
+ - alert: PrometheusHighQueryLoad
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} query API has less than 20% available capacity in its query engine for the last 15 minutes.
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheushighqueryload
+ summary: Prometheus is reaching its maximum capacity serving concurrent requests.
+ expr: avg_over_time(prometheus_engine_queries{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) / max_over_time(prometheus_engine_queries_concurrent_max{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0.8
+ for: 15m
+ labels:
+ severity: warning
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- if not (.Values.defaultRules.disabled.PrometheusErrorSendingAlertsToAnyAlertmanager | default false) }}
+ - alert: PrometheusErrorSendingAlertsToAnyAlertmanager
+ annotations:
+{{- if .Values.defaultRules.additionalRuleAnnotations }}
+{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }}
+{{- end }}
+ description: '{{`{{`}} printf "%.1f" $value {{`}}`}}% minimum errors while sending alerts from Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} to any Alertmanager.'
+ runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheuserrorsendingalertstoanyalertmanager
+ summary: Prometheus encounters more than 3% errors sending alerts to any Alertmanager.
+ expr: |-
+ min without (alertmanager) (
+ rate(prometheus_notifications_errors_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}",alertmanager!~``}[5m])
+ /
+ rate(prometheus_notifications_sent_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}",alertmanager!~``}[5m])
+ )
+ * 100
+ > 3
+ for: 15m
+ labels:
+ severity: critical
+{{- if .Values.defaultRules.additionalRuleLabels }}
+{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/kube-prometheus-stack/templates/prometheus/service.yaml b/charts/kube-prometheus-stack/templates/prometheus/service.yaml
new file mode 100644
index 0000000..1e1f9c7
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/service.yaml
@@ -0,0 +1,64 @@
+{{- if .Values.prometheus.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-prometheus
+ self-monitor: {{ .Values.prometheus.serviceMonitor.selfMonitor | quote }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.prometheus.service.labels }}
+{{ toYaml .Values.prometheus.service.labels | indent 4 }}
+{{- end }}
+{{- if .Values.prometheus.service.annotations }}
+ annotations:
+{{ toYaml .Values.prometheus.service.annotations | indent 4 }}
+{{- end }}
+spec:
+{{- if .Values.prometheus.service.clusterIP }}
+ clusterIP: {{ .Values.prometheus.service.clusterIP }}
+{{- end }}
+{{- if .Values.prometheus.service.externalIPs }}
+ externalIPs:
+{{ toYaml .Values.prometheus.service.externalIPs | indent 4 }}
+{{- end }}
+{{- if .Values.prometheus.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.prometheus.service.loadBalancerIP }}
+{{- end }}
+{{- if .Values.prometheus.service.loadBalancerSourceRanges }}
+ loadBalancerSourceRanges:
+ {{- range $cidr := .Values.prometheus.service.loadBalancerSourceRanges }}
+ - {{ $cidr }}
+ {{- end }}
+{{- end }}
+{{- if ne .Values.prometheus.service.type "ClusterIP" }}
+ externalTrafficPolicy: {{ .Values.prometheus.service.externalTrafficPolicy }}
+{{- end }}
+ ports:
+ - name: {{ .Values.prometheus.prometheusSpec.portName }}
+ {{- if eq .Values.prometheus.service.type "NodePort" }}
+ nodePort: {{ .Values.prometheus.service.nodePort }}
+ {{- end }}
+ port: {{ .Values.prometheus.service.port }}
+ targetPort: {{ .Values.prometheus.service.targetPort }}
+ {{- if .Values.prometheus.thanosIngress.enabled }}
+ - name: grpc
+ {{- if eq .Values.prometheus.service.type "NodePort" }}
+ nodePort: {{ .Values.prometheus.thanosIngress.nodePort }}
+ {{- end }}
+ port: {{ .Values.prometheus.thanosIngress.servicePort }}
+ targetPort: {{ .Values.prometheus.thanosIngress.servicePort }}
+ {{- end }}
+{{- if .Values.prometheus.service.additionalPorts }}
+{{ toYaml .Values.prometheus.service.additionalPorts | indent 2 }}
+{{- end }}
+ publishNotReadyAddresses: {{ .Values.prometheus.service.publishNotReadyAddresses }}
+ selector:
+ app.kubernetes.io/name: prometheus
+ prometheus: {{ template "kube-prometheus-stack.prometheus.crname" . }}
+{{- if .Values.prometheus.service.sessionAffinity }}
+ sessionAffinity: {{ .Values.prometheus.service.sessionAffinity }}
+{{- end }}
+ type: "{{ .Values.prometheus.service.type }}"
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus/serviceThanosSidecar.yaml b/charts/kube-prometheus-stack/templates/prometheus/serviceThanosSidecar.yaml
new file mode 100644
index 0000000..2b80e77
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/serviceThanosSidecar.yaml
@@ -0,0 +1,39 @@
+{{- if and .Values.prometheus.enabled .Values.prometheus.thanosService.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-thanos-discovery
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-thanos-discovery
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.prometheus.thanosService.labels }}
+{{ toYaml .Values.prometheus.thanosService.labels | indent 4 }}
+{{- end }}
+{{- if .Values.prometheus.thanosService.annotations }}
+ annotations:
+{{ toYaml .Values.prometheus.thanosService.annotations | indent 4 }}
+{{- end }}
+spec:
+ type: {{ .Values.prometheus.thanosService.type }}
+ clusterIP: {{ .Values.prometheus.thanosService.clusterIP }}
+{{- if ne .Values.prometheus.thanosService.type "ClusterIP" }}
+ externalTrafficPolicy: {{ .Values.prometheus.thanosService.externalTrafficPolicy }}
+{{- end }}
+ ports:
+ - name: {{ .Values.prometheus.thanosService.portName }}
+ port: {{ .Values.prometheus.thanosService.port }}
+ targetPort: {{ .Values.prometheus.thanosService.targetPort }}
+ {{- if eq .Values.prometheus.thanosService.type "NodePort" }}
+ nodePort: {{ .Values.prometheus.thanosService.nodePort }}
+ {{- end }}
+ - name: {{ .Values.prometheus.thanosService.httpPortName }}
+ port: {{ .Values.prometheus.thanosService.httpPort }}
+ targetPort: {{ .Values.prometheus.thanosService.targetHttpPort }}
+ {{- if eq .Values.prometheus.thanosService.type "NodePort" }}
+ nodePort: {{ .Values.prometheus.thanosService.httpNodePort }}
+ {{- end }}
+ selector:
+ app.kubernetes.io/name: prometheus
+ prometheus: {{ template "kube-prometheus-stack.prometheus.crname" . }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus/serviceThanosSidecarExternal.yaml b/charts/kube-prometheus-stack/templates/prometheus/serviceThanosSidecarExternal.yaml
new file mode 100644
index 0000000..fa45934
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/serviceThanosSidecarExternal.yaml
@@ -0,0 +1,46 @@
+{{- if and .Values.prometheus.enabled .Values.prometheus.thanosServiceExternal.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-thanos-external
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.prometheus.thanosServiceExternal.labels }}
+{{ toYaml .Values.prometheus.thanosServiceExternal.labels | indent 4 }}
+{{- end }}
+{{- if .Values.prometheus.thanosServiceExternal.annotations }}
+ annotations:
+{{ toYaml .Values.prometheus.thanosServiceExternal.annotations | indent 4 }}
+{{- end }}
+spec:
+ type: {{ .Values.prometheus.thanosServiceExternal.type }}
+{{- if .Values.prometheus.thanosServiceExternal.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.prometheus.thanosServiceExternal.loadBalancerIP }}
+{{- end }}
+{{- if .Values.prometheus.thanosServiceExternal.loadBalancerSourceRanges }}
+ loadBalancerSourceRanges:
+ {{- range $cidr := .Values.prometheus.thanosServiceExternal.loadBalancerSourceRanges }}
+ - {{ $cidr }}
+ {{- end }}
+{{- end }}
+{{- if ne .Values.prometheus.thanosServiceExternal.type "ClusterIP" }}
+ externalTrafficPolicy: {{ .Values.prometheus.thanosServiceExternal.externalTrafficPolicy }}
+{{- end }}
+ ports:
+ - name: {{ .Values.prometheus.thanosServiceExternal.portName }}
+ port: {{ .Values.prometheus.thanosServiceExternal.port }}
+ targetPort: {{ .Values.prometheus.thanosServiceExternal.targetPort }}
+ {{- if eq .Values.prometheus.thanosServiceExternal.type "NodePort" }}
+ nodePort: {{ .Values.prometheus.thanosServiceExternal.nodePort }}
+ {{- end }}
+ - name: {{ .Values.prometheus.thanosServiceExternal.httpPortName }}
+ port: {{ .Values.prometheus.thanosServiceExternal.httpPort }}
+ targetPort: {{ .Values.prometheus.thanosServiceExternal.targetHttpPort }}
+ {{- if eq .Values.prometheus.thanosServiceExternal.type "NodePort" }}
+ nodePort: {{ .Values.prometheus.thanosServiceExternal.httpNodePort }}
+ {{- end }}
+ selector:
+ app.kubernetes.io/name: prometheus
+ prometheus: {{ template "kube-prometheus-stack.prometheus.crname" . }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus/serviceaccount.yaml b/charts/kube-prometheus-stack/templates/prometheus/serviceaccount.yaml
new file mode 100644
index 0000000..dde1632
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/serviceaccount.yaml
@@ -0,0 +1,20 @@
+{{- if and .Values.prometheus.enabled .Values.prometheus.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ template "kube-prometheus-stack.prometheus.serviceAccountName" . }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-prometheus
+ app.kubernetes.io/name: {{ template "kube-prometheus-stack.name" . }}-prometheus
+ app.kubernetes.io/component: prometheus
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.prometheus.serviceAccount.annotations }}
+ annotations:
+{{ toYaml .Values.prometheus.serviceAccount.annotations | indent 4 }}
+{{- end }}
+{{- if .Values.global.imagePullSecrets }}
+imagePullSecrets:
+{{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 2 }}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/prometheus/servicemonitor.yaml
new file mode 100644
index 0000000..356c013
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/servicemonitor.yaml
@@ -0,0 +1,42 @@
+{{- if and .Values.prometheus.enabled .Values.prometheus.serviceMonitor.selfMonitor }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-prometheus
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ template "kube-prometheus-stack.name" . }}-prometheus
+ release: {{ $.Release.Name | quote }}
+ self-monitor: "true"
+ namespaceSelector:
+ matchNames:
+ - {{ printf "%s" (include "kube-prometheus-stack.namespace" .) | quote }}
+ endpoints:
+ - port: {{ .Values.prometheus.prometheusSpec.portName }}
+ {{- if .Values.prometheus.serviceMonitor.interval }}
+ interval: {{ .Values.prometheus.serviceMonitor.interval }}
+ {{- end }}
+ {{- if .Values.prometheus.serviceMonitor.scheme }}
+ scheme: {{ .Values.prometheus.serviceMonitor.scheme }}
+ {{- end }}
+ {{- if .Values.prometheus.serviceMonitor.tlsConfig }}
+ tlsConfig: {{ toYaml .Values.prometheus.serviceMonitor.tlsConfig | nindent 6 }}
+ {{- end }}
+ {{- if .Values.prometheus.serviceMonitor.bearerTokenFile }}
+ bearerTokenFile: {{ .Values.prometheus.serviceMonitor.bearerTokenFile }}
+ {{- end }}
+ path: "{{ trimSuffix "/" .Values.prometheus.prometheusSpec.routePrefix }}/metrics"
+{{- if .Values.prometheus.serviceMonitor.metricRelabelings }}
+ metricRelabelings:
+{{ tpl (toYaml .Values.prometheus.serviceMonitor.metricRelabelings | indent 6) . }}
+{{- end }}
+{{- if .Values.prometheus.serviceMonitor.relabelings }}
+ relabelings:
+{{ toYaml .Values.prometheus.serviceMonitor.relabelings | indent 6 }}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus/servicemonitorThanosSidecar.yaml b/charts/kube-prometheus-stack/templates/prometheus/servicemonitorThanosSidecar.yaml
new file mode 100644
index 0000000..f2644d9
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/servicemonitorThanosSidecar.yaml
@@ -0,0 +1,41 @@
+{{- if and .Values.prometheus.thanosService.enabled .Values.prometheus.thanosServiceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-thanos-sidecar
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-thanos-sidecar
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ template "kube-prometheus-stack.name" . }}-thanos-discovery
+ release: {{ $.Release.Name | quote }}
+ namespaceSelector:
+ matchNames:
+ - {{ printf "%s" (include "kube-prometheus-stack.namespace" .) | quote }}
+ endpoints:
+ - port: {{ .Values.prometheus.thanosService.httpPortName }}
+ {{- if .Values.prometheus.thanosServiceMonitor.interval }}
+ interval: {{ .Values.prometheus.thanosServiceMonitor.interval }}
+ {{- end }}
+ {{- if .Values.prometheus.thanosServiceMonitor.scheme }}
+ scheme: {{ .Values.prometheus.thanosServiceMonitor.scheme }}
+ {{- end }}
+ {{- if .Values.prometheus.thanosServiceMonitor.tlsConfig }}
+ tlsConfig: {{ toYaml .Values.prometheus.thanosServiceMonitor.tlsConfig | nindent 6 }}
+ {{- end }}
+ {{- if .Values.prometheus.thanosServiceMonitor.bearerTokenFile }}
+ bearerTokenFile: {{ .Values.prometheus.thanosServiceMonitor.bearerTokenFile }}
+ {{- end }}
+ path: "/metrics"
+{{- if .Values.prometheus.thanosServiceMonitor.metricRelabelings }}
+ metricRelabelings:
+{{ tpl (toYaml .Values.prometheus.thanosServiceMonitor.metricRelabelings | indent 6) . }}
+{{- end }}
+{{- if .Values.prometheus.thanosServiceMonitor.relabelings }}
+ relabelings:
+{{ toYaml .Values.prometheus.thanosServiceMonitor.relabelings | indent 6 }}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus/servicemonitors.yaml b/charts/kube-prometheus-stack/templates/prometheus/servicemonitors.yaml
new file mode 100644
index 0000000..a78d1cd
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/servicemonitors.yaml
@@ -0,0 +1,38 @@
+{{- if and .Values.prometheus.enabled .Values.prometheus.additionalServiceMonitors }}
+apiVersion: v1
+kind: List
+items:
+{{- range .Values.prometheus.additionalServiceMonitors }}
+ - apiVersion: monitoring.coreos.com/v1
+ kind: ServiceMonitor
+ metadata:
+ name: {{ .name }}
+ namespace: {{ template "kube-prometheus-stack.namespace" $ }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" $ }}-prometheus
+{{ include "kube-prometheus-stack.labels" $ | indent 8 }}
+ {{- if .additionalLabels }}
+{{ toYaml .additionalLabels | indent 8 }}
+ {{- end }}
+ spec:
+ endpoints:
+{{ toYaml .endpoints | indent 8 }}
+ {{- if .jobLabel }}
+ jobLabel: {{ .jobLabel }}
+ {{- end }}
+ {{- if .namespaceSelector }}
+ namespaceSelector:
+{{ toYaml .namespaceSelector | indent 8 }}
+ {{- end }}
+ selector:
+{{ toYaml .selector | indent 8 }}
+ {{- if .targetLabels }}
+ targetLabels:
+{{ toYaml .targetLabels | indent 8 }}
+ {{- end }}
+ {{- if .podTargetLabels }}
+ podTargetLabels:
+{{ toYaml .podTargetLabels | indent 8 }}
+ {{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus/serviceperreplica.yaml b/charts/kube-prometheus-stack/templates/prometheus/serviceperreplica.yaml
new file mode 100644
index 0000000..8d2fdc3
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/prometheus/serviceperreplica.yaml
@@ -0,0 +1,49 @@
+{{- if and .Values.prometheus.enabled .Values.prometheus.servicePerReplica.enabled }}
+{{- $count := .Values.prometheus.prometheusSpec.replicas | int -}}
+{{- $serviceValues := .Values.prometheus.servicePerReplica -}}
+apiVersion: v1
+kind: List
+metadata:
+ name: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-serviceperreplica
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+items:
+{{- range $i, $e := until $count }}
+ - apiVersion: v1
+ kind: Service
+ metadata:
+ name: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-{{ $i }}
+ namespace: {{ template "kube-prometheus-stack.namespace" $ }}
+ labels:
+ app: {{ include "kube-prometheus-stack.name" $ }}-prometheus
+{{ include "kube-prometheus-stack.labels" $ | indent 8 }}
+ {{- if $serviceValues.annotations }}
+ annotations:
+{{ toYaml $serviceValues.annotations | indent 8 }}
+ {{- end }}
+ spec:
+ {{- if $serviceValues.clusterIP }}
+ clusterIP: {{ $serviceValues.clusterIP }}
+ {{- end }}
+ {{- if $serviceValues.loadBalancerSourceRanges }}
+ loadBalancerSourceRanges:
+ {{- range $cidr := $serviceValues.loadBalancerSourceRanges }}
+ - {{ $cidr }}
+ {{- end }}
+ {{- end }}
+ {{- if ne $serviceValues.type "ClusterIP" }}
+ externalTrafficPolicy: {{ $serviceValues.externalTrafficPolicy }}
+ {{- end }}
+ ports:
+ - name: {{ $.Values.prometheus.prometheusSpec.portName }}
+ {{- if eq $serviceValues.type "NodePort" }}
+ nodePort: {{ $serviceValues.nodePort }}
+ {{- end }}
+ port: {{ $serviceValues.port }}
+ targetPort: {{ $serviceValues.targetPort }}
+ selector:
+ app.kubernetes.io/name: prometheus
+ prometheus: {{ include "kube-prometheus-stack.prometheus.crname" $ }}
+ statefulset.kubernetes.io/pod-name: prometheus-{{ include "kube-prometheus-stack.prometheus.crname" $ }}-{{ $i }}
+ type: "{{ $serviceValues.type }}"
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/thanos-ruler/extrasecret.yaml b/charts/kube-prometheus-stack/templates/thanos-ruler/extrasecret.yaml
new file mode 100644
index 0000000..fe2ea5b
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/thanos-ruler/extrasecret.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.thanosRuler.extraSecret.data -}}
+{{- $secretName := printf "thanos-ruler-%s-extra" (include "kube-prometheus-stack.fullname" . ) -}}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ default $secretName .Values.thanosRuler.extraSecret.name }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+{{- if .Values.thanosRuler.extraSecret.annotations }}
+ annotations:
+{{ toYaml .Values.thanosRuler.extraSecret.annotations | indent 4 }}
+{{- end }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-thanos-ruler
+ app.kubernetes.io/component: thanos-ruler
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+data:
+{{- range $key, $val := .Values.thanosRuler.extraSecret.data }}
+ {{ $key }}: {{ $val | b64enc | quote }}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/thanos-ruler/ingress.yaml b/charts/kube-prometheus-stack/templates/thanos-ruler/ingress.yaml
new file mode 100644
index 0000000..2760805
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/thanos-ruler/ingress.yaml
@@ -0,0 +1,77 @@
+{{- if and .Values.thanosRuler.enabled .Values.thanosRuler.ingress.enabled }}
+{{- $pathType := .Values.thanosRuler.ingress.pathType | default "ImplementationSpecific" }}
+{{- $serviceName := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "thanos-ruler" }}
+{{- $servicePort := .Values.thanosRuler.service.port -}}
+{{- $routePrefix := list .Values.thanosRuler.thanosRulerSpec.routePrefix }}
+{{- $paths := .Values.thanosRuler.ingress.paths | default $routePrefix -}}
+{{- $apiIsStable := eq (include "kube-prometheus-stack.ingress.isStable" .) "true" -}}
+{{- $ingressSupportsPathType := eq (include "kube-prometheus-stack.ingress.supportsPathType" .) "true" -}}
+apiVersion: {{ include "kube-prometheus-stack.ingress.apiVersion" . }}
+kind: Ingress
+metadata:
+ name: {{ $serviceName }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+{{- if .Values.thanosRuler.ingress.annotations }}
+ annotations:
+{{ toYaml .Values.thanosRuler.ingress.annotations | indent 4 }}
+{{- end }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-thanos-ruler
+{{- if .Values.thanosRuler.ingress.labels }}
+{{ toYaml .Values.thanosRuler.ingress.labels | indent 4 }}
+{{- end }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+spec:
+ {{- if $apiIsStable }}
+ {{- if .Values.thanosRuler.ingress.ingressClassName }}
+ ingressClassName: {{ .Values.thanosRuler.ingress.ingressClassName }}
+ {{- end }}
+ {{- end }}
+ rules:
+ {{- if .Values.thanosRuler.ingress.hosts }}
+ {{- range $host := .Values.thanosRuler.ingress.hosts }}
+ - host: {{ tpl $host $ }}
+ http:
+ paths:
+ {{- range $p := $paths }}
+ - path: {{ tpl $p $ }}
+ {{- if and $pathType $ingressSupportsPathType }}
+ pathType: {{ $pathType }}
+ {{- end }}
+ backend:
+ {{- if $apiIsStable }}
+ service:
+ name: {{ $serviceName }}
+ port:
+ number: {{ $servicePort }}
+ {{- else }}
+ serviceName: {{ $serviceName }}
+ servicePort: {{ $servicePort }}
+ {{- end }}
+ {{- end -}}
+ {{- end -}}
+ {{- else }}
+ - http:
+ paths:
+ {{- range $p := $paths }}
+ - path: {{ tpl $p $ }}
+ {{- if and $pathType $ingressSupportsPathType }}
+ pathType: {{ $pathType }}
+ {{- end }}
+ backend:
+ {{- if $apiIsStable }}
+ service:
+ name: {{ $serviceName }}
+ port:
+ number: {{ $servicePort }}
+ {{- else }}
+ serviceName: {{ $serviceName }}
+ servicePort: {{ $servicePort }}
+ {{- end }}
+ {{- end -}}
+ {{- end -}}
+ {{- if .Values.thanosRuler.ingress.tls }}
+ tls:
+{{ tpl (toYaml .Values.thanosRuler.ingress.tls | indent 4) . }}
+ {{- end -}}
+{{- end -}}
diff --git a/charts/kube-prometheus-stack/templates/thanos-ruler/podDisruptionBudget.yaml b/charts/kube-prometheus-stack/templates/thanos-ruler/podDisruptionBudget.yaml
new file mode 100644
index 0000000..d3d378d
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/thanos-ruler/podDisruptionBudget.yaml
@@ -0,0 +1,21 @@
+{{- if and .Values.thanosRuler.enabled .Values.thanosRuler.podDisruptionBudget.enabled }}
+apiVersion: {{ include "kube-prometheus-stack.pdb.apiVersion" . }}
+kind: PodDisruptionBudget
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-thanos-ruler
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-thanos-ruler
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+spec:
+ {{- if .Values.thanosRuler.podDisruptionBudget.minAvailable }}
+ minAvailable: {{ .Values.thanosRuler.podDisruptionBudget.minAvailable }}
+ {{- end }}
+ {{- if .Values.thanosRuler.podDisruptionBudget.maxUnavailable }}
+ maxUnavailable: {{ .Values.thanosRuler.podDisruptionBudget.maxUnavailable }}
+ {{- end }}
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: thanos-ruler
+ thanos-ruler: {{ template "kube-prometheus-stack.fullname" . }}-thanos-ruler
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/thanos-ruler/ruler.yaml b/charts/kube-prometheus-stack/templates/thanos-ruler/ruler.yaml
new file mode 100644
index 0000000..73d5a7d
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/thanos-ruler/ruler.yaml
@@ -0,0 +1,172 @@
+{{- if .Values.thanosRuler.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ThanosRuler
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-thanos-ruler
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-thanos-ruler
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.thanosRuler.annotations }}
+ annotations:
+{{ toYaml .Values.thanosRuler.annotations | indent 4 }}
+{{- end }}
+spec:
+{{- if .Values.thanosRuler.thanosRulerSpec.image }}
+ {{- if and .Values.thanosRuler.thanosRulerSpec.image.tag .Values.thanosRuler.thanosRulerSpec.image.sha }}
+ image: "{{ .Values.thanosRuler.thanosRulerSpec.image.repository }}:{{ .Values.thanosRuler.thanosRulerSpec.image.tag }}@sha256:{{ .Values.thanosRuler.thanosRulerSpec.image.sha }}"
+ {{- else if .Values.thanosRuler.thanosRulerSpec.image.sha }}
+ image: "{{ .Values.thanosRuler.thanosRulerSpec.image.repository }}@sha256:{{ .Values.thanosRuler.thanosRulerSpec.image.sha }}"
+ {{- else if .Values.thanosRuler.thanosRulerSpec.image.tag }}
+ image: "{{ .Values.thanosRuler.thanosRulerSpec.image.repository }}:{{ .Values.thanosRuler.thanosRulerSpec.image.tag }}"
+ {{- else }}
+ image: "{{ .Values.thanosRuler.thanosRulerSpec.image.repository }}"
+ {{- end }}
+ {{- if .Values.thanosRuler.thanosRulerSpec.image.sha }}
+ sha: {{ .Values.thanosRuler.thanosRulerSpec.image.sha }}
+ {{- end }}
+{{- end }}
+ replicas: {{ .Values.thanosRuler.thanosRulerSpec.replicas }}
+ listenLocal: {{ .Values.thanosRuler.thanosRulerSpec.listenLocal }}
+ serviceAccountName: {{ template "kube-prometheus-stack.thanosRuler.serviceAccountName" . }}
+{{- if .Values.thanosRuler.thanosRulerSpec.externalPrefix }}
+ externalPrefix: "{{ tpl .Values.thanosRuler.thanosRulerSpec.externalPrefix . }}"
+{{- else if and .Values.thanosRuler.ingress.enabled .Values.thanosRuler.ingress.hosts }}
+ externalPrefix: "http://{{ tpl (index .Values.thanosRuler.ingress.hosts 0) . }}{{ .Values.thanosRuler.thanosRulerSpec.routePrefix }}"
+{{- else }}
+ externalPrefix: http://{{ template "kube-prometheus-stack.fullname" . }}-thanosRuler.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.thanosRuler.service.port }}
+{{- end }}
+{{- if .Values.thanosRuler.thanosRulerSpec.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.thanosRuler.thanosRulerSpec.nodeSelector | indent 4 }}
+{{- end }}
+ paused: {{ .Values.thanosRuler.thanosRulerSpec.paused }}
+ logFormat: {{ .Values.thanosRuler.thanosRulerSpec.logFormat | quote }}
+ logLevel: {{ .Values.thanosRuler.thanosRulerSpec.logLevel | quote }}
+ retention: {{ .Values.thanosRuler.thanosRulerSpec.retention | quote }}
+{{- if .Values.thanosRuler.thanosRulerSpec.evaluationInterval }}
+ evaluationInterval: {{ .Values.thanosRuler.thanosRulerSpec.evaluationInterval }}
+{{- end }}
+{{- if .Values.thanosRuler.thanosRulerSpec.ruleNamespaceSelector }}
+ ruleNamespaceSelector:
+{{ toYaml .Values.thanosRuler.thanosRulerSpec.ruleNamespaceSelector | indent 4 }}
+{{ else }}
+ ruleNamespaceSelector: {}
+{{- end }}
+{{- if .Values.thanosRuler.thanosRulerSpec.ruleSelector }}
+ ruleSelector:
+{{ toYaml .Values.thanosRuler.thanosRulerSpec.ruleSelector | indent 4}}
+{{- else if .Values.thanosRuler.thanosRulerSpec.ruleSelectorNilUsesHelmValues }}
+ ruleSelector:
+ matchLabels:
+ release: {{ $.Release.Name | quote }}
+{{ else }}
+ ruleSelector: {}
+{{- end }}
+{{- if .Values.thanosRuler.thanosRulerSpec.alertQueryUrl }}
+ alertQueryUrl: "{{ .Values.thanosRuler.thanosRulerSpec.alertQueryUrl }}"
+{{- end}}
+{{- if .Values.thanosRuler.thanosRulerSpec.alertmanagersUrl }}
+ alertmanagersUrl:
+{{ toYaml .Values.thanosRuler.thanosRulerSpec.alertmanagersUrl | indent 4 }}
+{{- end }}
+{{- if .Values.thanosRuler.thanosRulerSpec.alertmanagersConfig }}
+ alertmanagersConfig:
+{{ toYaml .Values.thanosRuler.thanosRulerSpec.alertmanagersConfig | indent 4 }}
+{{- end }}
+{{- if .Values.thanosRuler.thanosRulerSpec.queryEndpoints }}
+ queryEndpoints:
+{{ toYaml .Values.thanosRuler.thanosRulerSpec.queryEndpoints | indent 4 }}
+{{- end }}
+{{- if .Values.thanosRuler.thanosRulerSpec.queryConfig }}
+ queryConfig:
+{{ toYaml .Values.thanosRuler.thanosRulerSpec.queryConfig | indent 4 }}
+{{- end }}
+{{- if .Values.thanosRuler.thanosRulerSpec.resources }}
+ resources:
+{{ toYaml .Values.thanosRuler.thanosRulerSpec.resources | indent 4 }}
+{{- end }}
+{{- if .Values.thanosRuler.thanosRulerSpec.routePrefix }}
+ routePrefix: "{{ .Values.thanosRuler.thanosRulerSpec.routePrefix }}"
+{{- end }}
+{{- if .Values.thanosRuler.thanosRulerSpec.securityContext }}
+ securityContext:
+{{ toYaml .Values.thanosRuler.thanosRulerSpec.securityContext | indent 4 }}
+{{- end }}
+{{- if .Values.thanosRuler.thanosRulerSpec.storage }}
+ storage:
+{{ toYaml .Values.thanosRuler.thanosRulerSpec.storage | indent 4 }}
+{{- end }}
+{{- if .Values.thanosRuler.thanosRulerSpec.objectStorageConfig }}
+ objectStorageConfig:
+{{ toYaml .Values.thanosRuler.thanosRulerSpec.objectStorageConfig | indent 4 }}
+{{- end }}
+{{- if .Values.thanosRuler.thanosRulerSpec.labels }}
+ labels:
+{{ toYaml .Values.thanosRuler.thanosRulerSpec.labels | indent 4 }}
+{{- end }}
+{{- if .Values.thanosRuler.thanosRulerSpec.objectStorageConfigFile }}
+ objectStorageConfigFile: {{ .Values.thanosRuler.thanosRulerSpec.objectStorageConfigFile }}
+{{- end }}
+{{- if .Values.thanosRuler.thanosRulerSpec.podMetadata }}
+ podMetadata:
+{{ toYaml .Values.thanosRuler.thanosRulerSpec.podMetadata | indent 4 }}
+{{- end }}
+{{- if or .Values.thanosRuler.thanosRulerSpec.podAntiAffinity .Values.thanosRuler.thanosRulerSpec.affinity }}
+ affinity:
+{{- end }}
+{{- if .Values.thanosRuler.thanosRulerSpec.affinity }}
+{{ toYaml .Values.thanosRuler.thanosRulerSpec.affinity | indent 4 }}
+{{- end }}
+{{- if eq .Values.thanosRuler.thanosRulerSpec.podAntiAffinity "hard" }}
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - topologyKey: {{ .Values.thanosRuler.thanosRulerSpec.podAntiAffinityTopologyKey }}
+ labelSelector:
+ matchExpressions:
+ - {key: app.kubernetes.io/name, operator: In, values: [thanos-ruler]}
+ - {key: thanos-ruler, operator: In, values: [{{ template "kube-prometheus-stack.fullname" . }}-thanos-ruler]}
+{{- else if eq .Values.thanosRuler.thanosRulerSpec.podAntiAffinity "soft" }}
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 100
+ podAffinityTerm:
+ topologyKey: {{ .Values.thanosRuler.thanosRulerSpec.podAntiAffinityTopologyKey }}
+ labelSelector:
+ matchExpressions:
+ - {key: app.kubernetes.io/name, operator: In, values: [thanos-ruler]}
+ - {key: thanos-ruler, operator: In, values: [{{ template "kube-prometheus-stack.fullname" . }}-thanos-ruler]}
+{{- end }}
+{{- if .Values.thanosRuler.thanosRulerSpec.tolerations }}
+ tolerations:
+{{ toYaml .Values.thanosRuler.thanosRulerSpec.tolerations | indent 4 }}
+{{- end }}
+{{- if .Values.thanosRuler.thanosRulerSpec.topologySpreadConstraints }}
+ topologySpreadConstraints:
+{{ toYaml .Values.thanosRuler.thanosRulerSpec.topologySpreadConstraints | indent 4 }}
+{{- end }}
+{{- if .Values.global.imagePullSecrets }}
+ imagePullSecrets:
+{{ toYaml .Values.global.imagePullSecrets | indent 4 }}
+{{- end }}
+{{- if .Values.thanosRuler.thanosRulerSpec.containers }}
+ containers:
+{{ toYaml .Values.thanosRuler.thanosRulerSpec.containers | indent 4 }}
+{{- end }}
+{{- if .Values.thanosRuler.thanosRulerSpec.initContainers }}
+ initContainers:
+{{ toYaml .Values.thanosRuler.thanosRulerSpec.initContainers | indent 4 }}
+{{- end }}
+{{- if .Values.thanosRuler.thanosRulerSpec.priorityClassName }}
+ priorityClassName: {{.Values.thanosRuler.thanosRulerSpec.priorityClassName }}
+{{- end }}
+{{- if .Values.thanosRuler.thanosRulerSpec.volumes }}
+ volumes:
+{{ toYaml .Values.thanosRuler.thanosRulerSpec.volumes | indent 4 }}
+{{- end }}
+{{- if .Values.thanosRuler.thanosRulerSpec.volumeMounts }}
+ volumeMounts:
+{{ toYaml .Values.thanosRuler.thanosRulerSpec.volumeMounts | indent 4 }}
+{{- end }}
+ portName: {{ .Values.thanosRuler.thanosRulerSpec.portName }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/thanos-ruler/service.yaml b/charts/kube-prometheus-stack/templates/thanos-ruler/service.yaml
new file mode 100644
index 0000000..093dbf7
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/thanos-ruler/service.yaml
@@ -0,0 +1,53 @@
+{{- if .Values.thanosRuler.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-thanos-ruler
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-thanos-ruler
+ self-monitor: {{ .Values.thanosRuler.serviceMonitor.selfMonitor | quote }}
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.thanosRuler.service.labels }}
+{{ toYaml .Values.thanosRuler.service.labels | indent 4 }}
+{{- end }}
+{{- if .Values.thanosRuler.service.annotations }}
+ annotations:
+{{ toYaml .Values.thanosRuler.service.annotations | indent 4 }}
+{{- end }}
+spec:
+{{- if .Values.thanosRuler.service.clusterIP }}
+ clusterIP: {{ .Values.thanosRuler.service.clusterIP }}
+{{- end }}
+{{- if .Values.thanosRuler.service.externalIPs }}
+ externalIPs:
+{{ toYaml .Values.thanosRuler.service.externalIPs | indent 4 }}
+{{- end }}
+{{- if .Values.thanosRuler.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.thanosRuler.service.loadBalancerIP }}
+{{- end }}
+{{- if .Values.thanosRuler.service.loadBalancerSourceRanges }}
+ loadBalancerSourceRanges:
+ {{- range $cidr := .Values.thanosRuler.service.loadBalancerSourceRanges }}
+ - {{ $cidr }}
+ {{- end }}
+{{- end }}
+{{- if ne .Values.thanosRuler.service.type "ClusterIP" }}
+ externalTrafficPolicy: {{ .Values.thanosRuler.service.externalTrafficPolicy }}
+{{- end }}
+ ports:
+ - name: {{ .Values.thanosRuler.thanosRulerSpec.portName }}
+ {{- if eq .Values.thanosRuler.service.type "NodePort" }}
+ nodePort: {{ .Values.thanosRuler.service.nodePort }}
+ {{- end }}
+ port: {{ .Values.thanosRuler.service.port }}
+ targetPort: {{ .Values.thanosRuler.service.targetPort }}
+ protocol: TCP
+{{- if .Values.thanosRuler.service.additionalPorts }}
+{{ toYaml .Values.thanosRuler.service.additionalPorts | indent 2 }}
+{{- end }}
+ selector:
+ app.kubernetes.io/name: thanos-ruler
+ thanos-ruler: {{ template "kube-prometheus-stack.fullname" . }}-thanos-ruler
+ type: "{{ .Values.thanosRuler.service.type }}"
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/thanos-ruler/serviceaccount.yaml b/charts/kube-prometheus-stack/templates/thanos-ruler/serviceaccount.yaml
new file mode 100644
index 0000000..0138c35
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/thanos-ruler/serviceaccount.yaml
@@ -0,0 +1,20 @@
+{{- if and .Values.thanosRuler.enabled .Values.thanosRuler.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ template "kube-prometheus-stack.thanosRuler.serviceAccountName" . }}
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-thanos-ruler
+ app.kubernetes.io/name: {{ template "kube-prometheus-stack.name" . }}-thanos-ruler
+ app.kubernetes.io/component: thanos-ruler
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.thanosRuler.serviceAccount.annotations }}
+ annotations:
+{{ toYaml .Values.thanosRuler.serviceAccount.annotations | indent 4 }}
+{{- end }}
+{{- if .Values.global.imagePullSecrets }}
+imagePullSecrets:
+{{ toYaml .Values.global.imagePullSecrets | indent 2 }}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/thanos-ruler/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/thanos-ruler/servicemonitor.yaml
new file mode 100644
index 0000000..4a05679
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/thanos-ruler/servicemonitor.yaml
@@ -0,0 +1,45 @@
+{{- if and .Values.thanosRuler.enabled .Values.thanosRuler.serviceMonitor.selfMonitor }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ template "kube-prometheus-stack.fullname" . }}-thanos-ruler
+ namespace: {{ template "kube-prometheus-stack.namespace" . }}
+ labels:
+ app: {{ template "kube-prometheus-stack.name" . }}-thanos-ruler
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ template "kube-prometheus-stack.name" . }}-thanos-ruler
+ release: {{ $.Release.Name | quote }}
+ self-monitor: {{ .Values.thanosRuler.serviceMonitor.selfMonitor | quote }}
+ namespaceSelector:
+ matchNames:
+ - {{ printf "%s" (include "kube-prometheus-stack.namespace" .) | quote }}
+ endpoints:
+ - port: {{ .Values.thanosRuler.thanosRulerSpec.portName }}
+ {{- if .Values.thanosRuler.serviceMonitor.interval }}
+ interval: {{ .Values.thanosRuler.serviceMonitor.interval }}
+ {{- end }}
+ {{- if .Values.thanosRuler.serviceMonitor.proxyUrl }}
+ proxyUrl: {{ .Values.thanosRuler.serviceMonitor.proxyUrl}}
+ {{- end }}
+ {{- if .Values.thanosRuler.serviceMonitor.scheme }}
+ scheme: {{ .Values.thanosRuler.serviceMonitor.scheme }}
+ {{- end }}
+ {{- if .Values.thanosRuler.serviceMonitor.bearerTokenFile }}
+ bearerTokenFile: {{ .Values.thanosRuler.serviceMonitor.bearerTokenFile }}
+ {{- end }}
+ {{- if .Values.thanosRuler.serviceMonitor.tlsConfig }}
+ tlsConfig: {{ toYaml .Values.thanosRuler.serviceMonitor.tlsConfig | nindent 6 }}
+ {{- end }}
+ path: "{{ trimSuffix "/" .Values.thanosRuler.thanosRulerSpec.routePrefix }}/metrics"
+{{- if .Values.thanosRuler.serviceMonitor.metricRelabelings }}
+ metricRelabelings:
+{{ tpl (toYaml .Values.thanosRuler.serviceMonitor.metricRelabelings | indent 6) . }}
+{{- end }}
+{{- if .Values.thanosRuler.serviceMonitor.relabelings }}
+ relabelings:
+{{ toYaml .Values.thanosRuler.serviceMonitor.relabelings | indent 6 }}
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/values.yaml b/charts/kube-prometheus-stack/values.yaml
new file mode 100644
index 0000000..47ceaf5
--- /dev/null
+++ b/charts/kube-prometheus-stack/values.yaml
@@ -0,0 +1,3429 @@
+# Default values for kube-prometheus-stack.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+## Provide a name in place of kube-prometheus-stack for `app:` labels
+##
+nameOverride: ""
+
+## Override the deployment namespace
+##
+namespaceOverride: ""
+
+## Provide a k8s version to auto dashboard import script example: kubeTargetVersionOverride: 1.16.6
+##
+kubeTargetVersionOverride: ""
+
+## Allow kubeVersion to be overridden while creating the ingress
+##
+kubeVersionOverride: ""
+
+## Provide a name to substitute for the full names of resources
+##
+fullnameOverride: ""
+
+## Labels to apply to all resources
+##
+commonLabels: {}
+# scmhash: abc123
+# myLabel: aakkmd
+
+## Create default rules for monitoring the cluster
+##
+defaultRules:
+ create: true
+ rules:
+ alertmanager: true
+ etcd: true
+ configReloaders: true
+ general: true
+ k8s: true
+ kubeApiserverAvailability: true
+ kubeApiserverBurnrate: true
+ kubeApiserverHistogram: true
+ kubeApiserverSlos: true
+ kubeControllerManager: true
+ kubelet: true
+ kubeProxy: true
+ kubePrometheusGeneral: true
+ kubePrometheusNodeRecording: true
+ kubernetesApps: true
+ kubernetesResources: true
+ kubernetesStorage: true
+ kubernetesSystem: true
+ kubeSchedulerAlerting: true
+ kubeSchedulerRecording: true
+ kubeStateMetrics: true
+ network: true
+ node: true
+ nodeExporterAlerting: true
+ nodeExporterRecording: true
+ prometheus: true
+ prometheusOperator: true
+
+ ## Reduce app namespace alert scope
+ appNamespacesTarget: ".*"
+
+ ## Labels for default rules
+ labels: {}
+ ## Annotations for default rules
+ annotations: {}
+
+ ## Additional labels for PrometheusRule alerts
+ additionalRuleLabels: {}
+
+ ## Additional annotations for PrometheusRule alerts
+ additionalRuleAnnotations: {}
+
+ ## Prefix for runbook URLs. Use this to override the first part of the runbookURLs that is common to all rules.
+ runbookUrl: "https://runbooks.prometheus-operator.dev/runbooks"
+
+ ## Disabled PrometheusRule alerts
+ disabled: {}
+ # KubeAPIDown: true
+ # NodeRAIDDegraded: true
+
+## Deprecated way to provide custom recording or alerting rules to be deployed into the cluster.
+##
+# additionalPrometheusRules: []
+# - name: my-rule-file
+# groups:
+# - name: my_group
+# rules:
+# - record: my_record
+# expr: 100 * my_record
+
+## Provide custom recording or alerting rules to be deployed into the cluster.
+##
+additionalPrometheusRulesMap: {}
+# rule-name:
+# groups:
+# - name: my_group
+# rules:
+# - record: my_record
+# expr: 100 * my_record
+
+##
+global:
+ rbac:
+ create: true
+
+ ## Create ClusterRoles that extend the existing view, edit and admin ClusterRoles to interact with prometheus-operator CRDs
+ ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
+ createAggregateClusterRoles: false
+ pspEnabled: false
+ pspAnnotations: {}
+ ## Specify pod annotations
+ ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
+ ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
+ ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
+ ##
+ # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
+ # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
+ # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
+
+ ## Reference to one or more secrets to be used when pulling images
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ##
+ imagePullSecrets: []
+ # - name: "image-pull-secret"
+ # or
+ # - "image-pull-secret"
+
+## Configuration for alertmanager
+## ref: https://prometheus.io/docs/alerting/alertmanager/
+##
+alertmanager:
+
+ ## Deploy alertmanager
+ ##
+ enabled: true
+
+ ## Annotations for Alertmanager
+ ##
+ annotations: {}
+
+ ## Api that prometheus will use to communicate with alertmanager. Possible values are v1, v2
+ ##
+ apiVersion: v2
+
+ ## Service account for Alertmanager to use.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+ ##
+ serviceAccount:
+ create: true
+ name: ""
+ annotations: {}
+
+ ## Configure pod disruption budgets for Alertmanager
+ ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
+ ## This configuration is immutable once created and will require the PDB to be deleted to be changed
+ ## https://github.com/kubernetes/kubernetes/issues/45398
+ ##
+ podDisruptionBudget:
+ enabled: false
+ minAvailable: 1
+ maxUnavailable: ""
+
+ ## Alertmanager configuration directives
+ ## ref: https://prometheus.io/docs/alerting/configuration/#configuration-file
+ ## https://prometheus.io/webtools/alerting/routing-tree-editor/
+ ##
+ config:
+ global:
+ resolve_timeout: 5m
+ inhibit_rules:
+ - source_matchers:
+ - 'severity = critical'
+ target_matchers:
+ - 'severity =~ warning|info'
+ equal:
+ - 'namespace'
+ - 'alertname'
+ - source_matchers:
+ - 'severity = warning'
+ target_matchers:
+ - 'severity = info'
+ equal:
+ - 'namespace'
+ - 'alertname'
+ - source_matchers:
+ - 'alertname = InfoInhibitor'
+ target_matchers:
+ - 'severity = info'
+ equal:
+ - 'namespace'
+ route:
+ group_by: ['namespace']
+ group_wait: 30s
+ group_interval: 5m
+ repeat_interval: 12h
+ receiver: 'null'
+ routes:
+ - receiver: 'null'
+ matchers:
+ - alertname =~ "InfoInhibitor|Watchdog"
+ receivers:
+ - name: 'null'
+ templates:
+ - '/etc/alertmanager/config/*.tmpl'
+
+ ## Pass the Alertmanager configuration directives through Helm's templating
+ ## engine. If the Alertmanager configuration contains Alertmanager templates,
+ ## they'll need to be properly escaped so that they are not interpreted by
+ ## Helm
+ ## ref: https://helm.sh/docs/developing_charts/#using-the-tpl-function
+ ## https://prometheus.io/docs/alerting/configuration/#tmpl_string
+ ## https://prometheus.io/docs/alerting/notifications/
+ ## https://prometheus.io/docs/alerting/notification_examples/
+ tplConfig: false
+
+ ## Alertmanager template files to format alerts
+ ## By default, templateFiles are placed in /etc/alertmanager/config/ and if
+ ## they have a .tmpl file suffix will be loaded. See config.templates above
+ ## to change, add other suffixes. If adding other suffixes, be sure to update
+ ## config.templates above to include those suffixes.
+ ## ref: https://prometheus.io/docs/alerting/notifications/
+ ## https://prometheus.io/docs/alerting/notification_examples/
+ ##
+ templateFiles: {}
+ #
+ ## An example template:
+ # template_1.tmpl: |-
+ # {{ define "cluster" }}{{ .ExternalURL | reReplaceAll ".*alertmanager\\.(.*)" "$1" }}{{ end }}
+ #
+ # {{ define "slack.myorg.text" }}
+ # {{- $root := . -}}
+ # {{ range .Alerts }}
+ # *Alert:* {{ .Annotations.summary }} - `{{ .Labels.severity }}`
+ # *Cluster:* {{ template "cluster" $root }}
+ # *Description:* {{ .Annotations.description }}
+ # *Graph:* <{{ .GeneratorURL }}|:chart_with_upwards_trend:>
+ # *Runbook:* <{{ .Annotations.runbook }}|:spiral_note_pad:>
+ # *Details:*
+ # {{ range .Labels.SortedPairs }} - *{{ .Name }}:* `{{ .Value }}`
+ # {{ end }}
+ # {{ end }}
+ # {{ end }}
+
+ ingress:
+ enabled: false
+
+ # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
+ # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
+ # ingressClassName: nginx
+
+ annotations: {}
+
+ labels: {}
+
+ ## Redirect ingress to an additional defined port on the service
+ # servicePort: 8081
+
+ ## Hosts must be provided if Ingress is enabled.
+ ##
+ hosts: []
+ # - alertmanager.domain.com
+
+ ## Paths to use for ingress rules - one path should match the alertmanagerSpec.routePrefix
+ ##
+ paths: []
+ # - /
+
+ ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched)
+ ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types
+ # pathType: ImplementationSpecific
+
+ ## TLS configuration for Alertmanager Ingress
+ ## Secret must be manually created in the namespace
+ ##
+ tls: []
+ # - secretName: alertmanager-general-tls
+ # hosts:
+ # - alertmanager.example.com
+
+ ## Configuration for Alertmanager secret
+ ##
+ secret:
+ annotations: {}
+
+ ## Configuration for creating an Ingress that will map to each Alertmanager replica service
+ ## alertmanager.servicePerReplica must be enabled
+ ##
+ ingressPerReplica:
+ enabled: false
+
+ # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
+ # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
+ # ingressClassName: nginx
+
+ annotations: {}
+ labels: {}
+
+ ## Final form of the hostname for each per replica ingress is
+ ## {{ ingressPerReplica.hostPrefix }}-{{ $replicaNumber }}.{{ ingressPerReplica.hostDomain }}
+ ##
+ ## Prefix for the per replica ingress that will have `-$replicaNumber`
+ ## appended to the end
+ hostPrefix: ""
+ ## Domain that will be used for the per replica ingress
+ hostDomain: ""
+
+ ## Paths to use for ingress rules
+ ##
+ paths: []
+ # - /
+
+ ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched)
+ ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types
+ # pathType: ImplementationSpecific
+
+ ## Secret name containing the TLS certificate for alertmanager per replica ingress
+ ## Secret must be manually created in the namespace
+ tlsSecretName: ""
+
+ ## Separated secret for each per replica Ingress. Can be used together with cert-manager
+ ##
+ tlsSecretPerReplica:
+ enabled: false
+ ## Final form of the secret for each per replica ingress is
+ ## {{ tlsSecretPerReplica.prefix }}-{{ $replicaNumber }}
+ ##
+ prefix: "alertmanager"
+
+ ## Configuration for Alertmanager service
+ ##
+ service:
+ annotations: {}
+ labels: {}
+ clusterIP: ""
+
+ ## Port for Alertmanager Service to listen on
+ ##
+ port: 9093
+ ## To be used with a proxy extraContainer port
+ ##
+ targetPort: 9093
+ ## Port to expose on each node
+ ## Only used if service.type is 'NodePort'
+ ##
+ nodePort: 30903
+ ## List of IP addresses at which the Prometheus server service is available
+ ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
+ ##
+
+ ## Additional ports to open for Alertmanager service
+ additionalPorts: []
+ # additionalPorts:
+ # - name: authenticated
+ # port: 8081
+ # targetPort: 8081
+
+ externalIPs: []
+ loadBalancerIP: ""
+ loadBalancerSourceRanges: []
+
+ ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
+ ##
+ externalTrafficPolicy: Cluster
+
+ ## Service type
+ ##
+ type: ClusterIP
+
+ ## Configuration for creating a separate Service for each statefulset Alertmanager replica
+ ##
+ servicePerReplica:
+ enabled: false
+ annotations: {}
+
+ ## Port for Alertmanager Service per replica to listen on
+ ##
+ port: 9093
+
+ ## To be used with a proxy extraContainer port
+ targetPort: 9093
+
+ ## Port to expose on each node
+ ## Only used if servicePerReplica.type is 'NodePort'
+ ##
+ nodePort: 30904
+
+ ## Loadbalancer source IP ranges
+ ## Only used if servicePerReplica.type is "LoadBalancer"
+ loadBalancerSourceRanges: []
+
+ ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
+ ##
+ externalTrafficPolicy: Cluster
+
+ ## Service type
+ ##
+ type: ClusterIP
+
+ ## If true, create a serviceMonitor for alertmanager
+ ##
+ serviceMonitor:
+ ## Scrape interval. If not set, the Prometheus default scrape interval is used.
+ ##
+ interval: ""
+ selfMonitor: true
+
+ ## proxyUrl: URL of a proxy that should be used for scraping.
+ ##
+ proxyUrl: ""
+
+ ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.
+ scheme: ""
+
+ ## enableHttp2: Whether to enable HTTP2.
+ ## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint
+ enableHttp2: true
+
+ ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.
+ ## Of type: https://github.com/coreos/prometheus-operator/blob/main/Documentation/api.md#tlsconfig
+ tlsConfig: {}
+
+ bearerTokenFile:
+
+ ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
+ ##
+ metricRelabelings: []
+ # - action: keep
+ # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
+ # sourceLabels: [__name__]
+
+ ## RelabelConfigs to apply to samples before scraping
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
+ ##
+ relabelings: []
+ # - sourceLabels: [__meta_kubernetes_pod_node_name]
+ # separator: ;
+ # regex: ^(.*)$
+ # targetLabel: nodename
+ # replacement: $1
+ # action: replace
+
+ ## Settings affecting alertmanagerSpec
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#alertmanagerspec
+ ##
+ alertmanagerSpec:
+ ## Standard object's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata
+ ## Metadata Labels and Annotations gets propagated to the Alertmanager pods.
+ ##
+ podMetadata: {}
+
+ ## Image of Alertmanager
+ ##
+ image:
+ repository: quay.io/prometheus/alertmanager
+ tag: v0.24.0
+ sha: ""
+
+ ## If true then the user will be responsible to provide a secret with alertmanager configuration
+ ## So when true the config part will be ignored (including templateFiles) and the one in the secret will be used
+ ##
+ useExistingSecret: false
+
+ ## Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the
+ ## Alertmanager Pods. The Secrets are mounted into /etc/alertmanager/secrets/.
+ ##
+ secrets: []
+
+ ## ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods.
+ ## The ConfigMaps are mounted into /etc/alertmanager/configmaps/.
+ ##
+ configMaps: []
+
+ ## ConfigSecret is the name of a Kubernetes Secret in the same namespace as the Alertmanager object, which contains configuration for
+ ## this Alertmanager instance. Defaults to 'alertmanager-' The secret is mounted into /etc/alertmanager/config.
+ ##
+ # configSecret:
+
+ ## WebTLSConfig defines the TLS parameters for HTTPS
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#alertmanagerwebspec
+ web: {}
+
+ ## AlertmanagerConfigs to be selected to merge and configure Alertmanager with.
+ ##
+ alertmanagerConfigSelector: {}
+ ## Example which selects all alertmanagerConfig resources
+ ## with label "alertconfig" with values any of "example-config" or "example-config-2"
+ # alertmanagerConfigSelector:
+ # matchExpressions:
+ # - key: alertconfig
+ # operator: In
+ # values:
+ # - example-config
+ # - example-config-2
+ #
+ ## Example which selects all alertmanagerConfig resources with label "role" set to "example-config"
+ # alertmanagerConfigSelector:
+ # matchLabels:
+ # role: example-config
+
+ ## Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace.
+ ##
+ alertmanagerConfigNamespaceSelector: {}
+ ## Example which selects all namespaces
+ ## with label "alertmanagerconfig" with values any of "example-namespace" or "example-namespace-2"
+ # alertmanagerConfigNamespaceSelector:
+ # matchExpressions:
+ # - key: alertmanagerconfig
+ # operator: In
+ # values:
+ # - example-namespace
+ # - example-namespace-2
+
+ ## Example which selects all namespaces with label "alertmanagerconfig" set to "enabled"
+ # alertmanagerConfigNamespaceSelector:
+ # matchLabels:
+ # alertmanagerconfig: enabled
+
+ ## AlermanagerConfig to be used as top level configuration
+ ##
+ alertmanagerConfiguration: {}
+ ## Example with select a global alertmanagerconfig
+ # alertmanagerConfiguration:
+ # name: global-alertmanager-Configuration
+
+ ## Define Log Format
+ # Use logfmt (default) or json logging
+ logFormat: logfmt
+
+ ## Log level for Alertmanager to be configured with.
+ ##
+ logLevel: info
+
+ ## Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the
+ ## running cluster equal to the expected size.
+ replicas: 1
+
+ ## Time duration Alertmanager shall retain data for. Default is '120h', and must match the regular expression
+ ## [0-9]+(ms|s|m|h) (milliseconds seconds minutes hours).
+ ##
+ retention: 120h
+
+ ## Storage is the definition of how storage will be used by the Alertmanager instances.
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/storage.md
+ ##
+ storage: {}
+ # volumeClaimTemplate:
+ # spec:
+ # storageClassName: gluster
+ # accessModes: ["ReadWriteOnce"]
+ # resources:
+ # requests:
+ # storage: 50Gi
+ # selector: {}
+
+
+ ## The external URL the Alertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if Alertmanager is not served from root of a DNS name. string false
+ ##
+ externalUrl:
+
+ ## The route prefix Alertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true,
+ ## but the server serves requests under a different route prefix. For example for use with kubectl proxy.
+ ##
+ routePrefix: /
+
+ ## If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions.
+ ##
+ paused: false
+
+ ## Define which Nodes the Pods are scheduled on.
+ ## ref: https://kubernetes.io/docs/user-guide/node-selection/
+ ##
+ nodeSelector: {}
+
+ ## Define resources requests and limits for single Pods.
+ ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
+ ##
+ resources: {}
+ # requests:
+ # memory: 400Mi
+
+ ## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node.
+ ## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided.
+ ## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node.
+ ## The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured.
+ ##
+ podAntiAffinity: ""
+
+ ## If anti-affinity is enabled sets the topologyKey to use for anti-affinity.
+ ## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone
+ ##
+ podAntiAffinityTopologyKey: kubernetes.io/hostname
+
+ ## Assign custom affinity rules to the alertmanager instance
+ ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ ##
+ affinity: {}
+ # nodeAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # nodeSelectorTerms:
+ # - matchExpressions:
+ # - key: kubernetes.io/e2e-az-name
+ # operator: In
+ # values:
+ # - e2e-az1
+ # - e2e-az2
+
+ ## If specified, the pod's tolerations.
+ ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+ ##
+ tolerations: []
+ # - key: "key"
+ # operator: "Equal"
+ # value: "value"
+ # effect: "NoSchedule"
+
+ ## If specified, the pod's topology spread constraints.
+ ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+ ##
+ topologySpreadConstraints: []
+ # - maxSkew: 1
+ # topologyKey: topology.kubernetes.io/zone
+ # whenUnsatisfiable: DoNotSchedule
+ # labelSelector:
+ # matchLabels:
+ # app: alertmanager
+
+ ## SecurityContext holds pod-level security attributes and common container settings.
+ ## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ ##
+ securityContext:
+ runAsGroup: 2000
+ runAsNonRoot: true
+ runAsUser: 1000
+ fsGroup: 2000
+
+ ## ListenLocal makes the Alertmanager server listen on loopback, so that it does not bind against the Pod IP.
+ ## Note this is only for the Alertmanager UI, not the gossip communication.
+ ##
+ listenLocal: false
+
+ ## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an Alertmanager pod.
+ ##
+ containers: []
+ # containers:
+ # - name: oauth-proxy
+ # image: quay.io/oauth2-proxy/oauth2-proxy:v7.3.0
+ # args:
+ # - --upstream=http://127.0.0.1:9093
+ # - --http-address=0.0.0.0:8081
+ # - ...
+ # ports:
+ # - containerPort: 8081
+ # name: oauth-proxy
+ # protocol: TCP
+ # resources: {}
+
+ # Additional volumes on the output StatefulSet definition.
+ volumes: []
+
+ # Additional VolumeMounts on the output StatefulSet definition.
+ volumeMounts: []
+
+ ## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes
+ ## (permissions, dir tree) on mounted volumes before starting prometheus
+ initContainers: []
+
+ ## Priority class assigned to the Pods
+ ##
+ priorityClassName: ""
+
+ ## AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster.
+ ##
+ additionalPeers: []
+
+ ## PortName to use for Alert Manager.
+ ##
+ portName: "http-web"
+
+ ## ClusterAdvertiseAddress is the explicit address to advertise in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918
+ ##
+ clusterAdvertiseAddress: false
+
+ ## ForceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica.
+ ## Use case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each.
+ forceEnableClusterMode: false
+
+ ## Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to
+ ## be considered available. Defaults to 0 (pod will be considered available as soon as it is ready).
+ minReadySeconds: 0
+
+ ## ExtraSecret can be used to store various data in an extra secret
+ ## (use it for example to store hashed basic auth credentials)
+ extraSecret:
+ ## if not set, name will be auto generated
+ # name: ""
+ annotations: {}
+ data: {}
+ # auth: |
+ # foo:$apr1$OFG3Xybp$ckL0FHDAkoXYIlH9.cysT0
+ # someoneelse:$apr1$DMZX2Z4q$6SbQIfyuLQd.xmo/P0m2c.
+
+## Using default values from https://github.com/grafana/helm-charts/blob/main/charts/grafana/values.yaml
+##
+grafana:
+ enabled: true
+ namespaceOverride: ""
+
+ ## ForceDeployDatasources Create datasource configmap even if grafana deployment has been disabled
+ ##
+ forceDeployDatasources: false
+
+ ## ForceDeployDashboard Create dashboard configmap even if grafana deployment has been disabled
+ ##
+ forceDeployDashboards: false
+
+ ## Deploy default dashboards
+ ##
+ defaultDashboardsEnabled: true
+
+ ## Timezone for the default dashboards
+ ## Other options are: browser or a specific timezone, i.e. Europe/Luxembourg
+ ##
+ defaultDashboardsTimezone: utc
+
+ adminPassword: prom-operator
+
+ rbac:
+ ## If true, Grafana PSPs will be created
+ ##
+ pspEnabled: false
+
+ ingress:
+ ## If true, Grafana Ingress will be created
+ ##
+ enabled: false
+
+ ## IngressClassName for Grafana Ingress.
+ ## Should be provided if Ingress is enable.
+ ##
+ # ingressClassName: nginx
+
+ ## Annotations for Grafana Ingress
+ ##
+ annotations: {}
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: "true"
+
+ ## Labels to be added to the Ingress
+ ##
+ labels: {}
+
+ ## Hostnames.
+ ## Must be provided if Ingress is enable.
+ ##
+ # hosts:
+ # - grafana.domain.com
+ hosts: []
+
+ ## Path for grafana ingress
+ path: /
+
+ ## TLS configuration for grafana Ingress
+ ## Secret must be manually created in the namespace
+ ##
+ tls: []
+ # - secretName: grafana-general-tls
+ # hosts:
+ # - grafana.example.com
+
+ sidecar:
+ dashboards:
+ enabled: true
+ label: grafana_dashboard
+ labelValue: "1"
+
+ ## Annotations for Grafana dashboard configmaps
+ ##
+ annotations: {}
+ multicluster:
+ global:
+ enabled: false
+ etcd:
+ enabled: false
+ provider:
+ allowUiUpdates: false
+ datasources:
+ enabled: true
+ defaultDatasourceEnabled: true
+
+ uid: prometheus
+
+ ## URL of prometheus datasource
+ ##
+ # url: http://prometheus-stack-prometheus:9090/
+
+ # If not defined, will use prometheus.prometheusSpec.scrapeInterval or its default
+ # defaultDatasourceScrapeInterval: 15s
+
+ ## Annotations for Grafana datasource configmaps
+ ##
+ annotations: {}
+
+ ## Create datasource for each Pod of Prometheus StatefulSet;
+ ## this uses headless service `prometheus-operated` which is
+ ## created by Prometheus Operator
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/0fee93e12dc7c2ea1218f19ae25ec6b893460590/pkg/prometheus/statefulset.go#L255-L286
+ createPrometheusReplicasDatasources: false
+ label: grafana_datasource
+ labelValue: "1"
+
+ ## Field with internal link pointing to existing data source in Grafana.
+ ## Can be provisioned via additionalDataSources
+ exemplarTraceIdDestinations: {}
+ # datasourceUid: Jaeger
+ # traceIdLabelName: trace_id
+
+ extraConfigmapMounts: []
+ # - name: certs-configmap
+ # mountPath: /etc/grafana/ssl/
+ # configMap: certs-configmap
+ # readOnly: true
+
+ deleteDatasources: []
+ # - name: example-datasource
+ # orgId: 1
+
+ ## Configure additional grafana datasources (passed through tpl)
+ ## ref: http://docs.grafana.org/administration/provisioning/#datasources
+ additionalDataSources: []
+ # - name: prometheus-sample
+ # access: proxy
+ # basicAuth: true
+ # basicAuthPassword: pass
+ # basicAuthUser: daco
+ # editable: false
+ # jsonData:
+ # tlsSkipVerify: true
+ # orgId: 1
+ # type: prometheus
+ # url: https://{{ printf "%s-prometheus.svc" .Release.Name }}:9090
+ # version: 1
+
+ ## Passed to grafana subchart and used by servicemonitor below
+ ##
+ service:
+ portName: http-web
+
+ serviceMonitor:
+ # If true, a ServiceMonitor CRD is created for a prometheus operator
+ # https://github.com/coreos/prometheus-operator
+ #
+ enabled: true
+
+ # Path to use for scraping metrics. Might be different if server.root_url is set
+ # in grafana.ini
+ path: "/metrics"
+
+ # namespace: monitoring (defaults to use the namespace this chart is deployed to)
+
+ # labels for the ServiceMonitor
+ labels: {}
+
+ # Scrape interval. If not set, the Prometheus default scrape interval is used.
+ #
+ interval: ""
+ scheme: http
+ tlsConfig: {}
+ scrapeTimeout: 30s
+
+ ## RelabelConfigs to apply to samples before scraping
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
+ ##
+ relabelings: []
+ # - sourceLabels: [__meta_kubernetes_pod_node_name]
+ # separator: ;
+ # regex: ^(.*)$
+ # targetLabel: nodename
+ # replacement: $1
+ # action: replace
+
+## Component scraping the kube api server
+##
+kubeApiServer:
+ enabled: true
+ tlsConfig:
+ serverName: kubernetes
+ insecureSkipVerify: false
+ serviceMonitor:
+ ## Scrape interval. If not set, the Prometheus default scrape interval is used.
+ ##
+ interval: ""
+ ## proxyUrl: URL of a proxy that should be used for scraping.
+ ##
+ proxyUrl: ""
+
+ jobLabel: component
+ selector:
+ matchLabels:
+ component: apiserver
+ provider: kubernetes
+
+ ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
+ ##
+ metricRelabelings:
+ # Drop excessively noisy apiserver buckets.
+ - action: drop
+ regex: apiserver_request_duration_seconds_bucket;(0.15|0.2|0.3|0.35|0.4|0.45|0.6|0.7|0.8|0.9|1.25|1.5|1.75|2|3|3.5|4|4.5|6|7|8|9|15|25|40|50)
+ sourceLabels:
+ - __name__
+ - le
+ # - action: keep
+ # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
+ # sourceLabels: [__name__]
+
+ ## RelabelConfigs to apply to samples before scraping
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
+ ##
+ relabelings: []
+ # - sourceLabels:
+ # - __meta_kubernetes_namespace
+ # - __meta_kubernetes_service_name
+ # - __meta_kubernetes_endpoint_port_name
+ # action: keep
+ # regex: default;kubernetes;https
+ # - targetLabel: __address__
+ # replacement: kubernetes.default.svc:443
+
+ ## Additional labels
+ ##
+ additionalLabels: {}
+ # foo: bar
+
+## Component scraping the kubelet and kubelet-hosted cAdvisor
+##
+kubelet:
+ enabled: true
+ namespace: kube-system
+
+ serviceMonitor:
+ ## Scrape interval. If not set, the Prometheus default scrape interval is used.
+ ##
+ interval: ""
+
+ ## proxyUrl: URL of a proxy that should be used for scraping.
+ ##
+ proxyUrl: ""
+
+ ## Enable scraping the kubelet over https. For requirements to enable this see
+ ## https://github.com/prometheus-operator/prometheus-operator/issues/926
+ ##
+ https: true
+
+ ## Enable scraping /metrics/cadvisor from kubelet's service
+ ##
+ cAdvisor: true
+
+ ## Enable scraping /metrics/probes from kubelet's service
+ ##
+ probes: true
+
+ ## Enable scraping /metrics/resource from kubelet's service
+ ## This is disabled by default because container metrics are already exposed by cAdvisor
+ ##
+ resource: false
+ # From kubernetes 1.18, /metrics/resource/v1alpha1 renamed to /metrics/resource
+ resourcePath: "/metrics/resource/v1alpha1"
+
+ ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
+ ##
+ cAdvisorMetricRelabelings:
+ # Drop less useful container CPU metrics.
+ - sourceLabels: [__name__]
+ action: drop
+ regex: 'container_cpu_(cfs_throttled_seconds_total|load_average_10s|system_seconds_total|user_seconds_total)'
+ # Drop less useful container / always zero filesystem metrics.
+ - sourceLabels: [__name__]
+ action: drop
+ regex: 'container_fs_(io_current|io_time_seconds_total|io_time_weighted_seconds_total|reads_merged_total|sector_reads_total|sector_writes_total|writes_merged_total)'
+ # Drop less useful / always zero container memory metrics.
+ - sourceLabels: [__name__]
+ action: drop
+ regex: 'container_memory_(mapped_file|swap)'
+ # Drop less useful container process metrics.
+ - sourceLabels: [__name__]
+ action: drop
+ regex: 'container_(file_descriptors|tasks_state|threads_max)'
+ # Drop container spec metrics that overlap with kube-state-metrics.
+ - sourceLabels: [__name__]
+ action: drop
+ regex: 'container_spec.*'
+ # Drop cgroup metrics with no pod.
+ - sourceLabels: [id, pod]
+ action: drop
+ regex: '.+;'
+ # - sourceLabels: [__name__, image]
+ # separator: ;
+ # regex: container_([a-z_]+);
+ # replacement: $1
+ # action: drop
+ # - sourceLabels: [__name__]
+ # separator: ;
+ # regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s)
+ # replacement: $1
+ # action: drop
+
+ ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
+ ##
+ probesMetricRelabelings: []
+ # - sourceLabels: [__name__, image]
+ # separator: ;
+ # regex: container_([a-z_]+);
+ # replacement: $1
+ # action: drop
+ # - sourceLabels: [__name__]
+ # separator: ;
+ # regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s)
+ # replacement: $1
+ # action: drop
+
+ ## RelabelConfigs to apply to samples before scraping
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
+ ##
+ ## metrics_path is required to match upstream rules and charts
+ cAdvisorRelabelings:
+ - sourceLabels: [__metrics_path__]
+ targetLabel: metrics_path
+ # - sourceLabels: [__meta_kubernetes_pod_node_name]
+ # separator: ;
+ # regex: ^(.*)$
+ # targetLabel: nodename
+ # replacement: $1
+ # action: replace
+
+ ## RelabelConfigs to apply to samples before scraping
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
+ ##
+ probesRelabelings:
+ - sourceLabels: [__metrics_path__]
+ targetLabel: metrics_path
+ # - sourceLabels: [__meta_kubernetes_pod_node_name]
+ # separator: ;
+ # regex: ^(.*)$
+ # targetLabel: nodename
+ # replacement: $1
+ # action: replace
+
+ ## RelabelConfigs to apply to samples before scraping
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
+ ##
+ resourceRelabelings:
+ - sourceLabels: [__metrics_path__]
+ targetLabel: metrics_path
+ # - sourceLabels: [__meta_kubernetes_pod_node_name]
+ # separator: ;
+ # regex: ^(.*)$
+ # targetLabel: nodename
+ # replacement: $1
+ # action: replace
+
+ ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
+ ##
+ metricRelabelings: []
+ # - sourceLabels: [__name__, image]
+ # separator: ;
+ # regex: container_([a-z_]+);
+ # replacement: $1
+ # action: drop
+ # - sourceLabels: [__name__]
+ # separator: ;
+ # regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s)
+ # replacement: $1
+ # action: drop
+
+ ## RelabelConfigs to apply to samples before scraping
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
+ ##
+ ## metrics_path is required to match upstream rules and charts
+ relabelings:
+ - sourceLabels: [__metrics_path__]
+ targetLabel: metrics_path
+ # - sourceLabels: [__meta_kubernetes_pod_node_name]
+ # separator: ;
+ # regex: ^(.*)$
+ # targetLabel: nodename
+ # replacement: $1
+ # action: replace
+
+ ## Additional labels
+ ##
+ additionalLabels: {}
+ # foo: bar
+
+## Component scraping the kube controller manager
+##
+kubeControllerManager:
+ enabled: true
+
+ ## If your kube controller manager is not deployed as a pod, specify IPs it can be found on
+ ##
+ endpoints: []
+ # - 10.141.4.22
+ # - 10.141.4.23
+ # - 10.141.4.24
+
+ ## If using kubeControllerManager.endpoints only the port and targetPort are used
+ ##
+ service:
+ enabled: true
+ ## If null or unset, the value is determined dynamically based on target Kubernetes version due to change
+ ## of default port in Kubernetes 1.22.
+ ##
+ port: null
+ targetPort: null
+ # selector:
+ # component: kube-controller-manager
+
+ serviceMonitor:
+ enabled: true
+ ## Scrape interval. If not set, the Prometheus default scrape interval is used.
+ ##
+ interval: ""
+
+ ## proxyUrl: URL of a proxy that should be used for scraping.
+ ##
+ proxyUrl: ""
+
+ ## Enable scraping kube-controller-manager over https.
+ ## Requires proper certs (not self-signed) and delegated authentication/authorization checks.
+ ## If null or unset, the value is determined dynamically based on target Kubernetes version.
+ ##
+ https: null
+
+ # Skip TLS certificate validation when scraping
+ insecureSkipVerify: null
+
+ # Name of the server to use when validating TLS certificate
+ serverName: null
+
+ ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
+ ##
+ metricRelabelings: []
+ # - action: keep
+ # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
+ # sourceLabels: [__name__]
+
+ ## RelabelConfigs to apply to samples before scraping
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
+ ##
+ relabelings: []
+ # - sourceLabels: [__meta_kubernetes_pod_node_name]
+ # separator: ;
+ # regex: ^(.*)$
+ # targetLabel: nodename
+ # replacement: $1
+ # action: replace
+
+ ## Additional labels
+ ##
+ additionalLabels: {}
+ # foo: bar
+
+## Component scraping coreDns. Use either this or kubeDns
+##
+coreDns:
+ enabled: true
+ service:
+ port: 9153
+ targetPort: 9153
+ # selector:
+ # k8s-app: kube-dns
+ serviceMonitor:
+ ## Scrape interval. If not set, the Prometheus default scrape interval is used.
+ ##
+ interval: ""
+
+ ## proxyUrl: URL of a proxy that should be used for scraping.
+ ##
+ proxyUrl: ""
+
+ ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
+ ##
+ metricRelabelings: []
+ # - action: keep
+ # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
+ # sourceLabels: [__name__]
+
+ ## RelabelConfigs to apply to samples before scraping
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
+ ##
+ relabelings: []
+ # - sourceLabels: [__meta_kubernetes_pod_node_name]
+ # separator: ;
+ # regex: ^(.*)$
+ # targetLabel: nodename
+ # replacement: $1
+ # action: replace
+
+ ## Additional labels
+ ##
+ additionalLabels: {}
+ # foo: bar
+
+## Component scraping kubeDns. Use either this or coreDns
+##
+kubeDns:
+ enabled: false
+ service:
+ dnsmasq:
+ port: 10054
+ targetPort: 10054
+ skydns:
+ port: 10055
+ targetPort: 10055
+ # selector:
+ # k8s-app: kube-dns
+ serviceMonitor:
+ ## Scrape interval. If not set, the Prometheus default scrape interval is used.
+ ##
+ interval: ""
+
+ ## proxyUrl: URL of a proxy that should be used for scraping.
+ ##
+ proxyUrl: ""
+
+ ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
+ ##
+ metricRelabelings: []
+ # - action: keep
+ # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
+ # sourceLabels: [__name__]
+
+ ## RelabelConfigs to apply to samples before scraping
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
+ ##
+ relabelings: []
+ # - sourceLabels: [__meta_kubernetes_pod_node_name]
+ # separator: ;
+ # regex: ^(.*)$
+ # targetLabel: nodename
+ # replacement: $1
+ # action: replace
+
+ ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
+ ##
+ dnsmasqMetricRelabelings: []
+ # - action: keep
+ # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
+ # sourceLabels: [__name__]
+
+ ## RelabelConfigs to apply to samples before scraping
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
+ ##
+ dnsmasqRelabelings: []
+ # - sourceLabels: [__meta_kubernetes_pod_node_name]
+ # separator: ;
+ # regex: ^(.*)$
+ # targetLabel: nodename
+ # replacement: $1
+ # action: replace
+
+ ## Additional labels
+ ##
+ additionalLabels: {}
+ # foo: bar
+
+## Component scraping etcd
+##
+kubeEtcd:
+ enabled: true
+
+ ## If your etcd is not deployed as a pod, specify IPs it can be found on
+ ##
+ endpoints: []
+ # - 10.141.4.22
+ # - 10.141.4.23
+ # - 10.141.4.24
+
+ ## Etcd service. If using kubeEtcd.endpoints only the port and targetPort are used
+ ##
+ service:
+ enabled: true
+ port: 2381
+ targetPort: 2381
+ # selector:
+ # component: etcd
+
+ ## Configure secure access to the etcd cluster by loading a secret into prometheus and
+ ## specifying security configuration below. For example, with a secret named etcd-client-cert
+ ##
+ ## serviceMonitor:
+ ## scheme: https
+ ## insecureSkipVerify: false
+ ## serverName: localhost
+ ## caFile: /etc/prometheus/secrets/etcd-client-cert/etcd-ca
+ ## certFile: /etc/prometheus/secrets/etcd-client-cert/etcd-client
+ ## keyFile: /etc/prometheus/secrets/etcd-client-cert/etcd-client-key
+ ##
+ serviceMonitor:
+ enabled: true
+ ## Scrape interval. If not set, the Prometheus default scrape interval is used.
+ ##
+ interval: ""
+ ## proxyUrl: URL of a proxy that should be used for scraping.
+ ##
+ proxyUrl: ""
+ scheme: http
+ insecureSkipVerify: false
+ serverName: ""
+ caFile: ""
+ certFile: ""
+ keyFile: ""
+
+ ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
+ ##
+ metricRelabelings: []
+ # - action: keep
+ # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
+ # sourceLabels: [__name__]
+
+ ## RelabelConfigs to apply to samples before scraping
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
+ ##
+ relabelings: []
+ # - sourceLabels: [__meta_kubernetes_pod_node_name]
+ # separator: ;
+ # regex: ^(.*)$
+ # targetLabel: nodename
+ # replacement: $1
+ # action: replace
+
+ ## Additional labels
+ ##
+ additionalLabels: {}
+ # foo: bar
+
+## Component scraping kube scheduler
+##
+kubeScheduler:
+ enabled: true
+
+ ## If your kube scheduler is not deployed as a pod, specify IPs it can be found on
+ ##
+ endpoints: []
+ # - 10.141.4.22
+ # - 10.141.4.23
+ # - 10.141.4.24
+
+ ## If using kubeScheduler.endpoints only the port and targetPort are used
+ ##
+ service:
+ enabled: true
+ ## If null or unset, the value is determined dynamically based on target Kubernetes version due to change
+ ## of default port in Kubernetes 1.23.
+ ##
+ port: null
+ targetPort: null
+ # selector:
+ # component: kube-scheduler
+
+ serviceMonitor:
+ enabled: true
+ ## Scrape interval. If not set, the Prometheus default scrape interval is used.
+ ##
+ interval: ""
+ ## proxyUrl: URL of a proxy that should be used for scraping.
+ ##
+ proxyUrl: ""
+ ## Enable scraping kube-scheduler over https.
+ ## Requires proper certs (not self-signed) and delegated authentication/authorization checks.
+ ## If null or unset, the value is determined dynamically based on target Kubernetes version.
+ ##
+ https: null
+
+ ## Skip TLS certificate validation when scraping
+ insecureSkipVerify: null
+
+ ## Name of the server to use when validating TLS certificate
+ serverName: null
+
+ ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
+ ##
+ metricRelabelings: []
+ # - action: keep
+ # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
+ # sourceLabels: [__name__]
+
+ ## RelabelConfigs to apply to samples before scraping
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
+ ##
+ relabelings: []
+ # - sourceLabels: [__meta_kubernetes_pod_node_name]
+ # separator: ;
+ # regex: ^(.*)$
+ # targetLabel: nodename
+ # replacement: $1
+ # action: replace
+
+ ## Additional labels
+ ##
+ additionalLabels: {}
+ # foo: bar
+
+## Component scraping kube proxy
+##
+kubeProxy:
+ enabled: true
+
+ ## If your kube proxy is not deployed as a pod, specify IPs it can be found on
+ ##
+ endpoints: []
+ # - 10.141.4.22
+ # - 10.141.4.23
+ # - 10.141.4.24
+
+ service:
+ enabled: true
+ port: 10249
+ targetPort: 10249
+ # selector:
+ # k8s-app: kube-proxy
+
+ serviceMonitor:
+ enabled: true
+ ## Scrape interval. If not set, the Prometheus default scrape interval is used.
+ ##
+ interval: ""
+
+ ## proxyUrl: URL of a proxy that should be used for scraping.
+ ##
+ proxyUrl: ""
+
+ ## Enable scraping kube-proxy over https.
+ ## Requires proper certs (not self-signed) and delegated authentication/authorization checks
+ ##
+ https: false
+
+ ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
+ ##
+ metricRelabelings: []
+ # - action: keep
+ # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
+ # sourceLabels: [__name__]
+
+ ## RelabelConfigs to apply to samples before scraping
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
+ ##
+ relabelings: []
+ # - action: keep
+ # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
+ # sourceLabels: [__name__]
+
+ ## Additional labels
+ ##
+ additionalLabels: {}
+ # foo: bar
+
+## Component scraping kube state metrics
+##
+kubeStateMetrics:
+ enabled: true
+
+## Configuration for kube-state-metrics subchart
+##
+kube-state-metrics:
+ namespaceOverride: ""
+ rbac:
+ create: true
+ releaseLabel: true
+ prometheus:
+ monitor:
+ enabled: true
+
+ ## Scrape interval. If not set, the Prometheus default scrape interval is used.
+ ##
+ interval: ""
+
+ ## Scrape Timeout. If not set, the Prometheus default scrape timeout is used.
+ ##
+ scrapeTimeout: ""
+
+ ## proxyUrl: URL of a proxy that should be used for scraping.
+ ##
+ proxyUrl: ""
+
+ # Keep labels from scraped data, overriding server-side labels
+ ##
+ honorLabels: true
+
+ ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
+ ##
+ metricRelabelings: []
+ # - action: keep
+ # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
+ # sourceLabels: [__name__]
+
+ ## RelabelConfigs to apply to samples before scraping
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
+ ##
+ relabelings: []
+ # - sourceLabels: [__meta_kubernetes_pod_node_name]
+ # separator: ;
+ # regex: ^(.*)$
+ # targetLabel: nodename
+ # replacement: $1
+ # action: replace
+
+ selfMonitor:
+ enabled: false
+
+## Deploy node exporter as a daemonset to all nodes
+##
+nodeExporter:
+ enabled: true
+
+## Configuration for prometheus-node-exporter subchart
+##
+prometheus-node-exporter:
+ namespaceOverride: ""
+ podLabels:
+ ## Add the 'node-exporter' label to be used by serviceMonitor to match standard common usage in rules and grafana dashboards
+ ##
+ jobLabel: node-exporter
+ releaseLabel: true
+ extraArgs:
+ - --collector.filesystem.mount-points-exclude=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/.+)($|/)
+ - --collector.filesystem.fs-types-exclude=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$
+ service:
+ portName: http-metrics
+ prometheus:
+ monitor:
+ enabled: true
+
+ jobLabel: jobLabel
+
+ ## Scrape interval. If not set, the Prometheus default scrape interval is used.
+ ##
+ interval: ""
+
+ ## How long until a scrape request times out. If not set, the Prometheus default scape timeout is used.
+ ##
+ scrapeTimeout: ""
+
+ ## proxyUrl: URL of a proxy that should be used for scraping.
+ ##
+ proxyUrl: ""
+
+ ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
+ ##
+ metricRelabelings: []
+ # - sourceLabels: [__name__]
+ # separator: ;
+ # regex: ^node_mountstats_nfs_(event|operations|transport)_.+
+ # replacement: $1
+ # action: drop
+
+ ## RelabelConfigs to apply to samples before scraping
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
+ ##
+ relabelings: []
+ # - sourceLabels: [__meta_kubernetes_pod_node_name]
+ # separator: ;
+ # regex: ^(.*)$
+ # targetLabel: nodename
+ # replacement: $1
+ # action: replace
+ rbac:
+ ## If true, create PSPs for node-exporter
+ ##
+ pspEnabled: false
+
+## Manages Prometheus and Alertmanager components
+##
+prometheusOperator:
+ enabled: true
+
+ ## Prometheus-Operator v0.39.0 and later support TLS natively.
+ ##
+ tls:
+ enabled: true
+ # Value must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants
+ tlsMinVersion: VersionTLS13
+ # The default webhook port is 10250 in order to work out-of-the-box in GKE private clusters and avoid adding firewall rules.
+ internalPort: 10250
+
+ ## Admission webhook support for PrometheusRules resources added in Prometheus Operator 0.30 can be enabled to prevent incorrectly formatted
+ ## rules from making their way into prometheus and potentially preventing the container from starting
+ admissionWebhooks:
+ failurePolicy: Fail
+ ## The default timeoutSeconds is 10 and the maximum value is 30.
+ timeoutSeconds: 10
+ enabled: true
+ ## A PEM encoded CA bundle which will be used to validate the webhook's server certificate.
+ ## If unspecified, system trust roots on the apiserver are used.
+ caBundle: ""
+ ## If enabled, generate a self-signed certificate, then patch the webhook configurations with the generated data.
+ ## On chart upgrades (or if the secret exists) the cert will not be re-generated. You can use this to provide your own
+ ## certs ahead of time if you wish.
+ ##
+ annotations: {}
+ # argocd.argoproj.io/hook: PreSync
+ # argocd.argoproj.io/hook-delete-policy: HookSucceeded
+ patch:
+ enabled: true
+ image:
+ repository: k8s.gcr.io/ingress-nginx/kube-webhook-certgen
+ tag: v1.3.0
+ sha: ""
+ pullPolicy: IfNotPresent
+ resources: {}
+ ## Provide a priority class name to the webhook patching job
+ ##
+ priorityClassName: ""
+ annotations: {}
+ # argocd.argoproj.io/hook: PreSync
+ # argocd.argoproj.io/hook-delete-policy: HookSucceeded
+ podAnnotations: {}
+ nodeSelector: {}
+ affinity: {}
+ tolerations: []
+
+ ## SecurityContext holds pod-level security attributes and common container settings.
+ ## This defaults to non root user with uid 2000 and gid 2000. *v1.PodSecurityContext false
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ ##
+ securityContext:
+ runAsGroup: 2000
+ runAsNonRoot: true
+ runAsUser: 2000
+
+ # Security context for create job container
+ createSecretJob:
+ securityContext: {}
+
+ # Security context for patch job container
+ patchWebhookJob:
+ securityContext: {}
+
+ # Use certmanager to generate webhook certs
+ certManager:
+ enabled: false
+ # self-signed root certificate
+ rootCert:
+ duration: "" # default to be 5y
+ admissionCert:
+ duration: "" # default to be 1y
+ # issuerRef:
+ # name: "issuer"
+ # kind: "ClusterIssuer"
+
+ ## Namespaces to scope the interaction of the Prometheus Operator and the apiserver (allow list).
+ ## This is mutually exclusive with denyNamespaces. Setting this to an empty object will disable the configuration
+ ##
+ namespaces: {}
+ # releaseNamespace: true
+ # additional:
+ # - kube-system
+
+ ## Namespaces not to scope the interaction of the Prometheus Operator (deny list).
+ ##
+ denyNamespaces: []
+
+ ## Filter namespaces to look for prometheus-operator custom resources
+ ##
+ alertmanagerInstanceNamespaces: []
+ alertmanagerConfigNamespaces: []
+ prometheusInstanceNamespaces: []
+ thanosRulerInstanceNamespaces: []
+
+ ## The clusterDomain value will be added to the cluster.peer option of the alertmanager.
+ ## Without this specified option cluster.peer will have value alertmanager-monitoring-alertmanager-0.alertmanager-operated:9094 (default value)
+ ## With this specified option cluster.peer will have value alertmanager-monitoring-alertmanager-0.alertmanager-operated.namespace.svc.cluster-domain:9094
+ ##
+ # clusterDomain: "cluster.local"
+
+ networkPolicy:
+ ## Enable creation of NetworkPolicy resources.
+ ##
+ enabled: false
+
+ ## Service account for Alertmanager to use.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+ ##
+ serviceAccount:
+ create: true
+ name: ""
+
+ ## Configuration for Prometheus operator service
+ ##
+ service:
+ annotations: {}
+ labels: {}
+ clusterIP: ""
+
+ ## Port to expose on each node
+ ## Only used if service.type is 'NodePort'
+ ##
+ nodePort: 30080
+
+ nodePortTls: 30443
+
+ ## Additional ports to open for Prometheus service
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services
+ ##
+ additionalPorts: []
+
+ ## Loadbalancer IP
+ ## Only use if service.type is "LoadBalancer"
+ ##
+ loadBalancerIP: ""
+ loadBalancerSourceRanges: []
+
+ ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
+ ##
+ externalTrafficPolicy: Cluster
+
+ ## Service type
+ ## NodePort, ClusterIP, LoadBalancer
+ ##
+ type: ClusterIP
+
+ ## List of IP addresses at which the Prometheus server service is available
+ ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
+ ##
+ externalIPs: []
+
+ # ## Labels to add to the operator deployment
+ # ##
+ labels: {}
+
+ ## Annotations to add to the operator deployment
+ ##
+ annotations: {}
+
+ ## Labels to add to the operator pod
+ ##
+ podLabels: {}
+
+ ## Annotations to add to the operator pod
+ ##
+ podAnnotations: {}
+
+ ## Assign a PriorityClassName to pods if set
+ # priorityClassName: ""
+
+ ## Define Log Format
+ # Use logfmt (default) or json logging
+ # logFormat: logfmt
+
+ ## Decrease log verbosity to errors only
+ # logLevel: error
+
+ ## If true, the operator will create and maintain a service for scraping kubelets
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/helm/prometheus-operator/README.md
+ ##
+ kubeletService:
+ enabled: true
+ namespace: kube-system
+ ## Use '{{ template "kube-prometheus-stack.fullname" . }}-kubelet' by default
+ name: ""
+
+ ## Create a servicemonitor for the operator
+ ##
+ serviceMonitor:
+ ## Scrape interval. If not set, the Prometheus default scrape interval is used.
+ ##
+ interval: ""
+ ## Scrape timeout. If not set, the Prometheus default scrape timeout is used.
+ scrapeTimeout: ""
+ selfMonitor: true
+
+ ## Metric relabel configs to apply to samples before ingestion.
+ ##
+ metricRelabelings: []
+ # - action: keep
+ # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
+ # sourceLabels: [__name__]
+
+ # relabel configs to apply to samples before ingestion.
+ ##
+ relabelings: []
+ # - sourceLabels: [__meta_kubernetes_pod_node_name]
+ # separator: ;
+ # regex: ^(.*)$
+ # targetLabel: nodename
+ # replacement: $1
+ # action: replace
+
+ ## Resource limits & requests
+ ##
+ resources: {}
+ # limits:
+ # cpu: 200m
+ # memory: 200Mi
+ # requests:
+ # cpu: 100m
+ # memory: 100Mi
+
+ # Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico),
+ # because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working
+ ##
+ hostNetwork: false
+
+ ## Define which Nodes the Pods are scheduled on.
+ ## ref: https://kubernetes.io/docs/user-guide/node-selection/
+ ##
+ nodeSelector: {}
+
+ ## Tolerations for use with node taints
+ ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+ ##
+ tolerations: []
+ # - key: "key"
+ # operator: "Equal"
+ # value: "value"
+ # effect: "NoSchedule"
+
+ ## Assign custom affinity rules to the prometheus operator
+ ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ ##
+ affinity: {}
+ # nodeAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # nodeSelectorTerms:
+ # - matchExpressions:
+ # - key: kubernetes.io/e2e-az-name
+ # operator: In
+ # values:
+ # - e2e-az1
+ # - e2e-az2
+ dnsConfig: {}
+ # nameservers:
+ # - 1.2.3.4
+ # searches:
+ # - ns1.svc.cluster-domain.example
+ # - my.dns.search.suffix
+ # options:
+ # - name: ndots
+ # value: "2"
+ # - name: edns0
+ securityContext:
+ fsGroup: 65534
+ runAsGroup: 65534
+ runAsNonRoot: true
+ runAsUser: 65534
+
+ ## Container-specific security context configuration
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ ##
+ containerSecurityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+
+ # Enable vertical pod autoscaler support for prometheus-operator
+ verticalPodAutoscaler:
+ enabled: false
+ # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
+ controlledResources: []
+
+ # Define the max allowed resources for the pod
+ maxAllowed: {}
+ # cpu: 200m
+ # memory: 100Mi
+ # Define the min allowed resources for the pod
+ minAllowed: {}
+ # cpu: 200m
+ # memory: 100Mi
+
+ updatePolicy:
+ # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates
+ # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto".
+ updateMode: Auto
+
+ ## Prometheus-operator image
+ ##
+ image:
+ repository: quay.io/prometheus-operator/prometheus-operator
+ tag: v0.60.1
+ sha: ""
+ pullPolicy: IfNotPresent
+
+ ## Prometheus image to use for prometheuses managed by the operator
+ ##
+ # prometheusDefaultBaseImage: quay.io/prometheus/prometheus
+
+ ## Alertmanager image to use for alertmanagers managed by the operator
+ ##
+ # alertmanagerDefaultBaseImage: quay.io/prometheus/alertmanager
+
+ ## Prometheus-config-reloader
+ ##
+ prometheusConfigReloader:
+ image:
+ repository: quay.io/prometheus-operator/prometheus-config-reloader
+ tag: v0.60.1
+ sha: ""
+
+ # resource config for prometheusConfigReloader
+ resources:
+ requests:
+ cpu: 200m
+ memory: 50Mi
+ limits:
+ cpu: 200m
+ memory: 50Mi
+
+ ## Thanos side-car image when configured
+ ##
+ thanosImage:
+ repository: quay.io/thanos/thanos
+ tag: v0.28.1
+ sha: ""
+
+ ## Set a Field Selector to filter watched secrets
+ ##
+ secretFieldSelector: ""
+
+## Deploy a Prometheus instance
+##
+prometheus:
+
+ enabled: true
+
+ ## Annotations for Prometheus
+ ##
+ annotations: {}
+
+ ## Service account for Prometheuses to use.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+ ##
+ serviceAccount:
+ create: true
+ name: ""
+ annotations: {}
+
+ # Service for thanos service discovery on sidecar
+ # Enable this can make Thanos Query can use
+ # `--store=dnssrv+_grpc._tcp.${kube-prometheus-stack.fullname}-thanos-discovery.${namespace}.svc.cluster.local` to discovery
+ # Thanos sidecar on prometheus nodes
+ # (Please remember to change ${kube-prometheus-stack.fullname} and ${namespace}. Not just copy and paste!)
+ thanosService:
+ enabled: false
+ annotations: {}
+ labels: {}
+
+ ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
+ ##
+ externalTrafficPolicy: Cluster
+
+ ## Service type
+ ##
+ type: ClusterIP
+
+ ## gRPC port config
+ portName: grpc
+ port: 10901
+ targetPort: "grpc"
+
+ ## HTTP port config (for metrics)
+ httpPortName: http
+ httpPort: 10902
+ targetHttpPort: "http"
+
+ ## ClusterIP to assign
+ # Default is to make this a headless service ("None")
+ clusterIP: "None"
+
+ ## Port to expose on each node, if service type is NodePort
+ ##
+ nodePort: 30901
+ httpNodePort: 30902
+
+ # ServiceMonitor to scrape Sidecar metrics
+ # Needs thanosService to be enabled as well
+ thanosServiceMonitor:
+ enabled: false
+ interval: ""
+
+ ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.
+ scheme: ""
+
+ ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.
+ ## Of type: https://github.com/coreos/prometheus-operator/blob/main/Documentation/api.md#tlsconfig
+ tlsConfig: {}
+
+ bearerTokenFile:
+
+ ## Metric relabel configs to apply to samples before ingestion.
+ metricRelabelings: []
+
+ ## relabel configs to apply to samples before ingestion.
+ relabelings: []
+
+ # Service for external access to sidecar
+ # Enabling this creates a service to expose thanos-sidecar outside the cluster.
+ thanosServiceExternal:
+ enabled: false
+ annotations: {}
+ labels: {}
+ loadBalancerIP: ""
+ loadBalancerSourceRanges: []
+
+ ## gRPC port config
+ portName: grpc
+ port: 10901
+ targetPort: "grpc"
+
+ ## HTTP port config (for metrics)
+ httpPortName: http
+ httpPort: 10902
+ targetHttpPort: "http"
+
+ ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
+ ##
+ externalTrafficPolicy: Cluster
+
+ ## Service type
+ ##
+ type: LoadBalancer
+
+ ## Port to expose on each node
+ ##
+ nodePort: 30901
+ httpNodePort: 30902
+
+ ## Configuration for Prometheus service
+ ##
+ service:
+ annotations: {}
+ labels: {}
+ clusterIP: ""
+
+ ## Port for Prometheus Service to listen on
+ ##
+ port: 9090
+
+ ## To be used with a proxy extraContainer port
+ targetPort: 9090
+
+ ## List of IP addresses at which the Prometheus server service is available
+ ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
+ ##
+ externalIPs: []
+
+ ## Port to expose on each node
+ ## Only used if service.type is 'NodePort'
+ ##
+ nodePort: 30090
+
+ ## Loadbalancer IP
+ ## Only use if service.type is "LoadBalancer"
+ loadBalancerIP: ""
+ loadBalancerSourceRanges: []
+
+ ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
+ ##
+ externalTrafficPolicy: Cluster
+
+ ## Service type
+ ##
+ type: ClusterIP
+
+ ## Additional port to define in the Service
+ additionalPorts: []
+ # additionalPorts:
+ # - name: authenticated
+ # port: 8081
+ # targetPort: 8081
+
+ ## Consider that all endpoints are considered "ready" even if the Pods themselves are not
+ ## Ref: https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/#ServiceSpec
+ publishNotReadyAddresses: false
+
+ sessionAffinity: ""
+
+ ## Configuration for creating a separate Service for each statefulset Prometheus replica
+ ##
+ servicePerReplica:
+ enabled: false
+ annotations: {}
+
+ ## Port for Prometheus Service per replica to listen on
+ ##
+ port: 9090
+
+ ## To be used with a proxy extraContainer port
+ targetPort: 9090
+
+ ## Port to expose on each node
+ ## Only used if servicePerReplica.type is 'NodePort'
+ ##
+ nodePort: 30091
+
+ ## Loadbalancer source IP ranges
+ ## Only used if servicePerReplica.type is "LoadBalancer"
+ loadBalancerSourceRanges: []
+
+ ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
+ ##
+ externalTrafficPolicy: Cluster
+
+ ## Service type
+ ##
+ type: ClusterIP
+
+ ## Configure pod disruption budgets for Prometheus
+ ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
+ ## This configuration is immutable once created and will require the PDB to be deleted to be changed
+ ## https://github.com/kubernetes/kubernetes/issues/45398
+ ##
+ podDisruptionBudget:
+ enabled: false
+ minAvailable: 1
+ maxUnavailable: ""
+
+ # Ingress exposes thanos sidecar outside the cluster
+ thanosIngress:
+ enabled: false
+
+ # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
+ # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
+ # ingressClassName: nginx
+
+ annotations: {}
+ labels: {}
+ servicePort: 10901
+
+ ## Port to expose on each node
+ ## Only used if service.type is 'NodePort'
+ ##
+ nodePort: 30901
+
+ ## Hosts must be provided if Ingress is enabled.
+ ##
+ hosts: []
+ # - thanos-gateway.domain.com
+
+ ## Paths to use for ingress rules
+ ##
+ paths: []
+ # - /
+
+ ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched)
+ ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types
+ # pathType: ImplementationSpecific
+
+ ## TLS configuration for Thanos Ingress
+ ## Secret must be manually created in the namespace
+ ##
+ tls: []
+ # - secretName: thanos-gateway-tls
+ # hosts:
+ # - thanos-gateway.domain.com
+ #
+
+ ## ExtraSecret can be used to store various data in an extra secret
+ ## (use it for example to store hashed basic auth credentials)
+ extraSecret:
+ ## if not set, name will be auto generated
+ # name: ""
+ annotations: {}
+ data: {}
+ # auth: |
+ # foo:$apr1$OFG3Xybp$ckL0FHDAkoXYIlH9.cysT0
+ # someoneelse:$apr1$DMZX2Z4q$6SbQIfyuLQd.xmo/P0m2c.
+
+ ingress:
+ enabled: false
+
+ # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
+ # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
+ # ingressClassName: nginx
+
+ annotations: {}
+ labels: {}
+
+ ## Redirect ingress to an additional defined port on the service
+ # servicePort: 8081
+
+ ## Hostnames.
+ ## Must be provided if Ingress is enabled.
+ ##
+ # hosts:
+ # - prometheus.domain.com
+ hosts: []
+
+ ## Paths to use for ingress rules - one path should match the prometheusSpec.routePrefix
+ ##
+ paths: []
+ # - /
+
+ ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched)
+ ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types
+ # pathType: ImplementationSpecific
+
+ ## TLS configuration for Prometheus Ingress
+ ## Secret must be manually created in the namespace
+ ##
+ tls: []
+ # - secretName: prometheus-general-tls
+ # hosts:
+ # - prometheus.example.com
+
+ ## Configuration for creating an Ingress that will map to each Prometheus replica service
+ ## prometheus.servicePerReplica must be enabled
+ ##
+ ingressPerReplica:
+ enabled: false
+
+ # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
+ # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
+ # ingressClassName: nginx
+
+ annotations: {}
+ labels: {}
+
+ ## Final form of the hostname for each per replica ingress is
+ ## {{ ingressPerReplica.hostPrefix }}-{{ $replicaNumber }}.{{ ingressPerReplica.hostDomain }}
+ ##
+ ## Prefix for the per replica ingress that will have `-$replicaNumber`
+ ## appended to the end
+ hostPrefix: ""
+ ## Domain that will be used for the per replica ingress
+ hostDomain: ""
+
+ ## Paths to use for ingress rules
+ ##
+ paths: []
+ # - /
+
+ ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched)
+ ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types
+ # pathType: ImplementationSpecific
+
+ ## Secret name containing the TLS certificate for Prometheus per replica ingress
+ ## Secret must be manually created in the namespace
+ tlsSecretName: ""
+
+ ## Separated secret for each per replica Ingress. Can be used together with cert-manager
+ ##
+ tlsSecretPerReplica:
+ enabled: false
+ ## Final form of the secret for each per replica ingress is
+ ## {{ tlsSecretPerReplica.prefix }}-{{ $replicaNumber }}
+ ##
+ prefix: "prometheus"
+
+ ## Configure additional options for default pod security policy for Prometheus
+ ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
+ podSecurityPolicy:
+ allowedCapabilities: []
+ allowedHostPaths: []
+ volumes: []
+
+ serviceMonitor:
+ ## Scrape interval. If not set, the Prometheus default scrape interval is used.
+ ##
+ interval: ""
+ selfMonitor: true
+
+ ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.
+ scheme: ""
+
+ ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.
+ ## Of type: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#tlsconfig
+ tlsConfig: {}
+
+ bearerTokenFile:
+
+ ## Metric relabel configs to apply to samples before ingestion.
+ ##
+ metricRelabelings: []
+ # - action: keep
+ # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
+ # sourceLabels: [__name__]
+
+ # relabel configs to apply to samples before ingestion.
+ ##
+ relabelings: []
+ # - sourceLabels: [__meta_kubernetes_pod_node_name]
+ # separator: ;
+ # regex: ^(.*)$
+ # targetLabel: nodename
+ # replacement: $1
+ # action: replace
+
+ ## Settings affecting prometheusSpec
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#prometheusspec
+ ##
+ prometheusSpec:
+ ## If true, pass --storage.tsdb.max-block-duration=2h to prometheus. This is already done if using Thanos
+ ##
+ disableCompaction: false
+ ## APIServerConfig
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#apiserverconfig
+ ##
+ apiserverConfig: {}
+
+ ## Allows setting additional arguments for the Prometheus container
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.Prometheus
+ additionalArgs: []
+
+ ## Interval between consecutive scrapes.
+ ## Defaults to 30s.
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/release-0.44/pkg/prometheus/promcfg.go#L180-L183
+ ##
+ scrapeInterval: ""
+
+ ## Number of seconds to wait for target to respond before erroring
+ ##
+ scrapeTimeout: ""
+
+ ## Interval between consecutive evaluations.
+ ##
+ evaluationInterval: ""
+
+ ## ListenLocal makes the Prometheus server listen on loopback, so that it does not bind against the Pod IP.
+ ##
+ listenLocal: false
+
+ ## EnableAdminAPI enables Prometheus the administrative HTTP API which includes functionality such as deleting time series.
+ ## This is disabled by default.
+ ## ref: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis
+ ##
+ enableAdminAPI: false
+
+ ## WebTLSConfig defines the TLS parameters for HTTPS
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#webtlsconfig
+ web: {}
+
+ ## Exemplars related settings that are runtime reloadable.
+ ## It requires to enable the exemplar storage feature to be effective.
+ exemplars: ""
+ ## Maximum number of exemplars stored in memory for all series.
+ ## If not set, Prometheus uses its default value.
+ ## A value of zero or less than zero disables the storage.
+ # maxSize: 100000
+
+ # EnableFeatures API enables access to Prometheus disabled features.
+ # ref: https://prometheus.io/docs/prometheus/latest/disabled_features/
+ enableFeatures: []
+ # - exemplar-storage
+
+ ## Image of Prometheus.
+ ##
+ image:
+ repository: quay.io/prometheus/prometheus
+ tag: v2.39.1
+ sha: ""
+
+ ## Tolerations for use with node taints
+ ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+ ##
+ tolerations: []
+ # - key: "key"
+ # operator: "Equal"
+ # value: "value"
+ # effect: "NoSchedule"
+
+ ## If specified, the pod's topology spread constraints.
+ ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+ ##
+ topologySpreadConstraints: []
+ # - maxSkew: 1
+ # topologyKey: topology.kubernetes.io/zone
+ # whenUnsatisfiable: DoNotSchedule
+ # labelSelector:
+ # matchLabels:
+ # app: prometheus
+
+ ## Alertmanagers to which alerts will be sent
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#alertmanagerendpoints
+ ##
+ ## Default configuration will connect to the alertmanager deployed as part of this release
+ ##
+ alertingEndpoints: []
+ # - name: ""
+ # namespace: ""
+ # port: http
+ # scheme: http
+ # pathPrefix: ""
+ # tlsConfig: {}
+ # bearerTokenFile: ""
+ # apiVersion: v2
+
+ ## External labels to add to any time series or alerts when communicating with external systems
+ ##
+ externalLabels: {}
+
+ ## enable --web.enable-remote-write-receiver flag on prometheus-server
+ ##
+ enableRemoteWriteReceiver: false
+
+ ## Name of the external label used to denote replica name
+ ##
+ replicaExternalLabelName: ""
+
+ ## If true, the Operator won't add the external label used to denote replica name
+ ##
+ replicaExternalLabelNameClear: false
+
+ ## Name of the external label used to denote Prometheus instance name
+ ##
+ prometheusExternalLabelName: ""
+
+ ## If true, the Operator won't add the external label used to denote Prometheus instance name
+ ##
+ prometheusExternalLabelNameClear: false
+
+ ## External URL at which Prometheus will be reachable.
+ ##
+ externalUrl: ""
+
+ ## Define which Nodes the Pods are scheduled on.
+ ## ref: https://kubernetes.io/docs/user-guide/node-selection/
+ ##
+ nodeSelector: {}
+
+ ## Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods.
+ ## The Secrets are mounted into /etc/prometheus/secrets/. Secrets changes after initial creation of a Prometheus object are not
+ ## reflected in the running Pods. To change the secrets mounted into the Prometheus Pods, the object must be deleted and recreated
+ ## with the new list of secrets.
+ ##
+ secrets: []
+
+ ## ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods.
+ ## The ConfigMaps are mounted into /etc/prometheus/configmaps/.
+ ##
+ configMaps: []
+
+ ## QuerySpec defines the query command line flags when starting Prometheus.
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#queryspec
+ ##
+ query: {}
+
+ ## Namespaces to be selected for PrometheusRules discovery.
+ ## If nil, select own namespace. Namespaces to be selected for ServiceMonitor discovery.
+ ## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#namespaceselector for usage
+ ##
+ ruleNamespaceSelector: {}
+
+ ## If true, a nil or {} value for prometheus.prometheusSpec.ruleSelector will cause the
+ ## prometheus resource to be created with selectors based on values in the helm deployment,
+ ## which will also match the PrometheusRule resources created
+ ##
+ ruleSelectorNilUsesHelmValues: true
+
+ ## PrometheusRules to be selected for target discovery.
+ ## If {}, select all PrometheusRules
+ ##
+ ruleSelector: {}
+ ## Example which select all PrometheusRules resources
+ ## with label "prometheus" with values any of "example-rules" or "example-rules-2"
+ # ruleSelector:
+ # matchExpressions:
+ # - key: prometheus
+ # operator: In
+ # values:
+ # - example-rules
+ # - example-rules-2
+ #
+ ## Example which select all PrometheusRules resources with label "role" set to "example-rules"
+ # ruleSelector:
+ # matchLabels:
+ # role: example-rules
+
+ ## If true, a nil or {} value for prometheus.prometheusSpec.serviceMonitorSelector will cause the
+ ## prometheus resource to be created with selectors based on values in the helm deployment,
+ ## which will also match the servicemonitors created
+ ##
+ serviceMonitorSelectorNilUsesHelmValues: true
+
+ ## ServiceMonitors to be selected for target discovery.
+ ## If {}, select all ServiceMonitors
+ ##
+ serviceMonitorSelector: {}
+ ## Example which selects ServiceMonitors with label "prometheus" set to "somelabel"
+ # serviceMonitorSelector:
+ # matchLabels:
+ # prometheus: somelabel
+
+ ## Namespaces to be selected for ServiceMonitor discovery.
+ ##
+ serviceMonitorNamespaceSelector: {}
+ ## Example which selects ServiceMonitors in namespaces with label "prometheus" set to "somelabel"
+ # serviceMonitorNamespaceSelector:
+ # matchLabels:
+ # prometheus: somelabel
+
+ ## If true, a nil or {} value for prometheus.prometheusSpec.podMonitorSelector will cause the
+ ## prometheus resource to be created with selectors based on values in the helm deployment,
+ ## which will also match the podmonitors created
+ ##
+ podMonitorSelectorNilUsesHelmValues: true
+
+ ## PodMonitors to be selected for target discovery.
+ ## If {}, select all PodMonitors
+ ##
+ podMonitorSelector: {}
+ ## Example which selects PodMonitors with label "prometheus" set to "somelabel"
+ # podMonitorSelector:
+ # matchLabels:
+ # prometheus: somelabel
+
+ ## Namespaces to be selected for PodMonitor discovery.
+ ## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#namespaceselector for usage
+ ##
+ podMonitorNamespaceSelector: {}
+
+ ## If true, a nil or {} value for prometheus.prometheusSpec.probeSelector will cause the
+ ## prometheus resource to be created with selectors based on values in the helm deployment,
+ ## which will also match the probes created
+ ##
+ probeSelectorNilUsesHelmValues: true
+
+ ## Probes to be selected for target discovery.
+ ## If {}, select all Probes
+ ##
+ probeSelector: {}
+ ## Example which selects Probes with label "prometheus" set to "somelabel"
+ # probeSelector:
+ # matchLabels:
+ # prometheus: somelabel
+
+ ## Namespaces to be selected for Probe discovery.
+ ## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#namespaceselector for usage
+ ##
+ probeNamespaceSelector: {}
+
+ ## How long to retain metrics
+ ##
+ retention: 10d
+
+ ## Maximum size of metrics
+ ##
+ retentionSize: ""
+
+ ## Enable compression of the write-ahead log using Snappy.
+ ##
+ walCompression: true
+
+ ## If true, the Operator won't process any Prometheus configuration changes
+ ##
+ paused: false
+
+ ## Number of replicas of each shard to deploy for a Prometheus deployment.
+ ## Number of replicas multiplied by shards is the total number of Pods created.
+ ##
+ replicas: 1
+
+ ## EXPERIMENTAL: Number of shards to distribute targets onto.
+ ## Number of replicas multiplied by shards is the total number of Pods created.
+ ## Note that scaling down shards will not reshard data onto remaining instances, it must be manually moved.
+ ## Increasing shards will not reshard data either but it will continue to be available from the same instances.
+ ## To query globally use Thanos sidecar and Thanos querier or remote write data to a central location.
+ ## Sharding is done on the content of the `__address__` target meta-label.
+ ##
+ shards: 1
+
+ ## Log level for Prometheus be configured in
+ ##
+ logLevel: info
+
+ ## Log format for Prometheus be configured in
+ ##
+ logFormat: logfmt
+
+ ## Prefix used to register routes, overriding externalUrl route.
+ ## Useful for proxies that rewrite URLs.
+ ##
+ routePrefix: /
+
+ ## Standard object's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata
+ ## Metadata Labels and Annotations gets propagated to the prometheus pods.
+ ##
+ podMetadata: {}
+ # labels:
+ # app: prometheus
+ # k8s-app: prometheus
+
+ ## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node.
+ ## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided.
+ ## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node.
+ ## The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured.
+ podAntiAffinity: ""
+
+ ## If anti-affinity is enabled sets the topologyKey to use for anti-affinity.
+ ## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone
+ ##
+ podAntiAffinityTopologyKey: kubernetes.io/hostname
+
+ ## Assign custom affinity rules to the prometheus instance
+ ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ ##
+ affinity: {}
+ # nodeAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # nodeSelectorTerms:
+ # - matchExpressions:
+ # - key: kubernetes.io/e2e-az-name
+ # operator: In
+ # values:
+ # - e2e-az1
+ # - e2e-az2
+
+ ## The remote_read spec configuration for Prometheus.
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#remotereadspec
+ remoteRead: []
+ # - url: http://remote1/read
+ ## additionalRemoteRead is appended to remoteRead
+ additionalRemoteRead: []
+
+ ## The remote_write spec configuration for Prometheus.
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#remotewritespec
+ remoteWrite: []
+ # - url: http://remote1/push
+ ## additionalRemoteWrite is appended to remoteWrite
+ additionalRemoteWrite: []
+
+ ## Enable/Disable Grafana dashboards provisioning for prometheus remote write feature
+ remoteWriteDashboards: false
+
+ ## Resource limits & requests
+ ##
+ resources: {}
+ # requests:
+ # memory: 400Mi
+
+ ## Prometheus StorageSpec for persistent data
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/storage.md
+ ##
+ storageSpec: {}
+ ## Using PersistentVolumeClaim
+ ##
+ # volumeClaimTemplate:
+ # spec:
+ # storageClassName: gluster
+ # accessModes: ["ReadWriteOnce"]
+ # resources:
+ # requests:
+ # storage: 50Gi
+ # selector: {}
+
+ ## Using tmpfs volume
+ ##
+ # emptyDir:
+ # medium: Memory
+
+ # Additional volumes on the output StatefulSet definition.
+ volumes: []
+
+ # Additional VolumeMounts on the output StatefulSet definition.
+ volumeMounts: []
+
+ ## AdditionalScrapeConfigs allows specifying additional Prometheus scrape configurations. Scrape configurations
+ ## are appended to the configurations generated by the Prometheus Operator. Job configurations must have the form
+ ## as specified in the official Prometheus documentation:
+ ## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are
+ ## appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility
+ ## to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible
+ ## scrape configs are going to break Prometheus after the upgrade.
+ ## AdditionalScrapeConfigs can be defined as a list or as a templated string.
+ ##
+ ## The scrape configuration example below will find master nodes, provided they have the name .*mst.*, relabel the
+ ## port to 2379 and allow etcd scraping provided it is running on all Kubernetes master nodes
+ ##
+ additionalScrapeConfigs: []
+ # - job_name: kube-etcd
+ # kubernetes_sd_configs:
+ # - role: node
+ # scheme: https
+ # tls_config:
+ # ca_file: /etc/prometheus/secrets/etcd-client-cert/etcd-ca
+ # cert_file: /etc/prometheus/secrets/etcd-client-cert/etcd-client
+ # key_file: /etc/prometheus/secrets/etcd-client-cert/etcd-client-key
+ # relabel_configs:
+ # - action: labelmap
+ # regex: __meta_kubernetes_node_label_(.+)
+ # - source_labels: [__address__]
+ # action: replace
+ # targetLabel: __address__
+ # regex: ([^:;]+):(\d+)
+ # replacement: ${1}:2379
+ # - source_labels: [__meta_kubernetes_node_name]
+ # action: keep
+ # regex: .*mst.*
+ # - source_labels: [__meta_kubernetes_node_name]
+ # action: replace
+ # targetLabel: node
+ # regex: (.*)
+ # replacement: ${1}
+ # metric_relabel_configs:
+ # - regex: (kubernetes_io_hostname|failure_domain_beta_kubernetes_io_region|beta_kubernetes_io_os|beta_kubernetes_io_arch|beta_kubernetes_io_instance_type|failure_domain_beta_kubernetes_io_zone)
+ # action: labeldrop
+ #
+ ## If scrape config contains a repetitive section, you may want to use a template.
+ ## In the following example, you can see how to define `gce_sd_configs` for multiple zones
+ # additionalScrapeConfigs: |
+ # - job_name: "node-exporter"
+ # gce_sd_configs:
+ # {{range $zone := .Values.gcp_zones}}
+ # - project: "project1"
+ # zone: "{{$zone}}"
+ # port: 9100
+ # {{end}}
+ # relabel_configs:
+ # ...
+
+
+ ## If additional scrape configurations are already deployed in a single secret file you can use this section.
+ ## Expected values are the secret name and key
+ ## Cannot be used with additionalScrapeConfigs
+ additionalScrapeConfigsSecret: {}
+ # enabled: false
+ # name:
+ # key:
+
+ ## additionalPrometheusSecretsAnnotations allows to add annotations to the kubernetes secret. This can be useful
+ ## when deploying via spinnaker to disable versioning on the secret, strategy.spinnaker.io/versioned: 'false'
+ additionalPrometheusSecretsAnnotations: {}
+
+ ## AdditionalAlertManagerConfigs allows for manual configuration of alertmanager jobs in the form as specified
+ ## in the official Prometheus documentation https://prometheus.io/docs/prometheus/latest/configuration/configuration/#<alertmanager_config>.
+ ## AlertManager configurations specified are appended to the configurations generated by the Prometheus Operator.
+ ## As AlertManager configs are appended, the user is responsible to make sure it is valid. Note that using this
+ ## feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release
+ ## notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade.
+ ##
+ additionalAlertManagerConfigs: []
+ # - consul_sd_configs:
+ # - server: consul.dev.test:8500
+ # scheme: http
+ # datacenter: dev
+ # tag_separator: ','
+ # services:
+ # - metrics-prometheus-alertmanager
+
+ ## If additional alertmanager configurations are already deployed in a single secret, or you want to manage
+ ## them separately from the helm deployment, you can use this section.
+ ## Expected values are the secret name and key
+ ## Cannot be used with additionalAlertManagerConfigs
+ additionalAlertManagerConfigsSecret: {}
+ # name:
+ # key:
+ # optional: false
+
+ ## AdditionalAlertRelabelConfigs allows specifying Prometheus alert relabel configurations. Alert relabel configurations specified are appended
+ ## to the configurations generated by the Prometheus Operator. Alert relabel configurations specified must have the form as specified in the
+ ## official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs.
+ ## As alert relabel configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the
+ ## possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel
+ ## configs are going to break Prometheus after the upgrade.
+ ##
+ additionalAlertRelabelConfigs: []
+ # - separator: ;
+ # regex: prometheus_replica
+ # replacement: $1
+ # action: labeldrop
+
+ ## If additional alert relabel configurations are already deployed in a single secret, or you want to manage
+ ## them separately from the helm deployment, you can use this section.
+ ## Expected values are the secret name and key
+ ## Cannot be used with additionalAlertRelabelConfigs
+ additionalAlertRelabelConfigsSecret: {}
+ # name:
+ # key:
+
+ ## SecurityContext holds pod-level security attributes and common container settings.
+ ## This defaults to non root user with uid 1000 and gid 2000.
+ ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md
+ ##
+ securityContext:
+ runAsGroup: 2000
+ runAsNonRoot: true
+ runAsUser: 1000
+ fsGroup: 2000
+
+ ## Priority class assigned to the Pods
+ ##
+ priorityClassName: ""
+
+ ## Thanos configuration allows configuring various aspects of a Prometheus server in a Thanos environment.
+ ## This section is experimental, it may change significantly without deprecation notice in any release.
+ ## This is experimental and may change significantly without backward compatibility in any release.
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#thanosspec
+ ##
+ thanos: {}
+ # secretProviderClass:
+ # provider: gcp
+ # parameters:
+ # secrets: |
+ # - resourceName: "projects/$PROJECT_ID/secrets/testsecret/versions/latest"
+ # fileName: "objstore.yaml"
+ # objectStorageConfigFile: /var/secrets/object-store.yaml
+
+ ## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to a Prometheus pod.
+ ## if using proxy extraContainer update targetPort with proxy container port
+ containers: []
+ # containers:
+ # - name: oauth-proxy
+ # image: quay.io/oauth2-proxy/oauth2-proxy:v7.3.0
+ # args:
+ # - --upstream=http://127.0.0.1:9093
+ # - --http-address=0.0.0.0:8081
+ # - ...
+ # ports:
+ # - containerPort: 8081
+ # name: oauth-proxy
+ # protocol: TCP
+ # resources: {}
+
+ ## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes
+ ## (permissions, dir tree) on mounted volumes before starting prometheus
+ initContainers: []
+
+ ## PortName to use for Prometheus.
+ ##
+ portName: "http-web"
+
+ ## ArbitraryFSAccessThroughSMs configures whether configuration based on a service monitor can access arbitrary files
+ ## on the file system of the Prometheus container e.g. bearer token files.
+ arbitraryFSAccessThroughSMs: false
+
+ ## OverrideHonorLabels if set to true overrides all user configured honor_labels. If HonorLabels is set in ServiceMonitor
+ ## or PodMonitor to true, this overrides honor_labels to false.
+ overrideHonorLabels: false
+
+ ## OverrideHonorTimestamps allows to globally enforce honoring timestamps in all scrape configs.
+ overrideHonorTimestamps: false
+
+ ## IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from the podmonitor and servicemonitor
+ ## configs, and they will only discover endpoints within their current namespace. Defaults to false.
+ ignoreNamespaceSelectors: false
+
+ ## EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created.
+ ## The label value will always be the namespace of the object that is being created.
+ ## Disabled by default
+ enforcedNamespaceLabel: ""
+
+ ## PrometheusRulesExcludedFromEnforce - list of prometheus rules to be excluded from enforcing of adding namespace labels.
+ ## Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair
+ ## Deprecated, use `excludedFromEnforcement` instead
+ prometheusRulesExcludedFromEnforce: []
+
+ ## ExcludedFromEnforcement - list of object references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects
+ ## to be excluded from enforcing a namespace label of origin.
+ ## Works only if enforcedNamespaceLabel set to true.
+ ## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#objectreference
+ excludedFromEnforcement: []
+
+ ## QueryLogFile specifies the file to which PromQL queries are logged. Note that this location must be writable,
+ ## and can be persisted using an attached volume. Alternatively, the location can be set to a stdout location such
+ ## as /dev/stdout to log querie information to the default Prometheus log stream. This is only available in versions
+ ## of Prometheus >= 2.16.0. For more details, see the Prometheus docs (https://prometheus.io/docs/guides/query-log/)
+ queryLogFile: false
+
+ ## EnforcedSampleLimit defines global limit on number of scraped samples that will be accepted. This overrides any SampleLimit
+ ## set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the SampleLimit to keep overall
+ ## number of samples/series under the desired limit. Note that if SampleLimit is lower that value will be taken instead.
+ enforcedSampleLimit: false
+
+ ## EnforcedTargetLimit defines a global limit on the number of scraped targets. This overrides any TargetLimit set
+ ## per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the TargetLimit to keep the overall
+ ## number of targets under the desired limit. Note that if TargetLimit is lower, that value will be taken instead, except
+ ## if either value is zero, in which case the non-zero value will be used. If both values are zero, no limit is enforced.
+ enforcedTargetLimit: false
+
+
+ ## Per-scrape limit on number of labels that will be accepted for a sample. If more than this number of labels are present
+ ## post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus versions
+ ## 2.27.0 and newer.
+ enforcedLabelLimit: false
+
+ ## Per-scrape limit on length of labels name that will be accepted for a sample. If a label name is longer than this number
+ ## post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus versions
+ ## 2.27.0 and newer.
+ enforcedLabelNameLengthLimit: false
+
+ ## Per-scrape limit on length of labels value that will be accepted for a sample. If a label value is longer than this
+ ## number post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus
+ ## versions 2.27.0 and newer.
+ enforcedLabelValueLengthLimit: false
+
+ ## AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. This is still experimental
+ ## in Prometheus so it may change in any upcoming release.
+ allowOverlappingBlocks: false
+
+ ## Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to
+ ## be considered available. Defaults to 0 (pod will be considered available as soon as it is ready).
+ minReadySeconds: 0
+
+ additionalRulesForClusterRole: []
+ # - apiGroups: [ "" ]
+ # resources:
+ # - nodes/proxy
+ # verbs: [ "get", "list", "watch" ]
+
+ additionalServiceMonitors: []
+ ## Name of the ServiceMonitor to create
+ ##
+ # - name: ""
+
+ ## Additional labels to set used for the ServiceMonitorSelector. Together with standard labels from
+ ## the chart
+ ##
+ # additionalLabels: {}
+
+ ## Service label for use in assembling a job name of the form <label value>-<port>
+ ## If no label is specified, the service name is used.
+ ##
+ # jobLabel: ""
+
+ ## labels to transfer from the kubernetes service to the target
+ ##
+ # targetLabels: []
+
+ ## labels to transfer from the kubernetes pods to the target
+ ##
+ # podTargetLabels: []
+
+ ## Label selector for services to which this ServiceMonitor applies
+ ##
+ # selector: {}
+
+ ## Namespaces from which services are selected
+ ##
+ # namespaceSelector:
+ ## Match any namespace
+ ##
+ # any: false
+
+ ## Explicit list of namespace names to select
+ ##
+ # matchNames: []
+
+ ## Endpoints of the selected service to be monitored
+ ##
+ # endpoints: []
+ ## Name of the endpoint's service port
+ ## Mutually exclusive with targetPort
+ # - port: ""
+
+ ## Name or number of the endpoint's target port
+ ## Mutually exclusive with port
+ # - targetPort: ""
+
+ ## File containing bearer token to be used when scraping targets
+ ##
+ # bearerTokenFile: ""
+
+ ## Interval at which metrics should be scraped
+ ##
+ # interval: 30s
+
+ ## HTTP path to scrape for metrics
+ ##
+ # path: /metrics
+
+ ## HTTP scheme to use for scraping
+ ##
+ # scheme: http
+
+ ## TLS configuration to use when scraping the endpoint
+ ##
+ # tlsConfig:
+
+ ## Path to the CA file
+ ##
+ # caFile: ""
+
+ ## Path to client certificate file
+ ##
+ # certFile: ""
+
+ ## Skip certificate verification
+ ##
+ # insecureSkipVerify: false
+
+ ## Path to client key file
+ ##
+ # keyFile: ""
+
+ ## Server name used to verify host name
+ ##
+ # serverName: ""
+
+ additionalPodMonitors: []
+ ## Name of the PodMonitor to create
+ ##
+ # - name: ""
+
+ ## Additional labels to set used for the PodMonitorSelector. Together with standard labels from
+ ## the chart
+ ##
+ # additionalLabels: {}
+
+ ## Pod label for use in assembling a job name of the form <label value>-<port>
+ ## If no label is specified, the pod endpoint name is used.
+ ##
+ # jobLabel: ""
+
+ ## Label selector for pods to which this PodMonitor applies
+ ##
+ # selector: {}
+
+ ## PodTargetLabels transfers labels on the Kubernetes Pod onto the target.
+ ##
+ # podTargetLabels: {}
+
+ ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
+ ##
+ # sampleLimit: 0
+
+ ## Namespaces from which pods are selected
+ ##
+ # namespaceSelector:
+ ## Match any namespace
+ ##
+ # any: false
+
+ ## Explicit list of namespace names to select
+ ##
+ # matchNames: []
+
+ ## Endpoints of the selected pods to be monitored
+ ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#podmetricsendpoint
+ ##
+ # podMetricsEndpoints: []
+
+## Configuration for thanosRuler
+## ref: https://thanos.io/tip/components/rule.md/
+##
+thanosRuler:
+
+ ## Deploy thanosRuler
+ ##
+ enabled: false
+
+ ## Annotations for ThanosRuler
+ ##
+ annotations: {}
+
+ ## Service account for ThanosRuler to use.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+ ##
+ serviceAccount:
+ create: true
+ name: ""
+ annotations: {}
+
+ ## Configure pod disruption budgets for ThanosRuler
+ ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
+ ## This configuration is immutable once created and will require the PDB to be deleted to be changed
+ ## https://github.com/kubernetes/kubernetes/issues/45398
+ ##
+ podDisruptionBudget:
+ enabled: false
+ minAvailable: 1
+ maxUnavailable: ""
+
+ ingress:
+ enabled: false
+
+ # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
+ # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
+ # ingressClassName: nginx
+
+ annotations: {}
+
+ labels: {}
+
+ ## Hosts must be provided if Ingress is enabled.
+ ##
+ hosts: []
+ # - thanosruler.domain.com
+
+ ## Paths to use for ingress rules - one path should match the thanosruler.routePrefix
+ ##
+ paths: []
+ # - /
+
+ ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched)
+ ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types
+ # pathType: ImplementationSpecific
+
+ ## TLS configuration for ThanosRuler Ingress
+ ## Secret must be manually created in the namespace
+ ##
+ tls: []
+ # - secretName: thanosruler-general-tls
+ # hosts:
+ # - thanosruler.example.com
+
+ ## Configuration for ThanosRuler service
+ ##
+ service:
+ annotations: {}
+ labels: {}
+ clusterIP: ""
+
+ ## Port for ThanosRuler Service to listen on
+ ##
+ port: 10902
+ ## To be used with a proxy extraContainer port
+ ##
+ targetPort: 10902
+ ## Port to expose on each node
+ ## Only used if service.type is 'NodePort'
+ ##
+ nodePort: 30905
+ ## List of IP addresses at which the Prometheus server service is available
+ ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
+ ##
+
+ ## Additional ports to open for ThanosRuler service
+ additionalPorts: []
+
+ externalIPs: []
+ loadBalancerIP: ""
+ loadBalancerSourceRanges: []
+
+ ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
+ ##
+ externalTrafficPolicy: Cluster
+
+ ## Service type
+ ##
+ type: ClusterIP
+
+ ## If true, create a serviceMonitor for thanosRuler
+ ##
+ serviceMonitor:
+ ## Scrape interval. If not set, the Prometheus default scrape interval is used.
+ ##
+ interval: ""
+ selfMonitor: true
+
+ ## proxyUrl: URL of a proxy that should be used for scraping.
+ ##
+ proxyUrl: ""
+
+ ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.
+ scheme: ""
+
+ ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.
+ ## Of type: https://github.com/coreos/prometheus-operator/blob/main/Documentation/api.md#tlsconfig
+ tlsConfig: {}
+
+ bearerTokenFile:
+
+ ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
+ ##
+ metricRelabelings: []
+ # - action: keep
+ # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
+ # sourceLabels: [__name__]
+
+ ## RelabelConfigs to apply to samples before scraping
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
+ ##
+ relabelings: []
+ # - sourceLabels: [__meta_kubernetes_pod_node_name]
+ # separator: ;
+ # regex: ^(.*)$
+ # targetLabel: nodename
+ # replacement: $1
+ # action: replace
+
+ ## Settings affecting thanosRulerpec
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#thanosrulerspec
+ ##
+ thanosRulerSpec:
+ ## Standard object's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata
+ ## Metadata Labels and Annotations gets propagated to the ThanosRuler pods.
+ ##
+ podMetadata: {}
+
+ ## Image of ThanosRuler
+ ##
+ image:
+ repository: quay.io/thanos/thanos
+ tag: v0.28.1
+ sha: ""
+
+ ## Namespaces to be selected for PrometheusRules discovery.
+ ## If nil, select own namespace. Namespaces to be selected for ServiceMonitor discovery.
+ ## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#namespaceselector for usage
+ ##
+ ruleNamespaceSelector: {}
+
+ ## If true, a nil or {} value for thanosRuler.thanosRulerSpec.ruleSelector will cause the
+ ## prometheus resource to be created with selectors based on values in the helm deployment,
+ ## which will also match the PrometheusRule resources created
+ ##
+ ruleSelectorNilUsesHelmValues: true
+
+ ## PrometheusRules to be selected for target discovery.
+ ## If {}, select all PrometheusRules
+ ##
+ ruleSelector: {}
+ ## Example which select all PrometheusRules resources
+ ## with label "prometheus" with values any of "example-rules" or "example-rules-2"
+ # ruleSelector:
+ # matchExpressions:
+ # - key: prometheus
+ # operator: In
+ # values:
+ # - example-rules
+ # - example-rules-2
+ #
+ ## Example which select all PrometheusRules resources with label "role" set to "example-rules"
+ # ruleSelector:
+ # matchLabels:
+ # role: example-rules
+
+ ## Define Log Format
+ # Use logfmt (default) or json logging
+ logFormat: logfmt
+
+ ## Log level for ThanosRuler to be configured with.
+ ##
+ logLevel: info
+
+ ## Size is the expected size of the thanosRuler cluster. The controller will eventually make the size of the
+ ## running cluster equal to the expected size.
+ replicas: 1
+
+ ## Time duration ThanosRuler shall retain data for. Default is '24h', and must match the regular expression
+ ## [0-9]+(ms|s|m|h) (milliseconds seconds minutes hours).
+ ##
+ retention: 24h
+
+ ## Interval between consecutive evaluations.
+ ##
+ evaluationInterval: ""
+
+ ## Storage is the definition of how storage will be used by the ThanosRuler instances.
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/storage.md
+ ##
+ storage: {}
+ # volumeClaimTemplate:
+ # spec:
+ # storageClassName: gluster
+ # accessModes: ["ReadWriteOnce"]
+ # resources:
+ # requests:
+ # storage: 50Gi
+ # selector: {}
+
+ ## AlertmanagerConfig define configuration for connecting to alertmanager.
+ ## Only available with Thanos v0.10.0 and higher. Maps to the alertmanagers.config Thanos Ruler arg.
+ alertmanagersConfig: {}
+ # - api_version: v2
+ # http_config:
+ # basic_auth:
+ # username: some_user
+ # password: some_pass
+ # static_configs:
+ # - alertmanager.thanos.io
+ # scheme: http
+ # timeout: 10s
+
+ ## DEPRECATED. Define URLs to send alerts to Alertmanager. For Thanos v0.10.0 and higher, alertmanagersConfig should be used instead.
+ ## Note: this field will be ignored if alertmanagersConfig is specified. Maps to the alertmanagers.url Thanos Ruler arg.
+ # alertmanagersUrl:
+
+ ## The external URL the Thanos Ruler instances will be available under. This is necessary to generate correct URLs. This is necessary if Thanos Ruler is not served from root of a DNS name. string false
+ ##
+ externalPrefix:
+
+ ## The route prefix ThanosRuler registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true,
+ ## but the server serves requests under a different route prefix. For example for use with kubectl proxy.
+ ##
+ routePrefix: /
+
+ ## ObjectStorageConfig configures object storage in Thanos. Alternative to
+ ## ObjectStorageConfigFile, and lower order priority.
+ objectStorageConfig: {}
+
+ ## ObjectStorageConfigFile specifies the path of the object storage configuration file.
+ ## When used alongside with ObjectStorageConfig, ObjectStorageConfigFile takes precedence.
+ objectStorageConfigFile: ""
+
+ ## QueryEndpoints defines Thanos querier endpoints from which to query metrics.
+ ## Maps to the --query flag of thanos ruler.
+ queryEndpoints: []
+
+ ## Define configuration for connecting to thanos query instances. If this is defined, the queryEndpoints field will be ignored.
+ ## Maps to the query.config CLI argument. Only available with thanos v0.11.0 and higher.
+ queryConfig: {}
+
+ ## Labels configure the external label pairs to ThanosRuler. A default replica
+ ## label `thanos_ruler_replica` will be always added as a label with the value
+ ## of the pod's name and it will be dropped in the alerts.
+ labels: {}
+
+ ## If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions.
+ ##
+ paused: false
+
+ ## Define which Nodes the Pods are scheduled on.
+ ## ref: https://kubernetes.io/docs/user-guide/node-selection/
+ ##
+ nodeSelector: {}
+
+ ## Define resources requests and limits for single Pods.
+ ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
+ ##
+ resources: {}
+ # requests:
+ # memory: 400Mi
+
+ ## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node.
+ ## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided.
+ ## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node.
+ ## The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured.
+ ##
+ podAntiAffinity: ""
+
+ ## If anti-affinity is enabled sets the topologyKey to use for anti-affinity.
+ ## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone
+ ##
+ podAntiAffinityTopologyKey: kubernetes.io/hostname
+
+ ## Assign custom affinity rules to the thanosRuler instance
+ ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ ##
+ affinity: {}
+ # nodeAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # nodeSelectorTerms:
+ # - matchExpressions:
+ # - key: kubernetes.io/e2e-az-name
+ # operator: In
+ # values:
+ # - e2e-az1
+ # - e2e-az2
+
+ ## If specified, the pod's tolerations.
+ ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+ ##
+ tolerations: []
+ # - key: "key"
+ # operator: "Equal"
+ # value: "value"
+ # effect: "NoSchedule"
+
+ ## If specified, the pod's topology spread constraints.
+ ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+ ##
+ topologySpreadConstraints: []
+ # - maxSkew: 1
+ # topologyKey: topology.kubernetes.io/zone
+ # whenUnsatisfiable: DoNotSchedule
+ # labelSelector:
+ # matchLabels:
+ # app: thanos-ruler
+
+ ## SecurityContext holds pod-level security attributes and common container settings.
+ ## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ ##
+ securityContext:
+ runAsGroup: 2000
+ runAsNonRoot: true
+ runAsUser: 1000
+ fsGroup: 2000
+
+ ## ListenLocal makes the ThanosRuler server listen on loopback, so that it does not bind against the Pod IP.
+ ## Note this is only for the ThanosRuler UI, not the gossip communication.
+ ##
+ listenLocal: false
+
+ ## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an ThanosRuler pod.
+ ##
+ containers: []
+
+ # Additional volumes on the output StatefulSet definition.
+ volumes: []
+
+ # Additional VolumeMounts on the output StatefulSet definition.
+ volumeMounts: []
+
+ ## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes
+ ## (permissions, dir tree) on mounted volumes before starting prometheus
+ initContainers: []
+
+ ## Priority class assigned to the Pods
+ ##
+ priorityClassName: ""
+
+ ## PortName to use for ThanosRuler.
+ ##
+ portName: "web"
+
+ ## ExtraSecret can be used to store various data in an extra secret
+ ## (use it for example to store hashed basic auth credentials)
+ extraSecret:
+ ## if not set, name will be auto generated
+ # name: ""
+ annotations: {}
+ data: {}
+ # auth: |
+ # foo:$apr1$OFG3Xybp$ckL0FHDAkoXYIlH9.cysT0
+ # someoneelse:$apr1$DMZX2Z4q$6SbQIfyuLQd.xmo/P0m2c.
+
+## Setting to true produces cleaner resource names, but requires a data migration because the name of the persistent volume changes. Therefore this should only be set once on initial installation.
+##
+cleanPrometheusOperatorObjectNames: false
diff --git a/charts/node-feature-discovery/.helmignore b/charts/node-feature-discovery/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/charts/node-feature-discovery/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/node-feature-discovery/Chart.yaml b/charts/node-feature-discovery/Chart.yaml
new file mode 100644
index 0000000..ad7dfbb
--- /dev/null
+++ b/charts/node-feature-discovery/Chart.yaml
@@ -0,0 +1,14 @@
+apiVersion: v2
+appVersion: v0.11.2
+description: 'Detects hardware features available on each node in a Kubernetes cluster,
+ and advertises those features using node labels. '
+home: https://github.com/kubernetes-sigs/node-feature-discovery
+keywords:
+- feature-discovery
+- feature-detection
+- node-labels
+name: node-feature-discovery
+sources:
+- https://github.com/kubernetes-sigs/node-feature-discovery
+type: application
+version: 0.11.2
diff --git a/charts/node-feature-discovery/README.md b/charts/node-feature-discovery/README.md
new file mode 100644
index 0000000..6e0db3c
--- /dev/null
+++ b/charts/node-feature-discovery/README.md
@@ -0,0 +1,10 @@
+# Node Feature Discovery
+
+Node Feature Discovery (NFD) is a Kubernetes add-on for detecting hardware
+features and system configuration. Detected features are advertised as node
+labels. NFD provides flexible configuration and extension points for a wide
+range of vendor and application specific node labeling needs.
+
+See
+[NFD documentation](https://kubernetes-sigs.github.io/node-feature-discovery/v0.11/get-started/deployment-and-usage.html#deployment-with-helm)
+for deployment instructions.
diff --git a/charts/node-feature-discovery/manifests/nodefeaturerule-crd.yaml b/charts/node-feature-discovery/manifests/nodefeaturerule-crd.yaml
new file mode 100644
index 0000000..cd9b48b
--- /dev/null
+++ b/charts/node-feature-discovery/manifests/nodefeaturerule-crd.yaml
@@ -0,0 +1,223 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.7.0
+ creationTimestamp: null
+ name: nodefeaturerules.nfd.k8s-sigs.io
+spec:
+ group: nfd.k8s-sigs.io
+ names:
+ kind: NodeFeatureRule
+ listKind: NodeFeatureRuleList
+ plural: nodefeaturerules
+ singular: nodefeaturerule
+ scope: Cluster
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: NodeFeatureRule resource specifies a configuration for feature-based
+ customization of node objects, such as node labeling.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: NodeFeatureRuleSpec describes a NodeFeatureRule.
+ properties:
+ rules:
+ description: Rules is a list of node customization rules.
+ items:
+ description: Rule defines a rule for node customization such as
+ labeling.
+ properties:
+ labels:
+ additionalProperties:
+ type: string
+ description: Labels to create if the rule matches.
+ type: object
+ labelsTemplate:
+ description: LabelsTemplate specifies a template to expand for
+ dynamically generating multiple labels. Data (after template
+ expansion) must be keys with an optional value (<key>[=<value>])
+ separated by newlines.
+ type: string
+ matchAny:
+ description: MatchAny specifies a list of matchers one of which
+ must match.
+ items:
+ description: MatchAnyElem specifies one sub-matcher of MatchAny.
+ properties:
+ matchFeatures:
+ description: MatchFeatures specifies a set of matcher
+ terms all of which must match.
+ items:
+ description: FeatureMatcherTerm defines requirements
+ against one feature set. All requirements (specified
+ as MatchExpressions) are evaluated against each element
+ in the feature set.
+ properties:
+ feature:
+ type: string
+ matchExpressions:
+ additionalProperties:
+ description: "MatchExpression specifies an expression
+ to evaluate against a set of input values. It
+ contains an operator that is applied when matching
+ the input and an array of values that the operator
+ evaluates the input against. \n NB: CreateMatchExpression
+ or MustCreateMatchExpression() should be used
+ for creating new instances. NB: Validate()
+ must be called if Op or Value fields are modified
+ or if a new instance is created from scratch
+ without using the helper functions."
+ properties:
+ op:
+ description: Op is the operator to be applied.
+ enum:
+ - In
+ - NotIn
+ - InRegexp
+ - Exists
+ - DoesNotExist
+ - Gt
+ - Lt
+ - GtLt
+ - IsTrue
+ - IsFalse
+ type: string
+ value:
+ description: Value is the list of values that
+ the operand evaluates the input against.
+ Value should be empty if the operator is
+ Exists, DoesNotExist, IsTrue or IsFalse.
+ Value should contain exactly one element
+ if the operator is Gt or Lt and exactly
+ two elements if the operator is GtLt. In
+ other cases Value should contain at least
+ one element.
+ items:
+ type: string
+ type: array
+ required:
+ - op
+ type: object
+ description: MatchExpressionSet contains a set of
+ MatchExpressions, each of which is evaluated against
+ a set of input values.
+ type: object
+ required:
+ - feature
+ - matchExpressions
+ type: object
+ type: array
+ required:
+ - matchFeatures
+ type: object
+ type: array
+ matchFeatures:
+ description: MatchFeatures specifies a set of matcher terms
+ all of which must match.
+ items:
+ description: FeatureMatcherTerm defines requirements against
+ one feature set. All requirements (specified as MatchExpressions)
+ are evaluated against each element in the feature set.
+ properties:
+ feature:
+ type: string
+ matchExpressions:
+ additionalProperties:
+ description: "MatchExpression specifies an expression
+ to evaluate against a set of input values. It contains
+ an operator that is applied when matching the input
+ and an array of values that the operator evaluates
+ the input against. \n NB: CreateMatchExpression or
+ MustCreateMatchExpression() should be used for creating
+ new instances. NB: Validate() must be called if Op
+ or Value fields are modified or if a new instance
+ is created from scratch without using the helper functions."
+ properties:
+ op:
+ description: Op is the operator to be applied.
+ enum:
+ - In
+ - NotIn
+ - InRegexp
+ - Exists
+ - DoesNotExist
+ - Gt
+ - Lt
+ - GtLt
+ - IsTrue
+ - IsFalse
+ type: string
+ value:
+ description: Value is the list of values that the
+ operand evaluates the input against. Value should
+ be empty if the operator is Exists, DoesNotExist,
+ IsTrue or IsFalse. Value should contain exactly
+ one element if the operator is Gt or Lt and exactly
+ two elements if the operator is GtLt. In other
+ cases Value should contain at least one element.
+ items:
+ type: string
+ type: array
+ required:
+ - op
+ type: object
+ description: MatchExpressionSet contains a set of MatchExpressions,
+ each of which is evaluated against a set of input values.
+ type: object
+ required:
+ - feature
+ - matchExpressions
+ type: object
+ type: array
+ name:
+ description: Name of the rule.
+ type: string
+ vars:
+ additionalProperties:
+ type: string
+ description: Vars is the variables to store if the rule matches.
+ Variables do not directly inflict any changes in the node
+ object. However, they can be referenced from other rules enabling
+ more complex rule hierarchies, without exposing intermediary
+ output values as labels.
+ type: object
+ varsTemplate:
+ description: VarsTemplate specifies a template to expand for
+ dynamically generating multiple variables. Data (after template
+ expansion) must be keys with an optional value (<key>[=<value>])
+ separated by newlines.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ required:
+ - rules
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/charts/node-feature-discovery/templates/_helpers.tpl b/charts/node-feature-discovery/templates/_helpers.tpl
new file mode 100644
index 0000000..08760ea
--- /dev/null
+++ b/charts/node-feature-discovery/templates/_helpers.tpl
@@ -0,0 +1,85 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "node-feature-discovery.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "node-feature-discovery.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "node-feature-discovery.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "node-feature-discovery.labels" -}}
+helm.sh/chart: {{ include "node-feature-discovery.chart" . }}
+{{ include "node-feature-discovery.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "node-feature-discovery.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "node-feature-discovery.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+{{/*
+Create the name of the service account which the nfd master will use
+*/}}
+{{- define "node-feature-discovery.master.serviceAccountName" -}}
+{{- if .Values.master.serviceAccount.create -}}
+ {{ default (include "node-feature-discovery.fullname" .) .Values.master.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.master.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account which the nfd worker will use
+*/}}
+{{- define "node-feature-discovery.worker.serviceAccountName" -}}
+{{- if .Values.worker.serviceAccount.create -}}
+ {{ default (printf "%s-worker" (include "node-feature-discovery.fullname" .)) .Values.worker.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.worker.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account which topologyUpdater will use
+*/}}
+{{- define "node-feature-discovery.topologyUpdater.serviceAccountName" -}}
+{{- if .Values.topologyUpdater.serviceAccount.create -}}
+ {{ default (printf "%s-topology-updater" (include "node-feature-discovery.fullname" .)) .Values.topologyUpdater.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.topologyUpdater.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
diff --git a/charts/node-feature-discovery/templates/cert-manager-certs.yaml b/charts/node-feature-discovery/templates/cert-manager-certs.yaml
new file mode 100644
index 0000000..9e3a311
--- /dev/null
+++ b/charts/node-feature-discovery/templates/cert-manager-certs.yaml
@@ -0,0 +1,64 @@
+{{- if .Values.tls.certManager }}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: nfd-master-cert
+spec:
+ secretName: nfd-master-cert
+ subject:
+ organizations:
+ - node-feature-discovery
+ commonName: nfd-master
+ dnsNames:
+ # must match the service name
+ - {{ include "node-feature-discovery.fullname" . }}-master
+ # first one is configured for use by the worker; below are for completeness
+ - {{ include "node-feature-discovery.fullname" . }}-master.{{ $.Release.Namespace }}.svc
+ - {{ include "node-feature-discovery.fullname" . }}-master.{{ $.Release.Namespace }}.svc.cluster.local
+ # localhost needed for grpc_health_probe
+ - localhost
+ issuerRef:
+ name: nfd-ca-issuer
+ kind: Issuer
+ group: cert-manager.io
+
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: nfd-worker-cert
+spec:
+ secretName: nfd-worker-cert
+ subject:
+ organizations:
+ - node-feature-discovery
+ commonName: nfd-worker
+ dnsNames:
+ - {{ include "node-feature-discovery.fullname" . }}-worker.{{ $.Release.Namespace }}.svc.cluster.local
+ issuerRef:
+ name: nfd-ca-issuer
+ kind: Issuer
+ group: cert-manager.io
+
+{{- if .Values.topologyUpdater.enable }}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: nfd-topology-updater-cert
+spec:
+ secretName: nfd-topology-updater-cert
+ subject:
+ organizations:
+ - node-feature-discovery
+ commonName: nfd-topology-updater
+ dnsNames:
+ - {{ include "node-feature-discovery.fullname" . }}-topology-updater.{{ $.Release.Namespace }}.svc.cluster.local
+ issuerRef:
+ name: nfd-ca-issuer
+ kind: Issuer
+ group: cert-manager.io
+{{- end }}
+
+{{- end }}
diff --git a/charts/node-feature-discovery/templates/cert-manager-issuer.yaml b/charts/node-feature-discovery/templates/cert-manager-issuer.yaml
new file mode 100644
index 0000000..0401edd
--- /dev/null
+++ b/charts/node-feature-discovery/templates/cert-manager-issuer.yaml
@@ -0,0 +1,39 @@
+{{- if .Values.tls.certManager }}
+# See https://cert-manager.io/docs/configuration/selfsigned/#bootstrapping-ca-issuers
+# - Create a self signed issuer
+# - Use this to create a CA cert
+# - Use this to now create a CA issuer
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+ name: nfd-ca-bootstrap
+spec:
+ selfSigned: {}
+
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: nfd-ca-cert
+spec:
+ isCA: true
+ secretName: nfd-ca-cert
+ subject:
+ organizations:
+ - node-feature-discovery
+ commonName: nfd-ca-cert
+ issuerRef:
+ name: nfd-ca-bootstrap
+ kind: Issuer
+ group: cert-manager.io
+
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+ name: nfd-ca-issuer
+spec:
+ ca:
+ secretName: nfd-ca-cert
+{{- end }}
diff --git a/charts/node-feature-discovery/templates/clusterrole.yaml b/charts/node-feature-discovery/templates/clusterrole.yaml
new file mode 100644
index 0000000..36a12ec
--- /dev/null
+++ b/charts/node-feature-discovery/templates/clusterrole.yaml
@@ -0,0 +1,63 @@
+{{- if .Values.master.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ include "node-feature-discovery.fullname" . }}
+ labels:
+ {{- include "node-feature-discovery.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - nodes
+{{- if .Values.master.resourceLabels | empty | not }}
+ - nodes/status
+{{- end }}
+ verbs:
+ - get
+ - patch
+ - update
+ - list
+- apiGroups:
+ - nfd.k8s-sigs.io
+ resources:
+ - nodefeaturerules
+ verbs:
+ - get
+ - list
+ - watch
+{{- if .Values.topologyUpdater.enable }}
+- apiGroups:
+ - topology.node.k8s.io
+ resources:
+ - noderesourcetopologies
+ verbs:
+ - create
+ - get
+ - update
+{{- end }}
+{{- end }}
+
+---
+{{- if .Values.topologyUpdater.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ include "node-feature-discovery.fullname" . }}-topology-updater
+ labels:
+ {{- include "node-feature-discovery.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - nodes
+ verbs:
+ - get
+ - list
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - get
+{{- end }}
diff --git a/charts/node-feature-discovery/templates/clusterrolebinding.yaml b/charts/node-feature-discovery/templates/clusterrolebinding.yaml
new file mode 100644
index 0000000..40033c6
--- /dev/null
+++ b/charts/node-feature-discovery/templates/clusterrolebinding.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.master.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ include "node-feature-discovery.fullname" . }}
+ labels:
+ {{- include "node-feature-discovery.labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ include "node-feature-discovery.fullname" . }}
+subjects:
+- kind: ServiceAccount
+ name: {{ include "node-feature-discovery.master.serviceAccountName" . }}
+ namespace: {{ $.Release.Namespace }}
+{{- end }}
+
+---
+{{- if .Values.topologyUpdater.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ include "node-feature-discovery.fullname" . }}-topology-updater
+ labels:
+ {{- include "node-feature-discovery.labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ include "node-feature-discovery.fullname" . }}-topology-updater
+subjects:
+- kind: ServiceAccount
+ name: {{ include "node-feature-discovery.topologyUpdater.serviceAccountName" . }}
+ namespace: {{ $.Release.Namespace }}
+{{- end }}
diff --git a/charts/node-feature-discovery/templates/master.yaml b/charts/node-feature-discovery/templates/master.yaml
new file mode 100644
index 0000000..ce28646
--- /dev/null
+++ b/charts/node-feature-discovery/templates/master.yaml
@@ -0,0 +1,117 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "node-feature-discovery.fullname" . }}-master
+ labels:
+ {{- include "node-feature-discovery.labels" . | nindent 4 }}
+ role: master
+ annotations:
+ {{- toYaml .Values.master.deploymentAnnotations | nindent 4 }}
+spec:
+ replicas: {{ .Values.master.replicaCount }}
+ selector:
+ matchLabels:
+ {{- include "node-feature-discovery.selectorLabels" . | nindent 6 }}
+ role: master
+ template:
+ metadata:
+ labels:
+ {{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
+ role: master
+ annotations:
+ {{- toYaml .Values.master.annotations | nindent 8 }}
+ spec:
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ include "node-feature-discovery.master.serviceAccountName" . }}
+ securityContext:
+ {{- toYaml .Values.master.podSecurityContext | nindent 8 }}
+ containers:
+ - name: master
+ securityContext:
+ {{- toYaml .Values.master.securityContext | nindent 12 }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ livenessProbe:
+ exec:
+ command:
+ - "/usr/bin/grpc_health_probe"
+ - "-addr=:8080"
+ {{- if .Values.tls.enable }}
+ - "-tls"
+ - "-tls-ca-cert=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
+ - "-tls-client-key=/etc/kubernetes/node-feature-discovery/certs/tls.key"
+ - "-tls-client-cert=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
+ {{- end }}
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ readinessProbe:
+ exec:
+ command:
+ - "/usr/bin/grpc_health_probe"
+ - "-addr=:8080"
+ {{- if .Values.tls.enable }}
+ - "-tls"
+ - "-tls-ca-cert=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
+ - "-tls-client-key=/etc/kubernetes/node-feature-discovery/certs/tls.key"
+ - "-tls-client-cert=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
+ {{- end }}
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ failureThreshold: 10
+ ports:
+ - containerPort: 8080
+ name: grpc
+ env:
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ command:
+ - "nfd-master"
+ resources:
+ {{- toYaml .Values.master.resources | nindent 12 }}
+ args:
+ {{- if .Values.master.instance | empty | not }}
+ - "--instance={{ .Values.master.instance }}"
+ {{- end }}
+ {{- if .Values.master.extraLabelNs | empty | not }}
+ - "--extra-label-ns={{- join "," .Values.master.extraLabelNs }}"
+ {{- end }}
+ {{- if .Values.master.resourceLabels | empty | not }}
+ - "--resource-labels={{- join "," .Values.master.resourceLabels }}"
+ {{- end }}
+ {{- if .Values.master.featureRulesController | kindIs "invalid" | not }}
+ - "-featurerules-controller={{ .Values.master.featureRulesController }}"
+ {{- else }}
+ ## By default, disable NodeFeatureRules controller for other than the default instances
+ - "-featurerules-controller={{ .Values.master.instance | empty }}"
+ {{- end }}
+ {{- if .Values.tls.enable }}
+ - "--ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
+ - "--key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
+ - "--cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
+ volumeMounts:
+ - name: nfd-master-cert
+ mountPath: "/etc/kubernetes/node-feature-discovery/certs"
+ readOnly: true
+ volumes:
+ - name: nfd-master-cert
+ secret:
+ secretName: nfd-master-cert
+ ## /TLS ##
+ {{- end }}
+ {{- with .Values.master.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.master.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.master.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
diff --git a/charts/node-feature-discovery/templates/nfd-worker-conf.yaml b/charts/node-feature-discovery/templates/nfd-worker-conf.yaml
new file mode 100644
index 0000000..93c8d86
--- /dev/null
+++ b/charts/node-feature-discovery/templates/nfd-worker-conf.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "node-feature-discovery.fullname" . }}-worker-conf
+ labels:
+ {{- include "node-feature-discovery.labels" . | nindent 4 }}
+data:
+ nfd-worker.conf: |-
+ {{- .Values.worker.config | toYaml | nindent 4 }}
diff --git a/charts/node-feature-discovery/templates/nodefeaturerule-crd.yaml b/charts/node-feature-discovery/templates/nodefeaturerule-crd.yaml
new file mode 100644
index 0000000..f5d3085
--- /dev/null
+++ b/charts/node-feature-discovery/templates/nodefeaturerule-crd.yaml
@@ -0,0 +1,3 @@
+{{- if .Values.nodeFeatureRule.createCRD }}
+{{ .Files.Get "manifests/nodefeaturerule-crd.yaml" }}
+{{- end}}
diff --git a/charts/node-feature-discovery/templates/service.yaml b/charts/node-feature-discovery/templates/service.yaml
new file mode 100644
index 0000000..97d0a58
--- /dev/null
+++ b/charts/node-feature-discovery/templates/service.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "node-feature-discovery.fullname" . }}-master
+ labels:
+ {{- include "node-feature-discovery.labels" . | nindent 4 }}
+ role: master
+spec:
+ type: {{ .Values.master.service.type }}
+ ports:
+ - port: {{ .Values.master.service.port }}
+ targetPort: grpc
+ protocol: TCP
+ name: grpc
+ selector:
+ {{- include "node-feature-discovery.selectorLabels" . | nindent 4 }}
diff --git a/charts/node-feature-discovery/templates/serviceaccount.yaml b/charts/node-feature-discovery/templates/serviceaccount.yaml
new file mode 100644
index 0000000..025c30a
--- /dev/null
+++ b/charts/node-feature-discovery/templates/serviceaccount.yaml
@@ -0,0 +1,40 @@
+{{- if .Values.master.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "node-feature-discovery.master.serviceAccountName" . }}
+ labels:
+ {{- include "node-feature-discovery.labels" . | nindent 4 }}
+ {{- with .Values.master.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end }}
+
+---
+{{- if .Values.topologyUpdater.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "node-feature-discovery.topologyUpdater.serviceAccountName" . }}
+ labels:
+ {{- include "node-feature-discovery.labels" . | nindent 4 }}
+ {{- with .Values.topologyUpdater.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end }}
+
+---
+{{- if .Values.worker.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "node-feature-discovery.worker.serviceAccountName" . }}
+ labels:
+ {{- include "node-feature-discovery.labels" . | nindent 4 }}
+ {{- with .Values.worker.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/node-feature-discovery/templates/topologyupdater-crds.yaml b/charts/node-feature-discovery/templates/topologyupdater-crds.yaml
new file mode 100644
index 0000000..cf5daf2
--- /dev/null
+++ b/charts/node-feature-discovery/templates/topologyupdater-crds.yaml
@@ -0,0 +1,145 @@
+{{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.createCRDs -}}
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.kubernetes.io: https://github.com/kubernetes/enhancements/pull/1870
+ controller-gen.kubebuilder.io/version: v0.7.0
+ creationTimestamp: null
+ name: noderesourcetopologies.topology.node.k8s.io
+spec:
+ group: topology.node.k8s.io
+ names:
+ kind: NodeResourceTopology
+ listKind: NodeResourceTopologyList
+ plural: noderesourcetopologies
+ shortNames:
+ - node-res-topo
+ singular: noderesourcetopology
+ scope: Cluster
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: NodeResourceTopology describes node resources and their topology.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ topologyPolicies:
+ items:
+ type: string
+ type: array
+ zones:
+ description: ZoneList contains an array of Zone objects.
+ items:
+ description: Zone represents a resource topology zone, e.g. socket,
+ node, die or core.
+ properties:
+ attributes:
+ description: AttributeList contains an array of AttributeInfo objects.
+ items:
+ description: AttributeInfo contains one attribute of a Zone.
+ properties:
+ name:
+ type: string
+ value:
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ costs:
+ description: CostList contains an array of CostInfo objects.
+ items:
+ description: CostInfo describes the cost (or distance) between
+ two Zones.
+ properties:
+ name:
+ type: string
+ value:
+ format: int64
+ type: integer
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ name:
+ type: string
+ parent:
+ type: string
+ resources:
+ description: ResourceInfoList contains an array of ResourceInfo
+ objects.
+ items:
+ description: ResourceInfo contains information about one resource
+ type.
+ properties:
+ allocatable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Allocatable quantity of the resource, corresponding
+ to allocatable in node status, i.e. total amount of this
+ resource available to be used by pods.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ available:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Available is the amount of this resource currently
+ available for new (to be scheduled) pods, i.e. Allocatable
+ minus the resources reserved by currently running pods.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ capacity:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Capacity of the resource, corresponding to capacity
+ in node status, i.e. total amount of this resource that
+ the node has.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ name:
+ description: Name of the resource.
+ type: string
+ required:
+ - allocatable
+ - available
+ - capacity
+ - name
+ type: object
+ type: array
+ type:
+ type: string
+ required:
+ - name
+ - type
+ type: object
+ type: array
+ required:
+ - topologyPolicies
+ - zones
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+{{- end }}
diff --git a/charts/node-feature-discovery/templates/topologyupdater.yaml b/charts/node-feature-discovery/templates/topologyupdater.yaml
new file mode 100644
index 0000000..ffddc19
--- /dev/null
+++ b/charts/node-feature-discovery/templates/topologyupdater.yaml
@@ -0,0 +1,111 @@
+{{- if .Values.topologyUpdater.enable -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: {{ include "node-feature-discovery.fullname" . }}-topology-updater
+ labels:
+ {{- include "node-feature-discovery.labels" . | nindent 4 }}
+ role: topology-updater
+spec:
+ selector:
+ matchLabels:
+ {{- include "node-feature-discovery.selectorLabels" . | nindent 6 }}
+ role: topology-updater
+ template:
+ metadata:
+ labels:
+ {{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
+ role: topology-updater
+ annotations:
+ {{- toYaml .Values.topologyUpdater.annotations | nindent 8 }}
+ spec:
+ serviceAccountName: {{ include "node-feature-discovery.topologyUpdater.serviceAccountName" . }}
+ dnsPolicy: ClusterFirstWithHostNet
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ securityContext:
+ {{- toYaml .Values.topologyUpdater.podSecurityContext | nindent 8 }}
+ containers:
+ - name: topology-updater
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: "{{ .Values.image.pullPolicy }}"
+ env:
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ command:
+ - "nfd-topology-updater"
+ args:
+ - "--server={{ include "node-feature-discovery.fullname" . }}-master:{{ .Values.master.service.port }}"
+ {{- if .Values.topologyUpdater.updateInterval | empty | not }}
+ - "--sleep-interval={{ .Values.topologyUpdater.updateInterval }}"
+ {{- else }}
+ - "--sleep-interval=3s"
+ {{- end }}
+ {{- if .Values.topologyUpdater.watchNamespace | empty | not }}
+ - "--watch-namespace={{ .Values.topologyUpdater.watchNamespace }}"
+ {{- else }}
+ - "--watch-namespace=*"
+ {{- end }}
+ {{- if .Values.tls.enable }}
+ - "--ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
+ - "--key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
+ - "--cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
+ {{- end }}
+ volumeMounts:
+ - name: kubelet-config
+ mountPath: /host-var/lib/kubelet/config.yaml
+ - name: kubelet-podresources-sock
+ mountPath: /host-var/lib/kubelet/pod-resources/kubelet.sock
+ - name: host-sys
+ mountPath: /host-sys
+ {{- if .Values.tls.enable }}
+ - name: nfd-topology-updater-cert
+ mountPath: "/etc/kubernetes/node-feature-discovery/certs"
+ readOnly: true
+ {{- end }}
+
+ resources:
+ {{- toYaml .Values.topologyUpdater.resources | nindent 12 }}
+ securityContext:
+ {{- toYaml .Values.topologyUpdater.securityContext | nindent 12 }}
+ volumes:
+ - name: host-sys
+ hostPath:
+ path: "/sys"
+ - name: kubelet-config
+ hostPath:
+ {{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }}
+ path: {{ .Values.topologyUpdater.kubeletConfigPath }}
+ {{- else }}
+ path: /var/lib/kubelet/config.yaml
+ {{- end }}
+ - name: kubelet-podresources-sock
+ hostPath:
+ {{- if .Values.topologyUpdater.kubeletPodResourcesSockPath | empty | not }}
+ path: {{ .Values.topologyUpdater.kubeletPodResourcesSockPath }}
+ {{- else }}
+ path: /var/lib/kubelet/pod-resources/kubelet.sock
+ {{- end }}
+ {{- if .Values.tls.enable }}
+ - name: nfd-topology-updater-cert
+ secret:
+ secretName: nfd-topology-updater-cert
+ {{- end }}
+
+ {{- with .Values.topologyUpdater.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.topologyUpdater.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.topologyUpdater.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/node-feature-discovery/templates/worker.yaml b/charts/node-feature-discovery/templates/worker.yaml
new file mode 100644
index 0000000..955b6a3
--- /dev/null
+++ b/charts/node-feature-discovery/templates/worker.yaml
@@ -0,0 +1,131 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: {{ include "node-feature-discovery.fullname" . }}-worker
+ labels:
+ {{- include "node-feature-discovery.labels" . | nindent 4 }}
+ role: worker
+ annotations:
+ {{- toYaml .Values.worker.daemonsetAnnotations | nindent 4 }}
+spec:
+ selector:
+ matchLabels:
+ {{- include "node-feature-discovery.selectorLabels" . | nindent 6 }}
+ role: worker
+ template:
+ metadata:
+ labels:
+ {{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
+ role: worker
+ annotations:
+ {{- toYaml .Values.worker.annotations | nindent 8 }}
+ spec:
+ dnsPolicy: ClusterFirstWithHostNet
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ include "node-feature-discovery.worker.serviceAccountName" . }}
+ securityContext:
+ {{- toYaml .Values.worker.podSecurityContext | nindent 8 }}
+ containers:
+ - name: worker
+ securityContext:
+ {{- toYaml .Values.worker.securityContext | nindent 12 }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ env:
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ resources:
+ {{- toYaml .Values.worker.resources | nindent 12 }}
+ command:
+ - "nfd-worker"
+ args:
+ - "--server={{ include "node-feature-discovery.fullname" . }}-master:{{ .Values.master.service.port }}"
+{{- if .Values.tls.enable }}
+ - "--ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
+ - "--key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
+ - "--cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
+{{- end }}
+ volumeMounts:
+ - name: host-boot
+ mountPath: "/host-boot"
+ readOnly: true
+ - name: host-os-release
+ mountPath: "/host-etc/os-release"
+ readOnly: true
+ - name: host-sys
+ mountPath: "/host-sys"
+ readOnly: true
+ - name: host-usr-lib
+ mountPath: "/host-usr/lib"
+ readOnly: true
+ {{- if .Values.worker.mountUsrSrc }}
+ - name: host-usr-src
+ mountPath: "/host-usr/src"
+ readOnly: true
+ {{- end }}
+ - name: source-d
+ mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
+ readOnly: true
+ - name: features-d
+ mountPath: "/etc/kubernetes/node-feature-discovery/features.d/"
+ readOnly: true
+ - name: nfd-worker-conf
+ mountPath: "/etc/kubernetes/node-feature-discovery"
+ readOnly: true
+{{- if .Values.tls.enable }}
+ - name: nfd-worker-cert
+ mountPath: "/etc/kubernetes/node-feature-discovery/certs"
+ readOnly: true
+{{- end }}
+ volumes:
+ - name: host-boot
+ hostPath:
+ path: "/boot"
+ - name: host-os-release
+ hostPath:
+ path: "/etc/os-release"
+ - name: host-sys
+ hostPath:
+ path: "/sys"
+ - name: host-usr-lib
+ hostPath:
+ path: "/usr/lib"
+ {{- if .Values.worker.mountUsrSrc }}
+ - name: host-usr-src
+ hostPath:
+ path: "/usr/src"
+ {{- end }}
+ - name: source-d
+ hostPath:
+ path: "/etc/kubernetes/node-feature-discovery/source.d/"
+ - name: features-d
+ hostPath:
+ path: "/etc/kubernetes/node-feature-discovery/features.d/"
+ - name: nfd-worker-conf
+ configMap:
+ name: {{ include "node-feature-discovery.fullname" . }}-worker-conf
+ items:
+ - key: nfd-worker.conf
+ path: nfd-worker.conf
+{{- if .Values.tls.enable }}
+ - name: nfd-worker-cert
+ secret:
+ secretName: nfd-worker-cert
+{{- end }}
+ {{- with .Values.worker.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.worker.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.worker.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
diff --git a/charts/node-feature-discovery/values.yaml b/charts/node-feature-discovery/values.yaml
new file mode 100644
index 0000000..f4b1d84
--- /dev/null
+++ b/charts/node-feature-discovery/values.yaml
@@ -0,0 +1,413 @@
+image:
+ repository: k8s.gcr.io/nfd/node-feature-discovery
+ # This should be set to 'IfNotPresent' for released version
+ pullPolicy: IfNotPresent
+ # tag, if defined will use the given image tag, else Chart.AppVersion will be used
+ # tag
+imagePullSecrets: []
+
+nameOverride: ""
+fullnameOverride: ""
+
+nodeFeatureRule:
+ createCRD: true
+
+master:
+ instance:
+ extraLabelNs: []
+ resourceLabels: []
+ featureRulesController: null
+ deploymentAnnotations: {}
+ replicaCount: 1
+
+ podSecurityContext: {}
+ # fsGroup: 2000
+
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop: [ "ALL" ]
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ # runAsUser: 1000
+
+ serviceAccount:
+ # Specifies whether a service account should be created
+ create: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name:
+
+ rbac:
+ create: true
+
+ service:
+ type: ClusterIP
+ port: 8080
+
+ resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+
+ nodeSelector: {}
+
+ tolerations:
+ - key: "node-role.kubernetes.io/master"
+ operator: "Equal"
+ value: ""
+ effect: "NoSchedule"
+ - key: "node-role.kubernetes.io/control-plane"
+ operator: "Equal"
+ value: ""
+ effect: "NoSchedule"
+
+ annotations: {}
+
+ affinity:
+ nodeAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 1
+ preference:
+ matchExpressions:
+ - key: "node-role.kubernetes.io/master"
+ operator: In
+ values: [""]
+ - weight: 1
+ preference:
+ matchExpressions:
+ - key: "node-role.kubernetes.io/control-plane"
+ operator: In
+ values: [""]
+
+worker:
+ config: ### <NFD-WORKER-CONF-START-DO-NOT-REMOVE>
+ #core:
+ # labelWhiteList:
+ # noPublish: false
+ # sleepInterval: 60s
+ # featureSources: [all]
+ # labelSources: [all]
+ # klog:
+ # addDirHeader: false
+ # alsologtostderr: false
+ # logBacktraceAt:
+ # logtostderr: true
+ # skipHeaders: false
+ # stderrthreshold: 2
+ # v: 0
+ # vmodule:
+ ## NOTE: the following options are not dynamically run-time configurable
+ ## and require a nfd-worker restart to take effect after being changed
+ # logDir:
+ # logFile:
+ # logFileMaxSize: 1800
+ # skipLogHeaders: false
+ #sources:
+ # cpu:
+ # cpuid:
+ ## NOTE: whitelist has priority over blacklist
+ # attributeBlacklist:
+ # - "BMI1"
+ # - "BMI2"
+ # - "CLMUL"
+ # - "CMOV"
+ # - "CX16"
+ # - "ERMS"
+ # - "F16C"
+ # - "HTT"
+ # - "LZCNT"
+ # - "MMX"
+ # - "MMXEXT"
+ # - "NX"
+ # - "POPCNT"
+ # - "RDRAND"
+ # - "RDSEED"
+ # - "RDTSCP"
+ # - "SGX"
+ # - "SSE"
+ # - "SSE2"
+ # - "SSE3"
+ # - "SSE4"
+ # - "SSE42"
+ # - "SSSE3"
+ # attributeWhitelist:
+ # kernel:
+ # kconfigFile: "/path/to/kconfig"
+ # configOpts:
+ # - "NO_HZ"
+ # - "X86"
+ # - "DMI"
+ # pci:
+ # deviceClassWhitelist:
+ # - "0200"
+ # - "03"
+ # - "12"
+ # deviceLabelFields:
+ # - "class"
+ # - "vendor"
+ # - "device"
+ # - "subsystem_vendor"
+ # - "subsystem_device"
+ # usb:
+ # deviceClassWhitelist:
+ # - "0e"
+ # - "ef"
+ # - "fe"
+ # - "ff"
+ # deviceLabelFields:
+ # - "class"
+ # - "vendor"
+ # - "device"
+ # custom:
+ # # The following feature demonstrates the capabilities of the matchFeatures
+ # - name: "my custom rule"
+ # labels:
+ # my-ng-feature: "true"
+ # # matchFeatures implements a logical AND over all matcher terms in the
+ # # list (i.e. all of the terms, or per-feature matchers, must match)
+ # matchFeatures:
+ # - feature: cpu.cpuid
+ # matchExpressions:
+ # AVX512F: {op: Exists}
+ # - feature: cpu.cstate
+ # matchExpressions:
+ # enabled: {op: IsTrue}
+ # - feature: cpu.pstate
+ # matchExpressions:
+ # no_turbo: {op: IsFalse}
+ # scaling_governor: {op: In, value: ["performance"]}
+ # - feature: cpu.rdt
+ # matchExpressions:
+ # RDTL3CA: {op: Exists}
+ # - feature: cpu.sst
+ # matchExpressions:
+ # bf.enabled: {op: IsTrue}
+ # - feature: cpu.topology
+ # matchExpressions:
+ # hardware_multithreading: {op: IsFalse}
+ #
+ # - feature: kernel.config
+ # matchExpressions:
+ # X86: {op: Exists}
+ # LSM: {op: InRegexp, value: ["apparmor"]}
+ # - feature: kernel.loadedmodule
+ # matchExpressions:
+ # e1000e: {op: Exists}
+ # - feature: kernel.selinux
+ # matchExpressions:
+ # enabled: {op: IsFalse}
+ # - feature: kernel.version
+ # matchExpressions:
+ # major: {op: In, value: ["5"]}
+ # minor: {op: Gt, value: ["10"]}
+ #
+ # - feature: storage.block
+ # matchExpressions:
+ # rotational: {op: In, value: ["0"]}
+ # dax: {op: In, value: ["0"]}
+ #
+ # - feature: network.device
+ # matchExpressions:
+ # operstate: {op: In, value: ["up"]}
+ # speed: {op: Gt, value: ["100"]}
+ #
+ # - feature: memory.numa
+ # matchExpressions:
+ # node_count: {op: Gt, value: ["2"]}
+ # - feature: memory.nv
+ # matchExpressions:
+ # devtype: {op: In, value: ["nd_dax"]}
+ # mode: {op: In, value: ["memory"]}
+ #
+ # - feature: system.osrelease
+ # matchExpressions:
+ # ID: {op: In, value: ["fedora", "centos"]}
+ # - feature: system.name
+ # matchExpressions:
+ # nodename: {op: InRegexp, value: ["^worker-X"]}
+ #
+ # - feature: local.label
+ # matchExpressions:
+ # custom-feature-knob: {op: Gt, value: ["100"]}
+ #
+ # # The following feature demonstrates the capabilities of the matchAny
+ # - name: "my matchAny rule"
+ # labels:
+ # my-ng-feature-2: "my-value"
+ # # matchAny implements a logical IF over all elements (sub-matchers) in
+ # # the list (i.e. at least one feature matcher must match)
+ # matchAny:
+ # - matchFeatures:
+ # - feature: kernel.loadedmodule
+ # matchExpressions:
+ # driver-module-X: {op: Exists}
+ # - feature: pci.device
+ # matchExpressions:
+ # vendor: {op: In, value: ["8086"]}
+ # class: {op: In, value: ["0200"]}
+ # - matchFeatures:
+ # - feature: kernel.loadedmodule
+ # matchExpressions:
+ # driver-module-Y: {op: Exists}
+ # - feature: usb.device
+ # matchExpressions:
+ # vendor: {op: In, value: ["8086"]}
+ # class: {op: In, value: ["02"]}
+ #
+ # # The following features demonstreate label templating capabilities
+ # - name: "my template rule"
+ # labelsTemplate: |
+ # {{ range .system.osrelease }}my-system-feature.{{ .Name }}={{ .Value }}
+ # {{ end }}
+ # matchFeatures:
+ # - feature: system.osrelease
+ # matchExpressions:
+ # ID: {op: InRegexp, value: ["^open.*"]}
+ # VERSION_ID.major: {op: In, value: ["13", "15"]}
+ #
+ # - name: "my template rule 2"
+ # labelsTemplate: |
+ # {{ range .pci.device }}my-pci-device.{{ .class }}-{{ .device }}=with-cpuid
+ # {{ end }}
+ # matchFeatures:
+ # - feature: pci.device
+ # matchExpressions:
+ # class: {op: InRegexp, value: ["^06"]}
+ # vendor: ["8086"]
+ # - feature: cpu.cpuid
+ # matchExpressions:
+ # AVX: {op: Exists}
+ #
+ # # The following examples demonstrate vars field and back-referencing
+ # # previous labels and vars
+ # - name: "my dummy kernel rule"
+ # labels:
+ # "my.kernel.feature": "true"
+ # matchFeatures:
+ # - feature: kernel.version
+ # matchExpressions:
+ # major: {op: Gt, value: ["2"]}
+ #
+ # - name: "my dummy rule with no labels"
+ # vars:
+ # "my.dummy.var": "1"
+ # matchFeatures:
+ # - feature: cpu.cpuid
+ # matchExpressions: {}
+ #
+ # - name: "my rule using backrefs"
+ # labels:
+ # "my.backref.feature": "true"
+ # matchFeatures:
+ # - feature: rule.matched
+ # matchExpressions:
+ # my.kernel.feature: {op: IsTrue}
+ # my.dummy.var: {op: Gt, value: ["0"]}
+ #
+### <NFD-WORKER-CONF-END-DO-NOT-REMOVE>
+
+ daemonsetAnnotations: {}
+ podSecurityContext: {}
+ # fsGroup: 2000
+
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop: [ "ALL" ]
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ # runAsUser: 1000
+
+ serviceAccount:
+ # Specifies whether a service account should be created.
+ # We create this by default to make it easier for downstream users to apply PodSecurityPolicies.
+ create: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name:
+
+ # Allow users to mount the hostPath /usr/src, useful for RHCOS on s390x
+ # Does not work on systems without /usr/src AND a read-only /usr, such as Talos
+ mountUsrSrc: false
+
+ resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+
+ nodeSelector: {}
+
+ tolerations: []
+
+ annotations: {}
+
+ affinity: {}
+
+topologyUpdater:
+ enable: false
+ createCRDs: false
+
+ serviceAccount:
+ create: false
+ annotations: {}
+ name:
+ rbac:
+ create: false
+
+ kubeletConfigPath:
+ kubeletPodResourcesSockPath:
+ updateInterval: 60s
+ watchNamespace: "*"
+
+ podSecurityContext: {}
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop: [ "ALL" ]
+ readOnlyRootFilesystem: true
+ runAsUser: 0
+
+ resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+
+ nodeSelector: {}
+ tolerations: []
+ annotations: {}
+ affinity: {}
+
+# Optionally use encryption for worker <--> master comms
+# TODO: verify hostname is not yet supported
+#
+# If you do not enable certManager (and have it installed) you will
+# need to manually, or otherwise, provision the TLS certs as secrets
+tls:
+ enable: false
+ certManager: false
diff --git a/charts/prometheus-pushgateway/.helmignore b/charts/prometheus-pushgateway/.helmignore
new file mode 100644
index 0000000..e90c9f6
--- /dev/null
+++ b/charts/prometheus-pushgateway/.helmignore
@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# OWNERS file for Kubernetes
+OWNERS
\ No newline at end of file
diff --git a/charts/prometheus-pushgateway/Chart.yaml b/charts/prometheus-pushgateway/Chart.yaml
new file mode 100644
index 0000000..8941467
--- /dev/null
+++ b/charts/prometheus-pushgateway/Chart.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+appVersion: 1.4.2
+description: A Helm chart for prometheus pushgateway
+home: https://github.com/prometheus/pushgateway
+keywords:
+- pushgateway
+- prometheus
+maintainers:
+- email: gianrubio@gmail.com
+ name: gianrubio
+- email: christian.staude@staffbase.com
+ name: cstaud
+name: prometheus-pushgateway
+sources:
+- https://github.com/prometheus/pushgateway
+version: 1.16.0
diff --git a/charts/prometheus-pushgateway/README.md b/charts/prometheus-pushgateway/README.md
new file mode 100644
index 0000000..9f0ac5e
--- /dev/null
+++ b/charts/prometheus-pushgateway/README.md
@@ -0,0 +1,63 @@
+# Prometheus Pushgateway
+
+This chart bootstraps a prometheus [pushgateway](http://github.com/prometheus/pushgateway) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+An optional prometheus `ServiceMonitor` can be enabled, should you wish to use this gateway with a [Prometheus Operator](https://github.com/coreos/prometheus-operator).
+
+## Get Repo Info
+
+```console
+helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
+helm repo update
+```
+
+_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
+
+## Install Chart
+
+```console
+# Helm 3
+$ helm install [RELEASE_NAME] prometheus-community/prometheus-pushgateway
+
+# Helm 2
+$ helm install --name [RELEASE_NAME] prometheus-community/prometheus-pushgateway
+```
+
+_See [configuration](#configuration) below._
+
+_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
+
+## Uninstall Chart
+
+```console
+# Helm 3
+$ helm uninstall [RELEASE_NAME]
+
+# Helm 2
+# helm delete --purge [RELEASE_NAME]
+```
+
+This removes all the Kubernetes components associated with the chart and deletes the release.
+
+_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
+
+## Upgrading Chart
+
+```console
+# Helm 3 or 2
+$ helm upgrade [RELEASE_NAME] [CHART] --install
+```
+
+_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
+
+## Configuration
+
+See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands:
+
+```console
+# Helm 2
+$ helm inspect values prometheus-community/prometheus-pushgateway
+
+# Helm 3
+$ helm show values prometheus-community/prometheus-pushgateway
+```
diff --git a/charts/prometheus-pushgateway/templates/NOTES.txt b/charts/prometheus-pushgateway/templates/NOTES.txt
new file mode 100644
index 0000000..eca232e
--- /dev/null
+++ b/charts/prometheus-pushgateway/templates/NOTES.txt
@@ -0,0 +1,19 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+ http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+ export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus-pushgateway.fullname" . }})
+ export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+ echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ You can watch the status of by running 'kubectl get svc -w {{ template "prometheus-pushgateway.fullname" . }}'
+ export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "prometheus-pushgateway.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+ echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+ export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "prometheus-pushgateway.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+ echo "Visit http://127.0.0.1:8080 to use your application"
+ kubectl port-forward $POD_NAME 8080:80
+{{- end }}
\ No newline at end of file
diff --git a/charts/prometheus-pushgateway/templates/_helpers.tpl b/charts/prometheus-pushgateway/templates/_helpers.tpl
new file mode 100644
index 0000000..f6e4690
--- /dev/null
+++ b/charts/prometheus-pushgateway/templates/_helpers.tpl
@@ -0,0 +1,65 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "prometheus-pushgateway.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "prometheus-pushgateway.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "prometheus-pushgateway.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "prometheus-pushgateway.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+ {{ default (include "prometheus-pushgateway.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create default labels
+*/}}
+{{- define "prometheus-pushgateway.defaultLabels" -}}
+{{- $labelChart := include "prometheus-pushgateway.chart" $ -}}
+{{- $labelApp := include "prometheus-pushgateway.name" $ -}}
+{{- $labels := dict "app" $labelApp "chart" $labelChart "release" .Release.Name "heritage" .Release.Service -}}
+{{ merge .extraLabels $labels | toYaml | indent 4 }}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for networkpolicy.
+*/}}
+{{- define "prometheus-pushgateway.networkPolicy.apiVersion" -}}
+{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- print "extensions/v1beta1" -}}
+{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- print "networking.k8s.io/v1" -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/prometheus-pushgateway/templates/deployment.yaml b/charts/prometheus-pushgateway/templates/deployment.yaml
new file mode 100644
index 0000000..e00ca0f
--- /dev/null
+++ b/charts/prometheus-pushgateway/templates/deployment.yaml
@@ -0,0 +1,96 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ template "prometheus-pushgateway.fullname" . }}
+ labels:
+{{ template "prometheus-pushgateway.defaultLabels" merge (dict "extraLabels" .Values.podLabels) . }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ {{- if .Values.strategy }}
+ strategy:
+{{ toYaml .Values.strategy | indent 4 }}
+ {{- end }}
+ selector:
+ matchLabels:
+ app: {{ template "prometheus-pushgateway.name" . }}
+ release: {{ .Release.Name }}
+ template:
+ metadata:
+ labels:
+ app: {{ template "prometheus-pushgateway.name" . }}
+ release: {{ .Release.Name }}
+ annotations:
+{{ toYaml .Values.podAnnotations | indent 8 }}
+ spec:
+ serviceAccountName: {{ template "prometheus-pushgateway.serviceAccountName" . }}
+ {{- if .Values.priorityClassName }}
+ priorityClassName: {{ .Values.priorityClassName | quote }}
+ {{- end }}
+ {{- if .Values.imagePullSecrets }}
+ imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 8 }}
+ {{- end }}
+ containers:
+ - name: pushgateway
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ {{- if .Values.extraVars }}
+ env:
+{{ toYaml .Values.extraVars | indent 12 }}
+ {{- end }}
+ {{- if .Values.extraArgs }}
+ args:
+{{ toYaml .Values.extraArgs | indent 12 }}
+ {{- end }}
+ ports:
+ - name: metrics
+ containerPort: 9091
+ protocol: TCP
+{{- if .Values.liveness.enabled }}
+ livenessProbe:
+{{ toYaml .Values.liveness.probe | indent 12 }}
+ {{- end }}
+{{- if .Values.readiness.enabled }}
+ readinessProbe:
+{{ toYaml .Values.readiness.probe | indent 12 }}
+ {{- end }}
+ resources:
+{{ toYaml .Values.resources | indent 12 }}
+ {{- if .Values.containerSecurityContext }}
+ securityContext:
+{{ toYaml .Values.containerSecurityContext | indent 12 }}
+ {{- end }}
+ volumeMounts:
+ - name: storage-volume
+ mountPath: "{{ .Values.persistentVolume.mountPath }}"
+ subPath: "{{ .Values.persistentVolume.subPath }}"
+ {{- if .Values.extraVolumeMounts }}
+{{ toYaml .Values.extraVolumeMounts | indent 12 }}
+ {{- end }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end }}
+ {{- if .Values.tolerations }}
+ tolerations:
+{{ toYaml .Values.tolerations | indent 8 }}
+ {{- end }}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+ {{- if .Values.securityContext }}
+ securityContext:
+{{ toYaml .Values.securityContext | indent 8 }}
+ {{- end }}
+ volumes:
+ - name: storage-volume
+ {{- if .Values.persistentVolume.enabled }}
+ persistentVolumeClaim:
+ claimName: {{ if .Values.persistentVolume.existingClaim }}{{ .Values.persistentVolume.existingClaim }}{{- else }}{{ template "prometheus-pushgateway.fullname" . }}{{- end }}
+ {{- else}}
+ emptyDir: {}
+ {{- end -}}
+ {{- if .Values.extraVolumes }}
+{{ toYaml .Values.extraVolumes | indent 8 }}
+ {{- end }}
diff --git a/charts/prometheus-pushgateway/templates/ingress.yaml b/charts/prometheus-pushgateway/templates/ingress.yaml
new file mode 100644
index 0000000..815accc
--- /dev/null
+++ b/charts/prometheus-pushgateway/templates/ingress.yaml
@@ -0,0 +1,51 @@
+{{- if .Values.ingress.enabled -}}
+{{- $serviceName := include "prometheus-pushgateway.fullname" . }}
+{{- $servicePort := .Values.service.port -}}
+{{- $ingressPath := .Values.ingress.path -}}
+{{- $ingressClassName := .Values.ingress.className -}}
+{{- $ingressPathType := .Values.ingress.pathType -}}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+{{- if .Values.ingress.annotations }}
+ annotations:
+{{ toYaml .Values.ingress.annotations | indent 4}}
+{{- end }}
+ labels:
+{{ template "prometheus-pushgateway.defaultLabels" merge (dict "extraLabels" dict) . }}
+ name: {{ template "prometheus-pushgateway.fullname" . }}
+spec:
+ {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }}
+ ingressClassName: {{ $ingressClassName }}
+ {{- end }}
+ rules:
+ {{- range $host := .Values.ingress.hosts }}
+ - host: {{ $host }}
+ http:
+ paths:
+ - path: {{ $ingressPath }}
+ {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+ pathType: {{ $ingressPathType }}
+ {{- end }}
+ backend:
+ {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+ service:
+ name: {{ $serviceName }}
+ port:
+ number: {{ $servicePort }}
+ {{- else }}
+ serviceName: {{ $serviceName }}
+ servicePort: {{ $servicePort }}
+ {{- end }}
+ {{- end -}}
+{{- if .Values.ingress.tls }}
+ tls:
+{{ toYaml .Values.ingress.tls | indent 4 }}
+ {{- end -}}
+{{- end -}}
diff --git a/charts/prometheus-pushgateway/templates/networkpolicy.yaml b/charts/prometheus-pushgateway/templates/networkpolicy.yaml
new file mode 100644
index 0000000..aa49058
--- /dev/null
+++ b/charts/prometheus-pushgateway/templates/networkpolicy.yaml
@@ -0,0 +1,26 @@
+{{ if .Values.networkPolicy }}
+apiVersion: {{ template "prometheus-pushgateway.networkPolicy.apiVersion" . }}
+kind: NetworkPolicy
+metadata:
+{{- if .Values.networkPolicy.customSelectors }}
+ name: ingress-allow-customselector-{{ template "prometheus-pushgateway.name" . }}
+{{- else if .Values.networkPolicy.allowAll }}
+ name: ingress-allow-all-{{ template "prometheus-pushgateway.name" . }}
+{{- else -}}
+{{- fail "One of `allowAll` or `customSelectors` must be specified." }}
+{{- end }}
+ labels:
+{{ template "prometheus-pushgateway.defaultLabels" merge (dict "extraLabels" .Values.podLabels) . }}
+spec:
+ podSelector:
+ matchLabels:
+ app: {{ template "prometheus-pushgateway.name" .}}
+ release: {{ .Release.Name }}
+ ingress:
+ - ports:
+ - port: {{ .Values.service.targetPort }}
+{{- if .Values.networkPolicy.customSelectors }}
+ from:
+{{ toYaml .Values.networkPolicy.customSelectors | indent 8 }}
+{{- end -}}
+{{- end -}}
diff --git a/charts/prometheus-pushgateway/templates/pdb.yaml b/charts/prometheus-pushgateway/templates/pdb.yaml
new file mode 100644
index 0000000..4f3efd2
--- /dev/null
+++ b/charts/prometheus-pushgateway/templates/pdb.yaml
@@ -0,0 +1,13 @@
+{{- if .Values.podDisruptionBudget -}}
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: {{ template "prometheus-pushgateway.fullname" . }}
+ labels:
+{{ template "prometheus-pushgateway.defaultLabels" merge (dict "extraLabels" .Values.podLabels) . }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ template "prometheus-pushgateway.name" . }}
+{{ toYaml .Values.podDisruptionBudget | indent 2 }}
+{{- end -}}
\ No newline at end of file
diff --git a/charts/prometheus-pushgateway/templates/pushgateway-pvc.yaml b/charts/prometheus-pushgateway/templates/pushgateway-pvc.yaml
new file mode 100644
index 0000000..33b8eae
--- /dev/null
+++ b/charts/prometheus-pushgateway/templates/pushgateway-pvc.yaml
@@ -0,0 +1,27 @@
+{{- if .Values.persistentVolume.enabled -}}
+{{- if not .Values.persistentVolume.existingClaim -}}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ {{- if .Values.persistentVolume.annotations }}
+ annotations:
+{{ toYaml .Values.persistentVolume.annotations | indent 4 }}
+ {{- end }}
+ labels:
+{{ template "prometheus-pushgateway.defaultLabels" merge (dict "extraLabels" .Values.persistentVolumeLabels) . }}
+ name: {{ template "prometheus-pushgateway.fullname" . }}
+spec:
+ accessModes:
+{{ toYaml .Values.persistentVolume.accessModes | indent 4 }}
+{{- if .Values.persistentVolume.storageClass }}
+{{- if (eq "-" .Values.persistentVolume.storageClass) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: "{{ .Values.persistentVolume.storageClass }}"
+{{- end }}
+{{- end }}
+ resources:
+ requests:
+ storage: "{{ .Values.persistentVolume.size }}"
+{{- end -}}
+{{- end -}}
diff --git a/charts/prometheus-pushgateway/templates/service.yaml b/charts/prometheus-pushgateway/templates/service.yaml
new file mode 100644
index 0000000..3d6f3b9
--- /dev/null
+++ b/charts/prometheus-pushgateway/templates/service.yaml
@@ -0,0 +1,33 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "prometheus-pushgateway.fullname" . }}
+ annotations:
+{{ .Values.serviceAnnotations | toYaml | indent 4 }}
+ labels:
+{{ template "prometheus-pushgateway.defaultLabels" merge (dict "extraLabels" .Values.serviceLabels) . }}
+spec:
+{{- if .Values.service.clusterIP }}
+ clusterIP: {{ .Values.service.clusterIP }}
+{{- end }}
+ type: {{ .Values.service.type }}
+{{- if .Values.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+{{- end }}
+{{- if .Values.service.loadBalancerSourceRanges }}
+ loadBalancerSourceRanges:
+ {{- range $cidr := .Values.service.loadBalancerSourceRanges }}
+ - {{ $cidr }}
+ {{- end }}
+{{- end }}
+ ports:
+ - port: {{ .Values.service.port }}
+ targetPort: {{ .Values.service.targetPort }}
+ {{- if and (eq .Values.service.type "NodePort") .Values.service.nodePort }}
+ nodePort: {{ .Values.service.nodePort }}
+ {{- end }}
+ protocol: TCP
+ name: http
+ selector:
+ app: {{ template "prometheus-pushgateway.name" . }}
+ release: {{ .Release.Name }}
diff --git a/charts/prometheus-pushgateway/templates/serviceaccount.yaml b/charts/prometheus-pushgateway/templates/serviceaccount.yaml
new file mode 100644
index 0000000..bd74954
--- /dev/null
+++ b/charts/prometheus-pushgateway/templates/serviceaccount.yaml
@@ -0,0 +1,8 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ template "prometheus-pushgateway.serviceAccountName" . }}
+ labels:
+{{ template "prometheus-pushgateway.defaultLabels" merge (dict "extraLabels" .Values.serviceAccountLabels) . }}
+{{- end -}}
diff --git a/charts/prometheus-pushgateway/templates/servicemonitor.yaml b/charts/prometheus-pushgateway/templates/servicemonitor.yaml
new file mode 100644
index 0000000..9cd1c63
--- /dev/null
+++ b/charts/prometheus-pushgateway/templates/servicemonitor.yaml
@@ -0,0 +1,37 @@
+{{- if .Values.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ template "prometheus-pushgateway.fullname" . }}
+ {{- if .Values.serviceMonitor.namespace }}
+ namespace: {{ .Values.serviceMonitor.namespace }}
+ {{- end }}
+ labels:
+{{ template "prometheus-pushgateway.defaultLabels" merge (dict "extraLabels" .Values.serviceMonitor.additionalLabels) . }}
+spec:
+ endpoints:
+ - port: http
+ {{- if .Values.serviceMonitor.interval }}
+ interval: {{ .Values.serviceMonitor.interval }}
+ {{- end }}
+ {{- if .Values.serviceMonitor.scrapeTimeout }}
+ scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }}
+ {{- end }}
+ path: /metrics
+ honorLabels: {{ .Values.serviceMonitor.honorLabels }}
+ {{- if .Values.serviceMonitor.metricRelabelings }}
+ metricRelabelings:
+ {{- tpl (toYaml .Values.serviceMonitor.metricRelabelings | nindent 4) . }}
+ {{- end }}
+ {{- if .Values.serviceMonitor.relabelings }}
+ relabelings:
+ {{ toYaml .Values.serviceMonitor.relabelings | nindent 4 }}
+ {{- end }}
+ namespaceSelector:
+ matchNames:
+ - {{ .Release.Namespace }}
+ selector:
+ matchLabels:
+ app: {{ template "prometheus-pushgateway.name" . }}
+ release: {{ .Release.Name }}
+{{- end -}}
diff --git a/charts/prometheus-pushgateway/values.yaml b/charts/prometheus-pushgateway/values.yaml
new file mode 100644
index 0000000..33635c9
--- /dev/null
+++ b/charts/prometheus-pushgateway/values.yaml
@@ -0,0 +1,269 @@
+# Default values for prometheus-pushgateway.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+# Provide a name in place of prometheus-pushgateway for `app:` labels
+nameOverride: ""
+
+# Provide a name to substitute for the full names of resources
+fullnameOverride: ""
+
+image:
+ repository: prom/pushgateway
+ tag: v1.4.2
+ pullPolicy: IfNotPresent
+
+# Optional pod imagePullSecrets
+imagePullSecrets: []
+
+service:
+ type: ClusterIP
+ port: 9091
+ targetPort: 9091
+
+ # Optional - Can be used for headless if value is "None"
+ clusterIP: ""
+
+ loadBalancerIP: ""
+ loadBalancerSourceRanges: []
+
+# Optional pod annotations
+podAnnotations: {}
+
+# Optional pod labels
+podLabels: {}
+
+# Optional service annotations
+serviceAnnotations: {}
+
+# Optional service labels
+serviceLabels: {}
+
+# Optional serviceAccount labels
+serviceAccountLabels: {}
+
+# Optional persistentVolume labels
+persistentVolumeLabels: {}
+
+# Optional additional environment variables
+extraVars: []
+
+## Additional pushgateway container arguments
+##
+## example:
+## extraArgs:
+## - --persistence.file=/data/pushgateway.data
+## - --persistence.interval=5m
+extraArgs: []
+
+resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # limits:
+ # cpu: 200m
+ # memory: 50Mi
+ # requests:
+ # cpu: 100m
+ # memory: 30Mi
+
+liveness:
+ enabled: true
+ probe:
+ httpGet:
+ path: /-/ready
+ port: 9091
+ initialDelaySeconds: 10
+ timeoutSeconds: 10
+
+readiness:
+ enabled: true
+ probe:
+ httpGet:
+ path: /-/ready
+ port: 9091
+ initialDelaySeconds: 10
+ timeoutSeconds: 10
+
+serviceAccount:
+ # Specifies whether a ServiceAccount should be created
+ create: true
+ # The name of the ServiceAccount to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name:
+
+## Configure ingress resource that allow you to access the
+## pushgateway installation. Set up the URL
+## ref: http://kubernetes.io/docs/user-guide/ingress/
+##
+ingress:
+ ## Enable Ingress.
+ ##
+ enabled: false
+ # AWS ALB requires path of /*
+ className: ""
+ path: /
+ pathType: ImplementationSpecific
+
+ ## Annotations.
+ ##
+ # annotations:
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: 'true'
+
+ ## Hostnames.
+ ## Must be provided if Ingress is enabled.
+ ##
+ # hosts:
+ # - pushgateway.domain.com
+
+ ## TLS configuration.
+ ## Secrets must be manually created in the namespace.
+ ##
+ # tls:
+ # - secretName: pushgateway-tls
+ # hosts:
+ # - pushgateway.domain.com
+
+tolerations: {}
+ # - effect: NoSchedule
+ # operator: Exists
+
+## Node labels for pushgateway pod assignment
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+
+replicaCount: 1
+
+## Security context to be added to push-gateway pods
+##
+securityContext:
+ fsGroup: 65534
+ runAsUser: 65534
+ runAsNonRoot: true
+
+## Security context to be added to push-gateway containers
+## Having a separate variable as securityContext differs for pods and containers.
+containerSecurityContext: {}
+# allowPrivilegeEscalation: false
+# readOnlyRootFilesystem: true
+# runAsUser: 65534
+# runAsNonRoot: true
+
+## Affinity for pod assignment
+## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+affinity: {}
+
+# Enable this if you're using https://github.com/coreos/prometheus-operator
+serviceMonitor:
+ enabled: false
+ namespace: monitoring
+
+ # Fallback to the prometheus default unless specified
+ # interval: 10s
+
+ # Fallback to the prometheus default unless specified
+ # scrapeTimeout: 30s
+
+ ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
+ additionalLabels: {}
+
+ # Retain the job and instance labels of the metrics pushed to the Pushgateway
+ # [Scraping Pushgateway](https://github.com/prometheus/pushgateway#configure-the-pushgateway-as-a-target-to-scrape)
+ honorLabels: true
+
+ ## Metric relabel configs to apply to samples before ingestion.
+ ## [Metric Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs)
+ metricRelabelings: []
+ # - action: keep
+ # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
+ # sourceLabels: [__name__]
+
+ ## Relabel configs to apply to samples before ingestion.
+ ## [Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config)
+ relabelings: []
+ # - sourceLabels: [__meta_kubernetes_pod_node_name]
+ # separator: ;
+ # regex: ^(.*)$
+ # targetLabel: nodename
+ # replacement: $1
+ # action: replace
+
+# The values to set in the PodDisruptionBudget spec (minAvailable/maxUnavailable)
+# If not set then a PodDisruptionBudget will not be created
+podDisruptionBudget: {}
+
+priorityClassName:
+
+# Deployment Strategy type
+strategy:
+ type: Recreate
+
+persistentVolume:
+ ## If true, pushgateway will create/use a Persistent Volume Claim
+ ## If false, use emptyDir
+ ##
+ enabled: false
+
+ ## pushgateway data Persistent Volume access modes
+ ## Must match those of existing PV or dynamic provisioner
+ ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+ ##
+ accessModes:
+ - ReadWriteOnce
+
+ ## pushgateway data Persistent Volume Claim annotations
+ ##
+ annotations: {}
+
+ ## pushgateway data Persistent Volume existing claim name
+ ## Requires pushgateway.persistentVolume.enabled: true
+ ## If defined, PVC must be created manually before volume will be bound
+ existingClaim: ""
+
+ ## pushgateway data Persistent Volume mount root path
+ ##
+ mountPath: /data
+
+ ## pushgateway data Persistent Volume size
+ ##
+ size: 2Gi
+
+ ## pushgateway data Persistent Volume Storage Class
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ ##
+ # storageClass: "-"
+
+ ## Subdirectory of pushgateway data Persistent Volume to mount
+ ## Useful if the volume's root directory is not empty
+ ##
+ subPath: ""
+
+extraVolumes: {}
+ # - name: extra
+ # emptyDir: {}
+extraVolumeMounts: {}
+ # - name: extra
+ # mountPath: /usr/share/extras
+ # readOnly: true
+
+# Configuration for clusters with restrictive network policies in place:
+# - allowAll allows access to the PushGateway from any namespace
+# - customSelector is a list of pod/namespaceSelectors to allow access from
+# These options are mutually exclusive and the latter will take precedence.
+networkPolicy: {}
+ # allowAll: true
+ # customSelectors:
+ # - namespaceSelector:
+ # matchLabels:
+ # type: admin
+ # - podSelector:
+ # matchLabels:
+ # app: myapp
diff --git a/charts/pxc-operator/Chart.yaml b/charts/pxc-operator/Chart.yaml
index 5f412ff..0723d74 100644
--- a/charts/pxc-operator/Chart.yaml
+++ b/charts/pxc-operator/Chart.yaml
@@ -1,12 +1,12 @@
apiVersion: v2
appVersion: 1.10.0
description: A Helm chart for Deploying the Percona XtraDB Cluster Operator Kubernetes
-name: pxc-operator
home: https://www.percona.com/doc/kubernetes-operator-for-pxc/kubernetes.html
-version: 1.10.0
-maintainers:
- - name: cap1984
- email: ivan.pylypenko@percona.com
- - name: tplavcic
- email: tomislav.plavcic@percona.com
icon: https://artifacthub.io/image/0b8875cd-6661-4269-9cf6-0fd92d59017b@1x
+maintainers:
+- email: ivan.pylypenko@percona.com
+ name: cap1984
+- email: tomislav.plavcic@percona.com
+ name: tplavcic
+name: pxc-operator
+version: 1.10.0
diff --git a/charts/rabbitmq-cluster-operator/.helmignore b/charts/rabbitmq-cluster-operator/.helmignore
new file mode 100644
index 0000000..f0c1319
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/charts/rabbitmq-cluster-operator/Chart.lock b/charts/rabbitmq-cluster-operator/Chart.lock
new file mode 100644
index 0000000..a85be99
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: common
+ repository: https://charts.bitnami.com/bitnami
+ version: 1.16.0
+digest: sha256:f41cb9ff725b7c9fa2725634196a6813566d630342f86a74903ed114b282c8c0
+generated: "2022-06-09T13:04:22.333237236Z"
diff --git a/charts/rabbitmq-cluster-operator/Chart.yaml b/charts/rabbitmq-cluster-operator/Chart.yaml
new file mode 100644
index 0000000..9111779
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/Chart.yaml
@@ -0,0 +1,29 @@
+annotations:
+ category: Infrastructure
+apiVersion: v2
+appVersion: 1.13.1
+dependencies:
+- name: common
+ repository: https://charts.bitnami.com/bitnami
+ tags:
+ - bitnami-common
+ version: 1.x.x
+description: The RabbitMQ Cluster Kubernetes Operator automates provisioning, management,
+ and operations of RabbitMQ clusters running on Kubernetes.
+home: https://github.com/rabbitmq/cluster-operator
+icon: https://bitnami.com/assets/stacks/rabbitmq-cluster-operator/img/rabbitmq-cluster-operator-stack-220x234.png
+keywords:
+- rabbitmq
+- operator
+- infrastructure
+- message queue
+- AMQP
+kubeVersion: '>= 1.19.0-0'
+maintainers:
+- name: Bitnami
+ url: https://github.com/bitnami/charts
+name: rabbitmq-cluster-operator
+sources:
+- https://github.com/bitnami/bitnami-docker-rabbitmq-cluster-operator
+- https://github.com/rabbitmq/cluster-operator
+version: 2.6.6
diff --git a/charts/rabbitmq-cluster-operator/README.md b/charts/rabbitmq-cluster-operator/README.md
new file mode 100644
index 0000000..2c1448a
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/README.md
@@ -0,0 +1,502 @@
+<!--- app-name: RabbitMQ Cluster Operator -->
+
+# RabbitMQ Cluster Operator packaged by Bitnami
+
+The RabbitMQ Cluster Kubernetes Operator automates provisioning, management, and operations of RabbitMQ clusters running on Kubernetes.
+
+[Overview of RabbitMQ Cluster Operator](https://github.com/rabbitmq/cluster-operator)
+
+Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.
+
+## TL;DR
+
+```console
+$ helm repo add bitnami https://charts.bitnami.com/bitnami
+$ helm install my-release bitnami/rabbitmq-cluster-operator
+```
+
+## Introduction
+
+Bitnami charts for Helm are carefully engineered, actively maintained and are the quickest and easiest way to deploy containers on a Kubernetes cluster that are ready to handle production workloads.
+
+This chart bootstraps a [RabbitMQ Cluster Operator](https://www.rabbitmq.com/kubernetes/operator/operator-overview.html) Deployment in a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
+
+## Prerequisites
+
+- Kubernetes 1.19+
+- Helm 3.2.0+
+- PV provisioner support in the underlying infrastructure
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+helm install my-release bitnami/rabbitmq-cluster-operators
+```
+
+The command deploy the RabbitMQ Cluster Kubernetes Operator on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
+
+> **Tip**: List all releases using `helm list`
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+helm delete my-release
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Differences between the Bitnami RabbitMQ chart and the Bitnami RabbitMQ Operator chart
+
+In the Bitnami catalog we offer both the *bitnami/rabbitmq* and *bitnami/rabbitmq-operator* charts. Each solution covers different needs and use cases.
+
+The *bitnami/rabbitmq* chart deploys a single RabbitMQ installation using a Kubernetes StatefulSet object (together with Services, PVCs, ConfigMaps, etc.). The figure below shows the deployed objects in the cluster after executing *helm install*:
+
+```
+ +--------------+ +-----+
+ | | | |
+ Service | RabbitMQ +<------------+ PVC |
+<-------------------+ | | |
+ | StatefulSet | +-----+
+ | |
+ +-----------+--+
+ ^ +------------+
+ | | |
+ +----------------+ Configmaps |
+ | Secrets |
+ +------------+
+
+```
+
+Its lifecycle is managed using Helm and, at the RabbitMQ container level, the following operations are automated: persistence management, configuration based on environment variables and plugin initialization. The StatefulSet do not require any ServiceAccounts with special RBAC privileges so this solution would fit better in more restricted Kubernetes installations.
+
+The *bitnami/rabbitmq-operator* chart deploys a RabbitMQ Operator installation using a Kubernetes Deployment. The figure below shows the RabbitMQ operator deployment after executing *helm install*:
+
+```
++--------------------+
+| | +---------------+
+| RabbitMQ Operator | | |
+| | | RBAC |
+| Deployment | | Privileges |
++-------+------------+ +-------+-------+
+ ^ |
+ | +-----------------+ |
+ +---+ Service Account +<----+
+ +-----------------+
+```
+
+The operator will extend the Kubernetes API with the following object: *RabbitmqCluster*. From that moment, the user will be able to deploy objects of these kinds and the previously deployed Operator will take care of deploying all the required StatefulSets, ConfigMaps and Services for running a RabbitMQ instance. Its lifecycle is managed using *kubectl* on the RabbitmqCluster objects. The following figure shows the deployed objects after deploying a *RabbitmqCluster* object using *kubectl*:
+
+```
+ +--------------------+
+ | | +---------------+
+ | RabbitMQ Operator | | |
+ | | | RBAC |
+ | Deployment | | Privileges |
+ +-------+------------+ +-------+-------+
+ | ^ |
+ | | +-----------------+ |
+ | +---+ Service Account +<----+
+ | +-----------------+
+ |
+ |
+ |
+ |
+ | -------------------------------------------------------------------------
+ | | |
+ | | +--------------+ +-----+ |
+ | | | | | | |
+ |--->| Service | RabbitMQ +<------------+ PVC | |
+ | <-------------------+ | | | |
+ | | StatefulSet | +-----+ |
+ | | | |
+ | +-----------+--+ |
+ | ^ +------------+ |
+ | | | | |
+ | +----------------+ Configmaps | |
+ | | Secrets | |
+ | +------------+ |
+ | |
+ | |
+ -------------------------------------------------------------------------
+
+```
+
+This solution allows to easily deploy multiple RabbitMQ instances compared to the *bitnami/rabbitmq* chart. As the operator automatically deploys RabbitMQ installations, the RabbitMQ Operator pods will require a ServiceAccount with privileges to create and destroy multiple Kubernetes objects. This may be problematic for Kubernetes clusters with strict role-based access policies.
+
+## Parameters
+
+### Global parameters
+
+| Name | Description | Value |
+| ------------------------- | ----------------------------------------------- | ----- |
+| `global.imageRegistry` | Global Docker image registry | `""` |
+| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
+| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` |
+
+
+### Common parameters
+
+| Name | Description | Value |
+| ------------------------ | ---------------------------------------------------- | --------------- |
+| `kubeVersion` | Override Kubernetes version | `""` |
+| `nameOverride` | String to partially override common.names.fullname | `""` |
+| `fullnameOverride` | String to fully override common.names.fullname | `""` |
+| `commonLabels` | Labels to add to all deployed objects | `{}` |
+| `commonAnnotations` | Annotations to add to all deployed objects | `{}` |
+| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` |
+| `extraDeploy` | Array of extra objects to deploy with the release | `[]` |
+| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled) | `false` |
+
+
+### RabbitMQ Cluster Operator Parameters
+
+| Name | Description | Value |
+| ----------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------- | ---------------------------------------- |
+| `rabbitmqImage.registry` | RabbitMQ Image registry | `docker.io` |
+| `rabbitmqImage.repository` | RabbitMQ Image repository | `bitnami/rabbitmq` |
+| `rabbitmqImage.tag` | RabbitMQ Image tag (immutable tags are recommended) | `3.8.28-debian-10-r1` |
+| `rabbitmqImage.pullSecrets` | RabbitMQ Image pull secrets | `[]` |
+| `credentialUpdaterImage.registry` | RabbitMQ Default User Credential Updater Image registry | `docker.io` |
+| `credentialUpdaterImage.repository` | RabbitMQ Default User Credential Updater Image repository | `bitnami/rmq-default-credential-updater` |
+| `credentialUpdaterImage.tag` | RabbitMQ Default User Credential Updater Image tag (immutable tags are recommended) | `1.0.2-scratch-r0` |
+| `credentialUpdaterImage.pullSecrets` | RabbitMQ Default User Credential Updater Image pull secrets | `[]` |
+| `clusterOperator.image.registry` | RabbitMQ Cluster Operator image registry | `docker.io` |
+| `clusterOperator.image.repository` | RabbitMQ Cluster Operator image repository | `bitnami/rabbitmq-cluster-operator` |
+| `clusterOperator.image.tag` | RabbitMQ Cluster Operator image tag (immutable tags are recommended) | `1.12.1-scratch-r2` |
+| `clusterOperator.image.pullPolicy` | RabbitMQ Cluster Operator image pull policy | `IfNotPresent` |
+| `clusterOperator.image.pullSecrets` | RabbitMQ Cluster Operator image pull secrets | `[]` |
+| `clusterOperator.replicaCount` | Number of RabbitMQ Cluster Operator replicas to deploy | `1` |
+| `clusterOperator.schedulerName` | Alternative scheduler | `""` |
+| `clusterOperator.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
+| `clusterOperator.terminationGracePeriodSeconds` | In seconds, time the given to the %%MAIN_CONTAINER_NAME%% pod needs to terminate gracefully | `""` |
+| `clusterOperator.livenessProbe.enabled` | Enable livenessProbe on RabbitMQ Cluster Operator nodes | `true` |
+| `clusterOperator.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
+| `clusterOperator.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` |
+| `clusterOperator.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
+| `clusterOperator.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` |
+| `clusterOperator.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
+| `clusterOperator.readinessProbe.enabled` | Enable readinessProbe on RabbitMQ Cluster Operator nodes | `true` |
+| `clusterOperator.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
+| `clusterOperator.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `30` |
+| `clusterOperator.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
+| `clusterOperator.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` |
+| `clusterOperator.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
+| `clusterOperator.startupProbe.enabled` | Enable startupProbe on RabbitMQ Cluster Operator nodes | `false` |
+| `clusterOperator.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
+| `clusterOperator.startupProbe.periodSeconds` | Period seconds for startupProbe | `30` |
+| `clusterOperator.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
+| `clusterOperator.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` |
+| `clusterOperator.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
+| `clusterOperator.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
+| `clusterOperator.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
+| `clusterOperator.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
+| `clusterOperator.resources.limits` | The resources limits for the RabbitMQ Cluster Operator containers | `{}` |
+| `clusterOperator.resources.requests` | The requested resources for the RabbitMQ Cluster Operator containers | `{}` |
+| `clusterOperator.podSecurityContext.enabled` | Enabled RabbitMQ Cluster Operator pods' Security Context | `true` |
+| `clusterOperator.podSecurityContext.fsGroup` | Set RabbitMQ Cluster Operator pod's Security Context fsGroup | `1001` |
+| `clusterOperator.containerSecurityContext.enabled` | Enabled RabbitMQ Cluster Operator containers' Security Context | `true` |
+| `clusterOperator.containerSecurityContext.runAsUser` | Set RabbitMQ Cluster Operator containers' Security Context runAsUser | `1001` |
+| `clusterOperator.containerSecurityContext.runAsNonRoot` | Force running the container as non root | `true` |
+| `clusterOperator.containerSecurityContext.readOnlyRootFilesystem` | mount / (root) as a readonly filesystem on cluster operator containers | `true` |
+| `clusterOperator.command` | Override default container command (useful when using custom images) | `[]` |
+| `clusterOperator.args` | Override default container args (useful when using custom images) | `[]` |
+| `clusterOperator.hostAliases` | RabbitMQ Cluster Operator pods host aliases | `[]` |
+| `clusterOperator.podLabels` | Extra labels for RabbitMQ Cluster Operator pods | `{}` |
+| `clusterOperator.podAnnotations` | Annotations for RabbitMQ Cluster Operator pods | `{}` |
+| `clusterOperator.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
+| `clusterOperator.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
+| `clusterOperator.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
+| `clusterOperator.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` |
+| `clusterOperator.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` |
+| `clusterOperator.affinity` | Affinity for RabbitMQ Cluster Operator pods assignment | `{}` |
+| `clusterOperator.nodeSelector` | Node labels for RabbitMQ Cluster Operator pods assignment | `{}` |
+| `clusterOperator.tolerations` | Tolerations for RabbitMQ Cluster Operator pods assignment | `[]` |
+| `clusterOperator.updateStrategy.type` | RabbitMQ Cluster Operator statefulset strategy type | `RollingUpdate` |
+| `clusterOperator.priorityClassName` | RabbitMQ Cluster Operator pods' priorityClassName | `""` |
+| `clusterOperator.lifecycleHooks` | for the RabbitMQ Cluster Operator container(s) to automate configuration before or after startup | `{}` |
+| `clusterOperator.containerPorts.metrics` | RabbitMQ Cluster Operator container port (used for metrics) | `9782` |
+| `clusterOperator.extraEnvVars` | Array with extra environment variables to add to RabbitMQ Cluster Operator nodes | `[]` |
+| `clusterOperator.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for RabbitMQ Cluster Operator nodes | `""` |
+| `clusterOperator.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for RabbitMQ Cluster Operator nodes | `""` |
+| `clusterOperator.extraVolumes` | Optionally specify extra list of additional volumes for the RabbitMQ Cluster Operator pod(s) | `[]` |
+| `clusterOperator.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the RabbitMQ Cluster Operator container(s) | `[]` |
+| `clusterOperator.sidecars` | Add additional sidecar containers to the RabbitMQ Cluster Operator pod(s) | `[]` |
+| `clusterOperator.initContainers` | Add additional init containers to the RabbitMQ Cluster Operator pod(s) | `[]` |
+| `clusterOperator.rbac.create` | Specifies whether RBAC resources should be created | `true` |
+| `clusterOperator.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
+| `clusterOperator.serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
+| `clusterOperator.serviceAccount.annotations` | Add annotations | `{}` |
+| `clusterOperator.serviceAccount.automountServiceAccountToken` | Automount API credentials for a service account. | `true` |
+
+
+### RabbitMQ Cluster Operator Metrics parameters
+
+| Name | Description | Value |
+| ---------------------------------------------------------- | --------------------------------------------------------------------------- | ------------------------ |
+| `clusterOperator.metrics.enabled` | Create a service for accessing the metrics endpoint | `false` |
+| `clusterOperator.metrics.service.type` | RabbitMQ Cluster Operator metrics service type | `ClusterIP` |
+| `clusterOperator.metrics.service.ports.http` | RabbitMQ Cluster Operator metrics service HTTP port | `80` |
+| `clusterOperator.metrics.service.nodePorts.http` | Node port for HTTP | `""` |
+| `clusterOperator.metrics.service.clusterIP` | RabbitMQ Cluster Operator metrics service Cluster IP | `""` |
+| `clusterOperator.metrics.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
+| `clusterOperator.metrics.service.loadBalancerIP` | RabbitMQ Cluster Operator metrics service Load Balancer IP | `""` |
+| `clusterOperator.metrics.service.loadBalancerSourceRanges` | RabbitMQ Cluster Operator metrics service Load Balancer sources | `[]` |
+| `clusterOperator.metrics.service.externalTrafficPolicy` | RabbitMQ Cluster Operator metrics service external traffic policy | `Cluster` |
+| `clusterOperator.metrics.service.annotations` | Additional custom annotations for RabbitMQ Cluster Operator metrics service | `{}` |
+| `clusterOperator.metrics.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
+| `clusterOperator.metrics.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
+| `clusterOperator.metrics.serviceMonitor.enabled` | Specify if a servicemonitor will be deployed for prometheus-operator | `false` |
+| `clusterOperator.metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` |
+| `clusterOperator.metrics.serviceMonitor.jobLabel` | Specify the jobLabel to use for the prometheus-operator | `app.kubernetes.io/name` |
+| `clusterOperator.metrics.serviceMonitor.honorLabels` | Honor metrics labels | `false` |
+| `clusterOperator.metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` |
+| `clusterOperator.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` |
+| `clusterOperator.metrics.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `""` |
+| `clusterOperator.metrics.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` |
+| `clusterOperator.metrics.serviceMonitor.relabelings` | Specify general relabeling | `[]` |
+| `clusterOperator.metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` |
+
+
+### RabbitMQ Messaging Topology Operator Parameters
+
+| Name | Description | Value |
+| --------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ | ----------------------------------------- |
+| `msgTopologyOperator.image.registry` | RabbitMQ Messaging Topology Operator image registry | `docker.io` |
+| `msgTopologyOperator.image.repository` | RabbitMQ Messaging Topology Operator image repository | `bitnami/rmq-messaging-topology-operator` |
+| `msgTopologyOperator.image.tag` | RabbitMQ Messaging Topology Operator image tag (immutable tags are recommended) | `1.5.0-scratch-r0` |
+| `msgTopologyOperator.image.pullPolicy` | RabbitMQ Messaging Topology Operator image pull policy | `IfNotPresent` |
+| `msgTopologyOperator.image.pullSecrets` | RabbitMQ Messaging Topology Operator image pull secrets | `[]` |
+| `msgTopologyOperator.replicaCount` | Number of RabbitMQ Messaging Topology Operator replicas to deploy | `1` |
+| `msgTopologyOperator.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
+| `msgTopologyOperator.schedulerName` | Alternative scheduler | `""` |
+| `msgTopologyOperator.terminationGracePeriodSeconds` | In seconds, time the given to the %%MAIN_CONTAINER_NAME%% pod needs to terminate gracefully | `""` |
+| `msgTopologyOperator.livenessProbe.enabled` | Enable livenessProbe on RabbitMQ Messaging Topology Operator nodes | `true` |
+| `msgTopologyOperator.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
+| `msgTopologyOperator.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` |
+| `msgTopologyOperator.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
+| `msgTopologyOperator.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` |
+| `msgTopologyOperator.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
+| `msgTopologyOperator.readinessProbe.enabled` | Enable readinessProbe on RabbitMQ Messaging Topology Operator nodes | `true` |
+| `msgTopologyOperator.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
+| `msgTopologyOperator.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `30` |
+| `msgTopologyOperator.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
+| `msgTopologyOperator.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` |
+| `msgTopologyOperator.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
+| `msgTopologyOperator.startupProbe.enabled` | Enable startupProbe on RabbitMQ Messaging Topology Operator nodes | `false` |
+| `msgTopologyOperator.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
+| `msgTopologyOperator.startupProbe.periodSeconds` | Period seconds for startupProbe | `30` |
+| `msgTopologyOperator.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
+| `msgTopologyOperator.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` |
+| `msgTopologyOperator.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
+| `msgTopologyOperator.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
+| `msgTopologyOperator.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
+| `msgTopologyOperator.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
+| `msgTopologyOperator.existingWebhookCertSecret` | name of a secret containing the certificates (use it to avoid certManager creating one) | `""` |
+| `msgTopologyOperator.existingWebhookCertCABundle` | PEM-encoded CA Bundle of the existing secret provided in existingWebhookCertSecret (only if useCertManager=false) | `""` |
+| `msgTopologyOperator.resources.limits` | The resources limits for the RabbitMQ Messaging Topology Operator containers | `{}` |
+| `msgTopologyOperator.resources.requests` | The requested resources for the RabbitMQ Messaging Topology Operator containers | `{}` |
+| `msgTopologyOperator.podSecurityContext.enabled` | Enabled RabbitMQ Messaging Topology Operator pods' Security Context | `true` |
+| `msgTopologyOperator.podSecurityContext.fsGroup` | Set RabbitMQ Messaging Topology Operator pod's Security Context fsGroup | `1001` |
+| `msgTopologyOperator.containerSecurityContext.enabled` | Enabled RabbitMQ Messaging Topology Operator containers' Security Context | `true` |
+| `msgTopologyOperator.containerSecurityContext.runAsUser` | Set RabbitMQ Messaging Topology Operator containers' Security Context runAsUser | `1001` |
+| `msgTopologyOperator.containerSecurityContext.runAsNonRoot` | Force running the container as non root | `true` |
+| `msgTopologyOperator.containerSecurityContext.readOnlyRootFilesystem` | mount / (root) as a readonly filesystem on Messaging Topology Operator | `true` |
+| `msgTopologyOperator.fullnameOverride` | String to fully override rmqco.msgTopologyOperator.fullname template | `""` |
+| `msgTopologyOperator.command` | Override default container command (useful when using custom images) | `[]` |
+| `msgTopologyOperator.args` | Override default container args (useful when using custom images) | `[]` |
+| `msgTopologyOperator.hostAliases` | RabbitMQ Messaging Topology Operator pods host aliases | `[]` |
+| `msgTopologyOperator.podLabels` | Extra labels for RabbitMQ Messaging Topology Operator pods | `{}` |
+| `msgTopologyOperator.podAnnotations` | Annotations for RabbitMQ Messaging Topology Operator pods | `{}` |
+| `msgTopologyOperator.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
+| `msgTopologyOperator.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
+| `msgTopologyOperator.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
+| `msgTopologyOperator.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` |
+| `msgTopologyOperator.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` |
+| `msgTopologyOperator.affinity` | Affinity for RabbitMQ Messaging Topology Operator pods assignment | `{}` |
+| `msgTopologyOperator.nodeSelector` | Node labels for RabbitMQ Messaging Topology Operator pods assignment | `{}` |
+| `msgTopologyOperator.tolerations` | Tolerations for RabbitMQ Messaging Topology Operator pods assignment | `[]` |
+| `msgTopologyOperator.updateStrategy.type` | RabbitMQ Messaging Topology Operator statefulset strategy type | `RollingUpdate` |
+| `msgTopologyOperator.priorityClassName` | RabbitMQ Messaging Topology Operator pods' priorityClassName | `""` |
+| `msgTopologyOperator.lifecycleHooks` | for the RabbitMQ Messaging Topology Operator container(s) to automate configuration before or after startup | `{}` |
+| `msgTopologyOperator.containerPorts.metrics` | RabbitMQ Messaging Topology Operator container port (used for metrics) | `8080` |
+| `msgTopologyOperator.extraEnvVars` | Array with extra environment variables to add to RabbitMQ Messaging Topology Operator nodes | `[]` |
+| `msgTopologyOperator.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for RabbitMQ Messaging Topology Operator nodes | `""` |
+| `msgTopologyOperator.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for RabbitMQ Messaging Topology Operator nodes | `""` |
+| `msgTopologyOperator.extraVolumes` | Optionally specify extra list of additional volumes for the RabbitMQ Messaging Topology Operator pod(s) | `[]` |
+| `msgTopologyOperator.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the RabbitMQ Messaging Topology Operator container(s) | `[]` |
+| `msgTopologyOperator.sidecars` | Add additional sidecar containers to the RabbitMQ Messaging Topology Operator pod(s) | `[]` |
+| `msgTopologyOperator.initContainers` | Add additional init containers to the RabbitMQ Messaging Topology Operator pod(s) | `[]` |
+| `msgTopologyOperator.service.type` | RabbitMQ Messaging Topology Operator webhook service type | `ClusterIP` |
+| `msgTopologyOperator.service.ports.webhook` | RabbitMQ Messaging Topology Operator webhook service HTTP port | `443` |
+| `msgTopologyOperator.service.nodePorts.http` | Node port for HTTP | `""` |
+| `msgTopologyOperator.service.clusterIP` | RabbitMQ Messaging Topology Operator webhook service Cluster IP | `""` |
+| `msgTopologyOperator.service.loadBalancerIP` | RabbitMQ Messaging Topology Operator webhook service Load Balancer IP | `""` |
+| `msgTopologyOperator.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
+| `msgTopologyOperator.service.loadBalancerSourceRanges` | RabbitMQ Messaging Topology Operator webhook service Load Balancer sources | `[]` |
+| `msgTopologyOperator.service.externalTrafficPolicy` | RabbitMQ Messaging Topology Operator webhook service external traffic policy | `Cluster` |
+| `msgTopologyOperator.service.annotations` | Additional custom annotations for RabbitMQ Messaging Topology Operator webhook service | `{}` |
+| `msgTopologyOperator.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
+| `msgTopologyOperator.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
+| `msgTopologyOperator.rbac.create` | Specifies whether RBAC resources should be created | `true` |
+| `msgTopologyOperator.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
+| `msgTopologyOperator.serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
+| `msgTopologyOperator.serviceAccount.annotations` | Add annotations | `{}` |
+| `msgTopologyOperator.serviceAccount.automountServiceAccountToken` | Automount API credentials for a service account. | `true` |
+
+
+### RabbitMQ Messaging Topology Operator parameters
+
+| Name | Description | Value |
+| -------------------------------------------------------------- | --------------------------------------------------------------------------- | ------------------------ |
+| `msgTopologyOperator.metrics.enabled` | Create a service for accessing the metrics endpoint | `false` |
+| `msgTopologyOperator.metrics.service.type` | RabbitMQ Cluster Operator metrics service type | `ClusterIP` |
+| `msgTopologyOperator.metrics.service.ports.http` | RabbitMQ Cluster Operator metrics service HTTP port | `80` |
+| `msgTopologyOperator.metrics.service.nodePorts.http` | Node port for HTTP | `""` |
+| `msgTopologyOperator.metrics.service.clusterIP` | RabbitMQ Cluster Operator metrics service Cluster IP | `""` |
+| `msgTopologyOperator.metrics.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
+| `msgTopologyOperator.metrics.service.loadBalancerIP` | RabbitMQ Cluster Operator metrics service Load Balancer IP | `""` |
+| `msgTopologyOperator.metrics.service.loadBalancerSourceRanges` | RabbitMQ Cluster Operator metrics service Load Balancer sources | `[]` |
+| `msgTopologyOperator.metrics.service.externalTrafficPolicy` | RabbitMQ Cluster Operator metrics service external traffic policy | `Cluster` |
+| `msgTopologyOperator.metrics.service.annotations` | Additional custom annotations for RabbitMQ Cluster Operator metrics service | `{}` |
+| `msgTopologyOperator.metrics.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
+| `msgTopologyOperator.metrics.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
+| `msgTopologyOperator.metrics.serviceMonitor.enabled` | Specify if a servicemonitor will be deployed for prometheus-operator | `false` |
+| `msgTopologyOperator.metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` |
+| `msgTopologyOperator.metrics.serviceMonitor.jobLabel` | Specify the jobLabel to use for the prometheus-operator | `app.kubernetes.io/name` |
+| `msgTopologyOperator.metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` |
+| `msgTopologyOperator.metrics.serviceMonitor.honorLabels` | Honor metrics labels | `false` |
+| `msgTopologyOperator.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` |
+| `msgTopologyOperator.metrics.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `""` |
+| `msgTopologyOperator.metrics.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` |
+| `msgTopologyOperator.metrics.serviceMonitor.relabelings` | Specify general relabeling | `[]` |
+| `msgTopologyOperator.metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` |
+
+
+### cert-manager parameters
+
+| Name | Description | Value |
+| ---------------- | ----------------------------------------------------------------- | ------- |
+| `useCertManager` | Deploy cert-manager objects (Issuer and Certificate) for webhooks | `false` |
+
+
+See [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) to create the table.
+
+The above parameters map to the env variables defined in [bitnami/rabbitmq-cluster-operator](https://github.com/bitnami/bitnami-docker-rabbitmq-cluster-operator). For more information please refer to the [bitnami/rabbitmq-cluster-operator](https://github.com/bitnami/bitnami-docker-rabbitmq-cluster-operator) image documentation.
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+
+```console
+helm install my-release \
+ --set livenessProbe.enabled=false \
+ bitnami/rabbitmq-cluster-operator
+```
+
+The above command disables the Operator liveness probes.
+
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
+
+```console
+helm install my-release -f values.yaml bitnami/rabbitmq-cluster-operator
+```
+
+> **Tip**: You can use the default [values.yaml](values.yaml)
+
+## Configuration and installation details
+
+### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/)
+
+It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
+
+Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
+
+### Additional environment variables
+
+In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property.
+
+```yaml
+rabbitmq-cluster-operator:
+ extraEnvVars:
+ - name: LOG_LEVEL
+ value: error
+```
+
+Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values.
+
+### Sidecars
+
+If additional containers are needed in the same pod as rabbitmq-cluster-operator (such as additional metrics or logging exporters), they can be defined using the `sidecars` parameter. If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter. [Learn more about configuring and using sidecar containers](https://docs.bitnami.com/kubernetes/infrastructure/rabbitmq-cluster-operator/configuration/configure-sidecar-init-containers/).
+
+### Pod affinity
+
+This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity).
+
+As an alternative, use one of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters.
+### Deploying extra resources
+
+There are cases where you may want to deploy extra objects, such your custom *RabbitmqCluster* objects. For covering this case, the chart allows adding the full specification of other objects using the `extraDeploy` parameter.
+
+For instance, to deploy your custom *RabbitmqCluster* definition, you can install the RabbitMQ Cluster Operator using the values below:
+
+```yaml
+extraDeploy:
+ - apiVersion: rabbitmq.com/v1beta1
+ kind: RabbitmqCluster
+ metadata:
+ name: rabbitmq-custom-configuration
+ spec:
+ replicas: 1
+ rabbitmq:
+ additionalConfig: |
+ log.console.level = debug
+```
+
+## Troubleshooting
+
+Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues).
+
+## Upgrading
+
+### To 2.0.0
+
+This new version adds the following components:
+
+ - RabbitMQ Messaging Topology Operator: all the settings are inside the `msgTopologyOperator` section.
+ - RabbitMQ Default User Credential Updater sidecar: this enables Hashicorp Vault integration for all `RabbitMQCluster` instances.
+ - `cert-manager` subchart: this is necessary for the RabbitMQ Messaging Topology Webhooks to work.
+
+As a breaking change, all `rabbitmq-cluster-operator` deployment values were moved to the `clusterOperator` section.
+
+No issues are expected during upgrades.
+
+### To 1.0.0
+
+The CRD was updated according to the latest changes in the upstream project. Thanks to the improvements in the latest changes, the CRD is not templated anymore abd can be placed under the `crds` directory following [Helm best practices for CRDS](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/).
+
+You need to manually delete the old CRD before upgrading the release.
+
+```console
+kubectl delete crd rabbitmqclusters.rabbitmq.com
+helm upgrade my-release bitnami/rabbitmq-cluster-operator
+```
+
+## License
+
+Copyright © 2022 Bitnami
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
\ No newline at end of file
diff --git a/charts/rabbitmq-cluster-operator/charts/common/.helmignore b/charts/rabbitmq-cluster-operator/charts/common/.helmignore
new file mode 100644
index 0000000..50af031
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/charts/common/.helmignore
@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/rabbitmq-cluster-operator/charts/common/Chart.yaml b/charts/rabbitmq-cluster-operator/charts/common/Chart.yaml
new file mode 100644
index 0000000..bd152e3
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/charts/common/Chart.yaml
@@ -0,0 +1,23 @@
+annotations:
+ category: Infrastructure
+apiVersion: v2
+appVersion: 1.16.0
+description: A Library Helm Chart for grouping common logic between bitnami charts.
+ This chart is not deployable by itself.
+home: https://github.com/bitnami/charts/tree/master/bitnami/common
+icon: https://bitnami.com/downloads/logos/bitnami-mark.png
+keywords:
+- common
+- helper
+- template
+- function
+- bitnami
+maintainers:
+- name: Bitnami
+ url: https://github.com/bitnami/charts
+name: common
+sources:
+- https://github.com/bitnami/charts
+- https://www.bitnami.com/
+type: library
+version: 1.16.0
diff --git a/charts/rabbitmq-cluster-operator/charts/common/README.md b/charts/rabbitmq-cluster-operator/charts/common/README.md
new file mode 100644
index 0000000..3b5e09c
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/charts/common/README.md
@@ -0,0 +1,350 @@
+# Bitnami Common Library Chart
+
+A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts.
+
+## TL;DR
+
+```yaml
+dependencies:
+ - name: common
+ version: 1.x.x
+ repository: https://charts.bitnami.com/bitnami
+```
+
+```bash
+$ helm dependency update
+```
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.names.fullname" . }}
+data:
+ myvalue: "Hello World"
+```
+
+## Introduction
+
+This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager.
+
+Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications.
+
+## Prerequisites
+
+- Kubernetes 1.19+
+- Helm 3.2.0+
+
+## Parameters
+
+The following table lists the helpers available in the library which are scoped in different sections.
+
+### Affinities
+
+| Helper identifier | Description | Expected Input |
+|-------------------------------|------------------------------------------------------|------------------------------------------------|
+| `common.affinities.nodes.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` |
+| `common.affinities.nodes.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` |
+| `common.affinities.pods.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` |
+| `common.affinities.pods.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` |
+
+### Capabilities
+
+| Helper identifier | Description | Expected Input |
+|------------------------------------------------|------------------------------------------------------------------------------------------------|-------------------|
+| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context |
+| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context |
+| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context |
+| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context |
+| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context |
+| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context |
+| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context |
+| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for podsecuritypolicy. | `.` Chart context |
+| `common.capabilities.networkPolicy.apiVersion` | Return the appropriate apiVersion for networkpolicy. | `.` Chart context |
+| `common.capabilities.apiService.apiVersion` | Return the appropriate apiVersion for APIService. | `.` Chart context |
+| `common.capabilities.hpa.apiVersion` | Return the appropriate apiVersion for Horizontal Pod Autoscaler | `.` Chart context |
+| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context |
+
+### Errors
+
+| Helper identifier | Description | Expected Input |
+|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------|
+| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` |
+
+### Images
+
+| Helper identifier | Description | Expected Input |
+|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------|
+| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. |
+| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` |
+| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` |
+
+### Ingress
+
+| Helper identifier | Description | Expected Input |
+|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences |
+| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context |
+| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context |
+| `common.ingress.certManagerRequest` | Prints "true" if required cert-manager annotations for TLS signed certificates are set in the Ingress annotations | `dict "annotations" .Values.path.to.the.ingress.annotations` |
+
+### Labels
+
+| Helper identifier | Description | Expected Input |
+|-----------------------------|-----------------------------------------------------------------------------|-------------------|
+| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context |
+| `common.labels.matchLabels` | Labels to use on `deploy.spec.selector.matchLabels` and `svc.spec.selector` | `.` Chart context |
+
+### Names
+
+| Helper identifier | Description | Expected Input |
+|-----------------------------------|-----------------------------------------------------------------------|-------------------|
+| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context |
+| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context |
+| `common.names.namespace` | Allow the release namespace to be overridden | `.` Chart context |
+| `common.names.fullname.namespace` | Create a fully qualified app name adding the installation's namespace | `.` Chart context |
+| `common.names.chart` | Chart name plus version | `.` Chart context |
+
+### Secrets
+
+| Helper identifier | Description | Expected Input |
+|---------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. |
+| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. |
+| `common.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. |
+| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` |
+
+### Storage
+
+| Helper identifier | Description | Expected Input |
+|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------|
+| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. |
+
+### TplValues
+
+| Helper identifier | Description | Expected Input |
+|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` |
+
+### Utils
+
+| Helper identifier | Description | Expected Input |
+|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------|
+| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` |
+| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` |
+| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` |
+| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` |
+
+### Validations
+
+| Helper identifier | Description | Expected Input |
+|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) |
+| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) |
+| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. |
+| `common.validations.values.mysql.passwords` | This helper will ensure required password for MySQL are not empty. It returns a shared error for all the values. | `dict "secret" "mysql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mysql chart and the helper. |
+| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. |
+| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis® are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. |
+| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. |
+| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. |
+
+### Warnings
+
+| Helper identifier | Description | Expected Input |
+|------------------------------|----------------------------------|------------------------------------------------------------|
+| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. |
+
+## Special input schemas
+
+### ImageRoot
+
+```yaml
+registry:
+ type: string
+ description: Docker registry where the image is located
+ example: docker.io
+
+repository:
+ type: string
+ description: Repository and image name
+ example: bitnami/nginx
+
+tag:
+ type: string
+ description: image tag
+ example: 1.16.1-debian-10-r63
+
+pullPolicy:
+ type: string
+ description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+
+pullSecrets:
+ type: array
+ items:
+ type: string
+ description: Optionally specify an array of imagePullSecrets (evaluated as templates).
+
+debug:
+ type: boolean
+ description: Set to true if you would like to see extra information on logs
+ example: false
+
+## An instance would be:
+# registry: docker.io
+# repository: bitnami/nginx
+# tag: 1.16.1-debian-10-r63
+# pullPolicy: IfNotPresent
+# debug: false
+```
+
+### Persistence
+
+```yaml
+enabled:
+ type: boolean
+ description: Whether enable persistence.
+ example: true
+
+storageClass:
+ type: string
+ description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning.
+ example: "-"
+
+accessMode:
+ type: string
+ description: Access mode for the Persistent Volume Storage.
+ example: ReadWriteOnce
+
+size:
+ type: string
+ description: Size the Persistent Volume Storage.
+ example: 8Gi
+
+path:
+ type: string
+ description: Path to be persisted.
+ example: /bitnami
+
+## An instance would be:
+# enabled: true
+# storageClass: "-"
+# accessMode: ReadWriteOnce
+# size: 8Gi
+# path: /bitnami
+```
+
+### ExistingSecret
+
+```yaml
+name:
+ type: string
+ description: Name of the existing secret.
+ example: mySecret
+keyMapping:
+ description: Mapping between the expected key name and the name of the key in the existing secret.
+ type: object
+
+## An instance would be:
+# name: mySecret
+# keyMapping:
+# password: myPasswordKey
+```
+
+#### Example of use
+
+When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets.
+
+```yaml
+# templates/secret.yaml
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.names.fullname" . }}
+ labels:
+ app: {{ include "common.names.fullname" . }}
+type: Opaque
+data:
+ password: {{ .Values.password | b64enc | quote }}
+
+# templates/dpl.yaml
+---
+...
+ env:
+ - name: PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }}
+ key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }}
+...
+
+# values.yaml
+---
+name: mySecret
+keyMapping:
+ password: myPasswordKey
+```
+
+### ValidateValue
+
+#### NOTES.txt
+
+```console
+{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}}
+{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}}
+
+{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }}
+```
+
+If we force those values to be empty we will see some alerts
+
+```console
+$ helm install test mychart --set path.to.value00="",path.to.value01=""
+ 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value:
+
+ export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d)
+
+ 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value:
+
+ export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 -d)
+```
+
+## Upgrading
+
+### To 1.0.0
+
+[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
+
+**What changes were introduced in this major version?**
+
+- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field.
+- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information.
+- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts
+
+**Considerations when upgrading to this version**
+
+- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues
+- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore
+- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3
+
+**Useful links**
+
+- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/
+- https://helm.sh/docs/topics/v2_v3_migration/
+- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/
+
+## License
+
+Copyright © 2022 Bitnami
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/charts/rabbitmq-cluster-operator/charts/common/templates/_affinities.tpl b/charts/rabbitmq-cluster-operator/charts/common/templates/_affinities.tpl
new file mode 100644
index 0000000..189ea40
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/charts/common/templates/_affinities.tpl
@@ -0,0 +1,102 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/*
+Return a soft nodeAffinity definition
+{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}}
+*/}}
+{{- define "common.affinities.nodes.soft" -}}
+preferredDuringSchedulingIgnoredDuringExecution:
+ - preference:
+ matchExpressions:
+ - key: {{ .key }}
+ operator: In
+ values:
+ {{- range .values }}
+ - {{ . | quote }}
+ {{- end }}
+ weight: 1
+{{- end -}}
+
+{{/*
+Return a hard nodeAffinity definition
+{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}}
+*/}}
+{{- define "common.affinities.nodes.hard" -}}
+requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: {{ .key }}
+ operator: In
+ values:
+ {{- range .values }}
+ - {{ . | quote }}
+ {{- end }}
+{{- end -}}
+
+{{/*
+Return a nodeAffinity definition
+{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}}
+*/}}
+{{- define "common.affinities.nodes" -}}
+ {{- if eq .type "soft" }}
+ {{- include "common.affinities.nodes.soft" . -}}
+ {{- else if eq .type "hard" }}
+ {{- include "common.affinities.nodes.hard" . -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Return a soft podAffinity/podAntiAffinity definition
+{{ include "common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}}
+*/}}
+{{- define "common.affinities.pods.soft" -}}
+{{- $component := default "" .component -}}
+{{- $extraMatchLabels := default (dict) .extraMatchLabels -}}
+preferredDuringSchedulingIgnoredDuringExecution:
+ - podAffinityTerm:
+ labelSelector:
+ matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }}
+ {{- if not (empty $component) }}
+ {{ printf "app.kubernetes.io/component: %s" $component }}
+ {{- end }}
+ {{- range $key, $value := $extraMatchLabels }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ namespaces:
+ - {{ .context.Release.Namespace | quote }}
+ topologyKey: kubernetes.io/hostname
+ weight: 1
+{{- end -}}
+
+{{/*
+Return a hard podAffinity/podAntiAffinity definition
+{{ include "common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}}
+*/}}
+{{- define "common.affinities.pods.hard" -}}
+{{- $component := default "" .component -}}
+{{- $extraMatchLabels := default (dict) .extraMatchLabels -}}
+requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }}
+ {{- if not (empty $component) }}
+ {{ printf "app.kubernetes.io/component: %s" $component }}
+ {{- end }}
+ {{- range $key, $value := $extraMatchLabels }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ namespaces:
+ - {{ .context.Release.Namespace | quote }}
+ topologyKey: kubernetes.io/hostname
+{{- end -}}
+
+{{/*
+Return a podAffinity/podAntiAffinity definition
+{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}}
+*/}}
+{{- define "common.affinities.pods" -}}
+ {{- if eq .type "soft" }}
+ {{- include "common.affinities.pods.soft" . -}}
+ {{- else if eq .type "hard" }}
+ {{- include "common.affinities.pods.hard" . -}}
+ {{- end -}}
+{{- end -}}
diff --git a/charts/rabbitmq-cluster-operator/charts/common/templates/_capabilities.tpl b/charts/rabbitmq-cluster-operator/charts/common/templates/_capabilities.tpl
new file mode 100644
index 0000000..9d9b760
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/charts/common/templates/_capabilities.tpl
@@ -0,0 +1,154 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/*
+Return the target Kubernetes version
+*/}}
+{{- define "common.capabilities.kubeVersion" -}}
+{{- if .Values.global }}
+ {{- if .Values.global.kubeVersion }}
+ {{- .Values.global.kubeVersion -}}
+ {{- else }}
+ {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}}
+ {{- end -}}
+{{- else }}
+{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for poddisruptionbudget.
+*/}}
+{{- define "common.capabilities.policy.apiVersion" -}}
+{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "policy/v1beta1" -}}
+{{- else -}}
+{{- print "policy/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for networkpolicy.
+*/}}
+{{- define "common.capabilities.networkPolicy.apiVersion" -}}
+{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "extensions/v1beta1" -}}
+{{- else -}}
+{{- print "networking.k8s.io/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for cronjob.
+*/}}
+{{- define "common.capabilities.cronjob.apiVersion" -}}
+{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "batch/v1beta1" -}}
+{{- else -}}
+{{- print "batch/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for deployment.
+*/}}
+{{- define "common.capabilities.deployment.apiVersion" -}}
+{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "extensions/v1beta1" -}}
+{{- else -}}
+{{- print "apps/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for statefulset.
+*/}}
+{{- define "common.capabilities.statefulset.apiVersion" -}}
+{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "apps/v1beta1" -}}
+{{- else -}}
+{{- print "apps/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for ingress.
+*/}}
+{{- define "common.capabilities.ingress.apiVersion" -}}
+{{- if .Values.ingress -}}
+{{- if .Values.ingress.apiVersion -}}
+{{- .Values.ingress.apiVersion -}}
+{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "extensions/v1beta1" -}}
+{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "networking.k8s.io/v1beta1" -}}
+{{- else -}}
+{{- print "networking.k8s.io/v1" -}}
+{{- end }}
+{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "extensions/v1beta1" -}}
+{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "networking.k8s.io/v1beta1" -}}
+{{- else -}}
+{{- print "networking.k8s.io/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for RBAC resources.
+*/}}
+{{- define "common.capabilities.rbac.apiVersion" -}}
+{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "rbac.authorization.k8s.io/v1beta1" -}}
+{{- else -}}
+{{- print "rbac.authorization.k8s.io/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for CRDs.
+*/}}
+{{- define "common.capabilities.crd.apiVersion" -}}
+{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "apiextensions.k8s.io/v1beta1" -}}
+{{- else -}}
+{{- print "apiextensions.k8s.io/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for APIService.
+*/}}
+{{- define "common.capabilities.apiService.apiVersion" -}}
+{{- if semverCompare "<1.10-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "apiregistration.k8s.io/v1beta1" -}}
+{{- else -}}
+{{- print "apiregistration.k8s.io/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for Horizontal Pod Autoscaler.
+*/}}
+{{- define "common.capabilities.hpa.apiVersion" -}}
+{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}}
+{{- if .beta2 -}}
+{{- print "autoscaling/v2beta2" -}}
+{{- else -}}
+{{- print "autoscaling/v2beta1" -}}
+{{- end -}}
+{{- else -}}
+{{- print "autoscaling/v2" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Returns true if the used Helm version is 3.3+.
+A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure.
+This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error.
+**To be removed when the catalog's minimun Helm version is 3.3**
+*/}}
+{{- define "common.capabilities.supportsHelmVersion" -}}
+{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }}
+ {{- true -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/rabbitmq-cluster-operator/charts/common/templates/_errors.tpl b/charts/rabbitmq-cluster-operator/charts/common/templates/_errors.tpl
new file mode 100644
index 0000000..a79cc2e
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/charts/common/templates/_errors.tpl
@@ -0,0 +1,23 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Through error when upgrading using empty passwords values that must not be empty.
+
+Usage:
+{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}}
+{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}}
+{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }}
+
+Required password params:
+ - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error.
+ - context - Context - Required. Parent context.
+*/}}
+{{- define "common.errors.upgrade.passwords.empty" -}}
+ {{- $validationErrors := join "" .validationErrors -}}
+ {{- if and $validationErrors .context.Release.IsUpgrade -}}
+ {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}}
+ {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}}
+ {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}}
+ {{- $errorString = print $errorString "\n%s" -}}
+ {{- printf $errorString $validationErrors | fail -}}
+ {{- end -}}
+{{- end -}}
diff --git a/charts/rabbitmq-cluster-operator/charts/common/templates/_images.tpl b/charts/rabbitmq-cluster-operator/charts/common/templates/_images.tpl
new file mode 100644
index 0000000..42ffbc7
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/charts/common/templates/_images.tpl
@@ -0,0 +1,75 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Return the proper image name
+{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }}
+*/}}
+{{- define "common.images.image" -}}
+{{- $registryName := .imageRoot.registry -}}
+{{- $repositoryName := .imageRoot.repository -}}
+{{- $tag := .imageRoot.tag | toString -}}
+{{- if .global }}
+ {{- if .global.imageRegistry }}
+ {{- $registryName = .global.imageRegistry -}}
+ {{- end -}}
+{{- end -}}
+{{- if $registryName }}
+{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
+{{- else -}}
+{{- printf "%s:%s" $repositoryName $tag -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead)
+{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }}
+*/}}
+{{- define "common.images.pullSecrets" -}}
+ {{- $pullSecrets := list }}
+
+ {{- if .global }}
+ {{- range .global.imagePullSecrets -}}
+ {{- $pullSecrets = append $pullSecrets . -}}
+ {{- end -}}
+ {{- end -}}
+
+ {{- range .images -}}
+ {{- range .pullSecrets -}}
+ {{- $pullSecrets = append $pullSecrets . -}}
+ {{- end -}}
+ {{- end -}}
+
+ {{- if (not (empty $pullSecrets)) }}
+imagePullSecrets:
+ {{- range $pullSecrets }}
+ - name: {{ . }}
+ {{- end }}
+ {{- end }}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names evaluating values as templates
+{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }}
+*/}}
+{{- define "common.images.renderPullSecrets" -}}
+ {{- $pullSecrets := list }}
+ {{- $context := .context }}
+
+ {{- if $context.Values.global }}
+ {{- range $context.Values.global.imagePullSecrets -}}
+ {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}}
+ {{- end -}}
+ {{- end -}}
+
+ {{- range .images -}}
+ {{- range .pullSecrets -}}
+ {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}}
+ {{- end -}}
+ {{- end -}}
+
+ {{- if (not (empty $pullSecrets)) }}
+imagePullSecrets:
+ {{- range $pullSecrets }}
+ - name: {{ . }}
+ {{- end }}
+ {{- end }}
+{{- end -}}
diff --git a/charts/rabbitmq-cluster-operator/charts/common/templates/_ingress.tpl b/charts/rabbitmq-cluster-operator/charts/common/templates/_ingress.tpl
new file mode 100644
index 0000000..8caf73a
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/charts/common/templates/_ingress.tpl
@@ -0,0 +1,68 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/*
+Generate backend entry that is compatible with all Kubernetes API versions.
+
+Usage:
+{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }}
+
+Params:
+ - serviceName - String. Name of an existing service backend
+ - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer.
+ - context - Dict - Required. The context for the template evaluation.
+*/}}
+{{- define "common.ingress.backend" -}}
+{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}}
+{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}}
+serviceName: {{ .serviceName }}
+servicePort: {{ .servicePort }}
+{{- else -}}
+service:
+ name: {{ .serviceName }}
+ port:
+ {{- if typeIs "string" .servicePort }}
+ name: {{ .servicePort }}
+ {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }}
+ number: {{ .servicePort | int }}
+ {{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Print "true" if the API pathType field is supported
+Usage:
+{{ include "common.ingress.supportsPathType" . }}
+*/}}
+{{- define "common.ingress.supportsPathType" -}}
+{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}}
+{{- print "false" -}}
+{{- else -}}
+{{- print "true" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Returns true if the ingressClassname field is supported
+Usage:
+{{ include "common.ingress.supportsIngressClassname" . }}
+*/}}
+{{- define "common.ingress.supportsIngressClassname" -}}
+{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "false" -}}
+{{- else -}}
+{{- print "true" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return true if cert-manager required annotations for TLS signed
+certificates are set in the Ingress annotations
+Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
+Usage:
+{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }}
+*/}}
+{{- define "common.ingress.certManagerRequest" -}}
+{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") }}
+ {{- true -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/rabbitmq-cluster-operator/charts/common/templates/_labels.tpl b/charts/rabbitmq-cluster-operator/charts/common/templates/_labels.tpl
new file mode 100644
index 0000000..252066c
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/charts/common/templates/_labels.tpl
@@ -0,0 +1,18 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Kubernetes standard labels
+*/}}
+{{- define "common.labels.standard" -}}
+app.kubernetes.io/name: {{ include "common.names.name" . }}
+helm.sh/chart: {{ include "common.names.chart" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector
+*/}}
+{{- define "common.labels.matchLabels" -}}
+app.kubernetes.io/name: {{ include "common.names.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
diff --git a/charts/rabbitmq-cluster-operator/charts/common/templates/_names.tpl b/charts/rabbitmq-cluster-operator/charts/common/templates/_names.tpl
new file mode 100644
index 0000000..1bdac8b
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/charts/common/templates/_names.tpl
@@ -0,0 +1,70 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "common.names.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "common.names.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "common.names.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified dependency name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+Usage:
+{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }}
+*/}}
+{{- define "common.names.dependency.fullname" -}}
+{{- if .chartValues.fullnameOverride -}}
+{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .chartName .chartValues.nameOverride -}}
+{{- if contains $name .context.Release.Name -}}
+{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Allow the release namespace to be overridden for multi-namespace deployments in combined charts.
+*/}}
+{{- define "common.names.namespace" -}}
+{{- if .Values.namespaceOverride -}}
+{{- .Values.namespaceOverride -}}
+{{- else -}}
+{{- .Release.Namespace -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create a fully qualified app name adding the installation's namespace.
+*/}}
+{{- define "common.names.fullname.namespace" -}}
+{{- printf "%s-%s" (include "common.names.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
diff --git a/charts/rabbitmq-cluster-operator/charts/common/templates/_secrets.tpl b/charts/rabbitmq-cluster-operator/charts/common/templates/_secrets.tpl
new file mode 100644
index 0000000..a53fb44
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/charts/common/templates/_secrets.tpl
@@ -0,0 +1,140 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Generate secret name.
+
+Usage:
+{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }}
+
+Params:
+ - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user
+ to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility.
+ +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret
+ - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment.
+ - context - Dict - Required. The context for the template evaluation.
+*/}}
+{{- define "common.secrets.name" -}}
+{{- $name := (include "common.names.fullname" .context) -}}
+
+{{- if .defaultNameSuffix -}}
+{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- with .existingSecret -}}
+{{- if not (typeIs "string" .) -}}
+{{- with .name -}}
+{{- $name = . -}}
+{{- end -}}
+{{- else -}}
+{{- $name = . -}}
+{{- end -}}
+{{- end -}}
+
+{{- printf "%s" $name -}}
+{{- end -}}
+
+{{/*
+Generate secret key.
+
+Usage:
+{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }}
+
+Params:
+ - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user
+ to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility.
+ +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret
+ - key - String - Required. Name of the key in the secret.
+*/}}
+{{- define "common.secrets.key" -}}
+{{- $key := .key -}}
+
+{{- if .existingSecret -}}
+ {{- if not (typeIs "string" .existingSecret) -}}
+ {{- if .existingSecret.keyMapping -}}
+ {{- $key = index .existingSecret.keyMapping $.key -}}
+ {{- end -}}
+ {{- end }}
+{{- end -}}
+
+{{- printf "%s" $key -}}
+{{- end -}}
+
+{{/*
+Generate secret password or retrieve one if already created.
+
+Usage:
+{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }}
+
+Params:
+ - secret - String - Required - Name of the 'Secret' resource where the password is stored.
+ - key - String - Required - Name of the key in the secret.
+ - providedValues - List<String> - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value.
+ - length - int - Optional - Length of the generated random password.
+ - strong - Boolean - Optional - Whether to add symbols to the generated random password.
+ - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart.
+ - context - Context - Required - Parent context.
+
+The order in which this function returns a secret password:
+ 1. Already existing 'Secret' resource
+ (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned)
+ 2. Password provided via the values.yaml
+ (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned)
+ 3. Randomly generated secret password
+ (A new random secret password with the length specified in the 'length' parameter will be generated and returned)
+
+*/}}
+{{- define "common.secrets.passwords.manage" -}}
+
+{{- $password := "" }}
+{{- $subchart := "" }}
+{{- $chartName := default "" .chartName }}
+{{- $passwordLength := default 10 .length }}
+{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }}
+{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }}
+{{- $secretData := (lookup "v1" "Secret" $.context.Release.Namespace .secret).data }}
+{{- if $secretData }}
+ {{- if hasKey $secretData .key }}
+ {{- $password = index $secretData .key }}
+ {{- else }}
+ {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}}
+ {{- end -}}
+{{- else if $providedPasswordValue }}
+ {{- $password = $providedPasswordValue | toString | b64enc | quote }}
+{{- else }}
+
+ {{- if .context.Values.enabled }}
+ {{- $subchart = $chartName }}
+ {{- end -}}
+
+ {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}}
+ {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}}
+ {{- $passwordValidationErrors := list $requiredPasswordError -}}
+ {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}}
+
+ {{- if .strong }}
+ {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }}
+ {{- $password = randAscii $passwordLength }}
+ {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }}
+ {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }}
+ {{- else }}
+ {{- $password = randAlphaNum $passwordLength | b64enc | quote }}
+ {{- end }}
+{{- end -}}
+{{- printf "%s" $password -}}
+{{- end -}}
+
+{{/*
+Returns whether a previous generated secret already exists
+
+Usage:
+{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }}
+
+Params:
+ - secret - String - Required - Name of the 'Secret' resource where the password is stored.
+ - context - Context - Required - Parent context.
+*/}}
+{{- define "common.secrets.exists" -}}
+{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }}
+{{- if $secret }}
+ {{- true -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/rabbitmq-cluster-operator/charts/common/templates/_storage.tpl b/charts/rabbitmq-cluster-operator/charts/common/templates/_storage.tpl
new file mode 100644
index 0000000..60e2a84
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/charts/common/templates/_storage.tpl
@@ -0,0 +1,23 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Return the proper Storage Class
+{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }}
+*/}}
+{{- define "common.storage.class" -}}
+
+{{- $storageClass := .persistence.storageClass -}}
+{{- if .global -}}
+ {{- if .global.storageClass -}}
+ {{- $storageClass = .global.storageClass -}}
+ {{- end -}}
+{{- end -}}
+
+{{- if $storageClass -}}
+ {{- if (eq "-" $storageClass) -}}
+ {{- printf "storageClassName: \"\"" -}}
+ {{- else }}
+ {{- printf "storageClassName: %s" $storageClass -}}
+ {{- end -}}
+{{- end -}}
+
+{{- end -}}
diff --git a/charts/rabbitmq-cluster-operator/charts/common/templates/_tplvalues.tpl b/charts/rabbitmq-cluster-operator/charts/common/templates/_tplvalues.tpl
new file mode 100644
index 0000000..2db1668
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/charts/common/templates/_tplvalues.tpl
@@ -0,0 +1,13 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Renders a value that contains template.
+Usage:
+{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }}
+*/}}
+{{- define "common.tplvalues.render" -}}
+ {{- if typeIs "string" .value }}
+ {{- tpl .value .context }}
+ {{- else }}
+ {{- tpl (.value | toYaml) .context }}
+ {{- end }}
+{{- end -}}
diff --git a/charts/rabbitmq-cluster-operator/charts/common/templates/_utils.tpl b/charts/rabbitmq-cluster-operator/charts/common/templates/_utils.tpl
new file mode 100644
index 0000000..8c22b2a
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/charts/common/templates/_utils.tpl
@@ -0,0 +1,62 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Print instructions to get a secret value.
+Usage:
+{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }}
+*/}}
+{{- define "common.utils.secret.getvalue" -}}
+{{- $varname := include "common.utils.fieldToEnvVar" . -}}
+export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 -d)
+{{- end -}}
+
+{{/*
+Build env var name given a field
+Usage:
+{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }}
+*/}}
+{{- define "common.utils.fieldToEnvVar" -}}
+ {{- $fieldNameSplit := splitList "-" .field -}}
+ {{- $upperCaseFieldNameSplit := list -}}
+
+ {{- range $fieldNameSplit -}}
+ {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}}
+ {{- end -}}
+
+ {{ join "_" $upperCaseFieldNameSplit }}
+{{- end -}}
+
+{{/*
+Gets a value from .Values given
+Usage:
+{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }}
+*/}}
+{{- define "common.utils.getValueFromKey" -}}
+{{- $splitKey := splitList "." .key -}}
+{{- $value := "" -}}
+{{- $latestObj := $.context.Values -}}
+{{- range $splitKey -}}
+ {{- if not $latestObj -}}
+ {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}}
+ {{- end -}}
+ {{- $value = ( index $latestObj . ) -}}
+ {{- $latestObj = $value -}}
+{{- end -}}
+{{- printf "%v" (default "" $value) -}}
+{{- end -}}
+
+{{/*
+Returns first .Values key with a defined value or first of the list if all non-defined
+Usage:
+{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }}
+*/}}
+{{- define "common.utils.getKeyFromList" -}}
+{{- $key := first .keys -}}
+{{- $reverseKeys := reverse .keys }}
+{{- range $reverseKeys }}
+ {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }}
+ {{- if $value -}}
+ {{- $key = . }}
+ {{- end -}}
+{{- end -}}
+{{- printf "%s" $key -}}
+{{- end -}}
diff --git a/charts/rabbitmq-cluster-operator/charts/common/templates/_warnings.tpl b/charts/rabbitmq-cluster-operator/charts/common/templates/_warnings.tpl
new file mode 100644
index 0000000..ae10fa4
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/charts/common/templates/_warnings.tpl
@@ -0,0 +1,14 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Warning about using rolling tag.
+Usage:
+{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }}
+*/}}
+{{- define "common.warnings.rollingTag" -}}
+
+{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }}
+WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
+{{- end }}
+
+{{- end -}}
diff --git a/charts/rabbitmq-cluster-operator/charts/common/templates/validations/_cassandra.tpl b/charts/rabbitmq-cluster-operator/charts/common/templates/validations/_cassandra.tpl
new file mode 100644
index 0000000..ded1ae3
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/charts/common/templates/validations/_cassandra.tpl
@@ -0,0 +1,72 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Validate Cassandra required passwords are not empty.
+
+Usage:
+{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
+Params:
+ - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret"
+ - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false
+*/}}
+{{- define "common.validations.values.cassandra.passwords" -}}
+ {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}}
+ {{- $enabled := include "common.cassandra.values.enabled" . -}}
+ {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}}
+ {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}}
+
+ {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}}
+ {{- $requiredPasswords := list -}}
+
+ {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
+
+ {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
+
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for existingSecret.
+
+Usage:
+{{ include "common.cassandra.values.existingSecret" (dict "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false
+*/}}
+{{- define "common.cassandra.values.existingSecret" -}}
+ {{- if .subchart -}}
+ {{- .context.Values.cassandra.dbUser.existingSecret | quote -}}
+ {{- else -}}
+ {{- .context.Values.dbUser.existingSecret | quote -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for enabled cassandra.
+
+Usage:
+{{ include "common.cassandra.values.enabled" (dict "context" $) }}
+*/}}
+{{- define "common.cassandra.values.enabled" -}}
+ {{- if .subchart -}}
+ {{- printf "%v" .context.Values.cassandra.enabled -}}
+ {{- else -}}
+ {{- printf "%v" (not .context.Values.enabled) -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for the key dbUser
+
+Usage:
+{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false
+*/}}
+{{- define "common.cassandra.values.key.dbUser" -}}
+ {{- if .subchart -}}
+ cassandra.dbUser
+ {{- else -}}
+ dbUser
+ {{- end -}}
+{{- end -}}
diff --git a/charts/rabbitmq-cluster-operator/charts/common/templates/validations/_mariadb.tpl b/charts/rabbitmq-cluster-operator/charts/common/templates/validations/_mariadb.tpl
new file mode 100644
index 0000000..b6906ff
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/charts/common/templates/validations/_mariadb.tpl
@@ -0,0 +1,103 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Validate MariaDB required passwords are not empty.
+
+Usage:
+{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
+Params:
+ - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret"
+ - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
+*/}}
+{{- define "common.validations.values.mariadb.passwords" -}}
+ {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}}
+ {{- $enabled := include "common.mariadb.values.enabled" . -}}
+ {{- $architecture := include "common.mariadb.values.architecture" . -}}
+ {{- $authPrefix := include "common.mariadb.values.key.auth" . -}}
+ {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}}
+ {{- $valueKeyUsername := printf "%s.username" $authPrefix -}}
+ {{- $valueKeyPassword := printf "%s.password" $authPrefix -}}
+ {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}}
+
+ {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}}
+ {{- $requiredPasswords := list -}}
+
+ {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}}
+
+ {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }}
+ {{- if not (empty $valueUsername) -}}
+ {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
+ {{- end -}}
+
+ {{- if (eq $architecture "replication") -}}
+ {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}}
+ {{- end -}}
+
+ {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
+
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for existingSecret.
+
+Usage:
+{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
+*/}}
+{{- define "common.mariadb.values.auth.existingSecret" -}}
+ {{- if .subchart -}}
+ {{- .context.Values.mariadb.auth.existingSecret | quote -}}
+ {{- else -}}
+ {{- .context.Values.auth.existingSecret | quote -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for enabled mariadb.
+
+Usage:
+{{ include "common.mariadb.values.enabled" (dict "context" $) }}
+*/}}
+{{- define "common.mariadb.values.enabled" -}}
+ {{- if .subchart -}}
+ {{- printf "%v" .context.Values.mariadb.enabled -}}
+ {{- else -}}
+ {{- printf "%v" (not .context.Values.enabled) -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for architecture
+
+Usage:
+{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
+*/}}
+{{- define "common.mariadb.values.architecture" -}}
+ {{- if .subchart -}}
+ {{- .context.Values.mariadb.architecture -}}
+ {{- else -}}
+ {{- .context.Values.architecture -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for the key auth
+
+Usage:
+{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
+*/}}
+{{- define "common.mariadb.values.key.auth" -}}
+ {{- if .subchart -}}
+ mariadb.auth
+ {{- else -}}
+ auth
+ {{- end -}}
+{{- end -}}
diff --git a/charts/rabbitmq-cluster-operator/charts/common/templates/validations/_mongodb.tpl b/charts/rabbitmq-cluster-operator/charts/common/templates/validations/_mongodb.tpl
new file mode 100644
index 0000000..f820ec1
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/charts/common/templates/validations/_mongodb.tpl
@@ -0,0 +1,108 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Validate MongoDB® required passwords are not empty.
+
+Usage:
+{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
+Params:
+ - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret"
+ - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false
+*/}}
+{{- define "common.validations.values.mongodb.passwords" -}}
+ {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}}
+ {{- $enabled := include "common.mongodb.values.enabled" . -}}
+ {{- $authPrefix := include "common.mongodb.values.key.auth" . -}}
+ {{- $architecture := include "common.mongodb.values.architecture" . -}}
+ {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}}
+ {{- $valueKeyUsername := printf "%s.username" $authPrefix -}}
+ {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}}
+ {{- $valueKeyPassword := printf "%s.password" $authPrefix -}}
+ {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}}
+ {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}}
+
+ {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}}
+
+ {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}}
+ {{- $requiredPasswords := list -}}
+
+ {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}}
+
+ {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }}
+ {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }}
+ {{- if and $valueUsername $valueDatabase -}}
+ {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
+ {{- end -}}
+
+ {{- if (eq $architecture "replicaset") -}}
+ {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}}
+ {{- end -}}
+
+ {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
+
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for existingSecret.
+
+Usage:
+{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false
+*/}}
+{{- define "common.mongodb.values.auth.existingSecret" -}}
+ {{- if .subchart -}}
+ {{- .context.Values.mongodb.auth.existingSecret | quote -}}
+ {{- else -}}
+ {{- .context.Values.auth.existingSecret | quote -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for enabled mongodb.
+
+Usage:
+{{ include "common.mongodb.values.enabled" (dict "context" $) }}
+*/}}
+{{- define "common.mongodb.values.enabled" -}}
+ {{- if .subchart -}}
+ {{- printf "%v" .context.Values.mongodb.enabled -}}
+ {{- else -}}
+ {{- printf "%v" (not .context.Values.enabled) -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for the key auth
+
+Usage:
+{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false
+*/}}
+{{- define "common.mongodb.values.key.auth" -}}
+ {{- if .subchart -}}
+ mongodb.auth
+ {{- else -}}
+ auth
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for architecture
+
+Usage:
+{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false
+*/}}
+{{- define "common.mongodb.values.architecture" -}}
+ {{- if .subchart -}}
+ {{- .context.Values.mongodb.architecture -}}
+ {{- else -}}
+ {{- .context.Values.architecture -}}
+ {{- end -}}
+{{- end -}}
diff --git a/charts/rabbitmq-cluster-operator/charts/common/templates/validations/_mysql.tpl b/charts/rabbitmq-cluster-operator/charts/common/templates/validations/_mysql.tpl
new file mode 100644
index 0000000..74472a0
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/charts/common/templates/validations/_mysql.tpl
@@ -0,0 +1,103 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Validate MySQL required passwords are not empty.
+
+Usage:
+{{ include "common.validations.values.mysql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
+Params:
+ - secret - String - Required. Name of the secret where MySQL values are stored, e.g: "mysql-passwords-secret"
+ - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false
+*/}}
+{{- define "common.validations.values.mysql.passwords" -}}
+ {{- $existingSecret := include "common.mysql.values.auth.existingSecret" . -}}
+ {{- $enabled := include "common.mysql.values.enabled" . -}}
+ {{- $architecture := include "common.mysql.values.architecture" . -}}
+ {{- $authPrefix := include "common.mysql.values.key.auth" . -}}
+ {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}}
+ {{- $valueKeyUsername := printf "%s.username" $authPrefix -}}
+ {{- $valueKeyPassword := printf "%s.password" $authPrefix -}}
+ {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}}
+
+ {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}}
+ {{- $requiredPasswords := list -}}
+
+ {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mysql-root-password" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}}
+
+ {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }}
+ {{- if not (empty $valueUsername) -}}
+ {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mysql-password" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
+ {{- end -}}
+
+ {{- if (eq $architecture "replication") -}}
+ {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mysql-replication-password" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}}
+ {{- end -}}
+
+ {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
+
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for existingSecret.
+
+Usage:
+{{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false
+*/}}
+{{- define "common.mysql.values.auth.existingSecret" -}}
+ {{- if .subchart -}}
+ {{- .context.Values.mysql.auth.existingSecret | quote -}}
+ {{- else -}}
+ {{- .context.Values.auth.existingSecret | quote -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for enabled mysql.
+
+Usage:
+{{ include "common.mysql.values.enabled" (dict "context" $) }}
+*/}}
+{{- define "common.mysql.values.enabled" -}}
+ {{- if .subchart -}}
+ {{- printf "%v" .context.Values.mysql.enabled -}}
+ {{- else -}}
+ {{- printf "%v" (not .context.Values.enabled) -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for architecture
+
+Usage:
+{{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false
+*/}}
+{{- define "common.mysql.values.architecture" -}}
+ {{- if .subchart -}}
+ {{- .context.Values.mysql.architecture -}}
+ {{- else -}}
+ {{- .context.Values.architecture -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for the key auth
+
+Usage:
+{{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false
+*/}}
+{{- define "common.mysql.values.key.auth" -}}
+ {{- if .subchart -}}
+ mysql.auth
+ {{- else -}}
+ auth
+ {{- end -}}
+{{- end -}}
diff --git a/charts/rabbitmq-cluster-operator/charts/common/templates/validations/_postgresql.tpl b/charts/rabbitmq-cluster-operator/charts/common/templates/validations/_postgresql.tpl
new file mode 100644
index 0000000..164ec0d
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/charts/common/templates/validations/_postgresql.tpl
@@ -0,0 +1,129 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Validate PostgreSQL required passwords are not empty.
+
+Usage:
+{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
+Params:
+ - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret"
+ - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
+*/}}
+{{- define "common.validations.values.postgresql.passwords" -}}
+ {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}}
+ {{- $enabled := include "common.postgresql.values.enabled" . -}}
+ {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}}
+ {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}}
+ {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}}
+ {{- $requiredPasswords := list -}}
+ {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}}
+
+ {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}}
+ {{- if (eq $enabledReplication "true") -}}
+ {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}}
+ {{- end -}}
+
+ {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to decide whether evaluate global values.
+
+Usage:
+{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }}
+Params:
+ - key - String - Required. Field to be evaluated within global, e.g: "existingSecret"
+*/}}
+{{- define "common.postgresql.values.use.global" -}}
+ {{- if .context.Values.global -}}
+ {{- if .context.Values.global.postgresql -}}
+ {{- index .context.Values.global.postgresql .key | quote -}}
+ {{- end -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for existingSecret.
+
+Usage:
+{{ include "common.postgresql.values.existingSecret" (dict "context" $) }}
+*/}}
+{{- define "common.postgresql.values.existingSecret" -}}
+ {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}}
+
+ {{- if .subchart -}}
+ {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}}
+ {{- else -}}
+ {{- default (.context.Values.existingSecret | quote) $globalValue -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for enabled postgresql.
+
+Usage:
+{{ include "common.postgresql.values.enabled" (dict "context" $) }}
+*/}}
+{{- define "common.postgresql.values.enabled" -}}
+ {{- if .subchart -}}
+ {{- printf "%v" .context.Values.postgresql.enabled -}}
+ {{- else -}}
+ {{- printf "%v" (not .context.Values.enabled) -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for the key postgressPassword.
+
+Usage:
+{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
+*/}}
+{{- define "common.postgresql.values.key.postgressPassword" -}}
+ {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}}
+
+ {{- if not $globalValue -}}
+ {{- if .subchart -}}
+ postgresql.postgresqlPassword
+ {{- else -}}
+ postgresqlPassword
+ {{- end -}}
+ {{- else -}}
+ global.postgresql.postgresqlPassword
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for enabled.replication.
+
+Usage:
+{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
+*/}}
+{{- define "common.postgresql.values.enabled.replication" -}}
+ {{- if .subchart -}}
+ {{- printf "%v" .context.Values.postgresql.replication.enabled -}}
+ {{- else -}}
+ {{- printf "%v" .context.Values.replication.enabled -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for the key replication.password.
+
+Usage:
+{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
+*/}}
+{{- define "common.postgresql.values.key.replicationPassword" -}}
+ {{- if .subchart -}}
+ postgresql.replication.password
+ {{- else -}}
+ replication.password
+ {{- end -}}
+{{- end -}}
diff --git a/charts/rabbitmq-cluster-operator/charts/common/templates/validations/_redis.tpl b/charts/rabbitmq-cluster-operator/charts/common/templates/validations/_redis.tpl
new file mode 100644
index 0000000..dcccfc1
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/charts/common/templates/validations/_redis.tpl
@@ -0,0 +1,76 @@
+
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Validate Redis® required passwords are not empty.
+
+Usage:
+{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
+Params:
+ - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret"
+ - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false
+*/}}
+{{- define "common.validations.values.redis.passwords" -}}
+ {{- $enabled := include "common.redis.values.enabled" . -}}
+ {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}}
+ {{- $standarizedVersion := include "common.redis.values.standarized.version" . }}
+
+ {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }}
+ {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }}
+
+ {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }}
+ {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }}
+
+ {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}}
+ {{- $requiredPasswords := list -}}
+
+ {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}}
+ {{- if eq $useAuth "true" -}}
+ {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}}
+ {{- end -}}
+
+ {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for enabled redis.
+
+Usage:
+{{ include "common.redis.values.enabled" (dict "context" $) }}
+*/}}
+{{- define "common.redis.values.enabled" -}}
+ {{- if .subchart -}}
+ {{- printf "%v" .context.Values.redis.enabled -}}
+ {{- else -}}
+ {{- printf "%v" (not .context.Values.enabled) -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right prefix path for the values
+
+Usage:
+{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false
+*/}}
+{{- define "common.redis.values.keys.prefix" -}}
+ {{- if .subchart -}}redis.{{- else -}}{{- end -}}
+{{- end -}}
+
+{{/*
+Checks whether the redis chart's includes the standarizations (version >= 14)
+
+Usage:
+{{ include "common.redis.values.standarized.version" (dict "context" $) }}
+*/}}
+{{- define "common.redis.values.standarized.version" -}}
+
+ {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}}
+ {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }}
+
+ {{- if $standarizedAuthValues -}}
+ {{- true -}}
+ {{- end -}}
+{{- end -}}
diff --git a/charts/rabbitmq-cluster-operator/charts/common/templates/validations/_validations.tpl b/charts/rabbitmq-cluster-operator/charts/common/templates/validations/_validations.tpl
new file mode 100644
index 0000000..9a814cf
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/charts/common/templates/validations/_validations.tpl
@@ -0,0 +1,46 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Validate values must not be empty.
+
+Usage:
+{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}}
+{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}}
+{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }}
+
+Validate value params:
+ - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password"
+ - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret"
+ - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password"
+*/}}
+{{- define "common.validations.values.multiple.empty" -}}
+ {{- range .required -}}
+ {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Validate a value must not be empty.
+
+Usage:
+{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }}
+
+Validate value params:
+ - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password"
+ - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret"
+ - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password"
+ - subchart - String - Optional - Name of the subchart that the validated password is part of.
+*/}}
+{{- define "common.validations.values.single.empty" -}}
+ {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }}
+ {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }}
+
+ {{- if not $value -}}
+ {{- $varname := "my-value" -}}
+ {{- $getCurrentValue := "" -}}
+ {{- if and .secret .field -}}
+ {{- $varname = include "common.utils.fieldToEnvVar" . -}}
+ {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}}
+ {{- end -}}
+ {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}}
+ {{- end -}}
+{{- end -}}
diff --git a/charts/rabbitmq-cluster-operator/charts/common/values.yaml b/charts/rabbitmq-cluster-operator/charts/common/values.yaml
new file mode 100644
index 0000000..f2df68e
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/charts/common/values.yaml
@@ -0,0 +1,5 @@
+## bitnami/common
+## It is required by CI/CD tools and processes.
+## @skip exampleValue
+##
+exampleValue: common-chart
diff --git a/charts/rabbitmq-cluster-operator/crds/crd-rabbitmq-cluster.yaml b/charts/rabbitmq-cluster-operator/crds/crd-rabbitmq-cluster.yaml
new file mode 100644
index 0000000..70bf432
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/crds/crd-rabbitmq-cluster.yaml
@@ -0,0 +1,4115 @@
+# Source: https://github.com/rabbitmq/cluster-operator/tree/main/config/crd
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.8.0
+ creationTimestamp: null
+ name: rabbitmqclusters.rabbitmq.com
+ labels:
+ app.kubernetes.io/component: rabbitmq-operator
+ app.kubernetes.io/part-of: rabbitmq
+spec:
+ group: rabbitmq.com
+ names:
+ categories:
+ - all
+ - rabbitmq
+ kind: RabbitmqCluster
+ listKind: RabbitmqClusterList
+ plural: rabbitmqclusters
+ shortNames:
+ - rmq
+ singular: rabbitmqcluster
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type == 'AllReplicasReady')].status
+ name: AllReplicasReady
+ type: string
+ - jsonPath: .status.conditions[?(@.type == 'ReconcileSuccess')].status
+ name: ReconcileSuccess
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: RabbitmqCluster is the Schema for the RabbitmqCluster API. Each instance of this object corresponds to a single RabbitMQ cluster.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec is the desired state of the RabbitmqCluster Custom Resource.
+ properties:
+ affinity:
+ description: Affinity scheduling rules to be applied on created Pods.
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements by node's labels.
+ items:
+ description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements by node's fields.
+ items:
+ description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ weight:
+ description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms. The terms are ORed.
+ items:
+ description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements by node's labels.
+ items:
+ description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements by node's fields.
+ items:
+ description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources, in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources, in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of resources, in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources, in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ image:
+ description: Image is the name of the RabbitMQ docker image to use for RabbitMQ nodes in the RabbitmqCluster. Must be provided together with ImagePullSecrets in order to use an image in a private registry.
+ type: string
+ imagePullSecrets:
+ description: List of Secret resource containing access credentials to the registry for the RabbitMQ image. Required if the docker registry is private.
+ items:
+ description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ type: array
+ override:
+ properties:
+ service:
+ properties:
+ metadata:
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ spec:
+ properties:
+ allocateLoadBalancerNodePorts:
+ type: boolean
+ clusterIP:
+ type: string
+ clusterIPs:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIPs:
+ items:
+ type: string
+ type: array
+ externalName:
+ type: string
+ externalTrafficPolicy:
+ type: string
+ healthCheckNodePort:
+ format: int32
+ type: integer
+ internalTrafficPolicy:
+ type: string
+ ipFamilies:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ipFamilyPolicy:
+ type: string
+ loadBalancerClass:
+ type: string
+ loadBalancerIP:
+ type: string
+ loadBalancerSourceRanges:
+ items:
+ type: string
+ type: array
+ ports:
+ items:
+ properties:
+ appProtocol:
+ type: string
+ name:
+ type: string
+ nodePort:
+ format: int32
+ type: integer
+ port:
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - port
+ - protocol
+ x-kubernetes-list-type: map
+ publishNotReadyAddresses:
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionAffinity:
+ type: string
+ sessionAffinityConfig:
+ properties:
+ clientIP:
+ properties:
+ timeoutSeconds:
+ format: int32
+ type: integer
+ type: object
+ type: object
+ type:
+ type: string
+ type: object
+ type: object
+ statefulSet:
+ properties:
+ metadata:
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ spec:
+ properties:
+ podManagementPolicy:
+ type: string
+ replicas:
+ format: int32
+ type: integer
+ selector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ serviceName:
+ type: string
+ template:
+ properties:
+ metadata:
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ properties:
+ activeDeadlineSeconds:
+ format: int64
+ type: integer
+ affinity:
+ properties:
+ nodeAffinity:
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ preference:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ weight:
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ properties:
+ nodeSelectorTerms:
+ items:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ type: object
+ podAffinity:
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ podAffinityTerm:
+ properties:
+ labelSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ namespaceSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ namespaces:
+ items:
+ type: string
+ type: array
+ topologyKey:
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ labelSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ namespaceSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ namespaces:
+ items:
+ type: string
+ type: array
+ topologyKey:
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ podAffinityTerm:
+ properties:
+ labelSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ namespaceSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ namespaces:
+ items:
+ type: string
+ type: array
+ topologyKey:
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ labelSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ namespaceSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ namespaces:
+ items:
+ type: string
+ type: array
+ topologyKey:
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ automountServiceAccountToken:
+ type: boolean
+ containers:
+ items:
+ properties:
+ args:
+ items:
+ type: string
+ type: array
+ command:
+ items:
+ type: string
+ type: array
+ env:
+ items:
+ properties:
+ name:
+ type: string
+ value:
+ type: string
+ valueFrom:
+ properties:
+ configMapKeyRef:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ properties:
+ apiVersion:
+ type: string
+ fieldPath:
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ properties:
+ containerName:
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ items:
+ properties:
+ configMapRef:
+ properties:
+ name:
+ type: string
+ optional:
+ type: boolean
+ type: object
+ prefix:
+ type: string
+ secretRef:
+ properties:
+ name:
+ type: string
+ optional:
+ type: boolean
+ type: object
+ type: object
+ type: array
+ image:
+ type: string
+ imagePullPolicy:
+ type: string
+ lifecycle:
+ properties:
+ postStart:
+ properties:
+ exec:
+ properties:
+ command:
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ properties:
+ host:
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ type: string
+ value:
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ scheme:
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ properties:
+ host:
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ properties:
+ exec:
+ properties:
+ command:
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ properties:
+ host:
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ type: string
+ value:
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ scheme:
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ properties:
+ host:
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ properties:
+ exec:
+ properties:
+ command:
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ format: int32
+ type: integer
+ grpc:
+ properties:
+ port:
+ format: int32
+ type: integer
+ service:
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ properties:
+ host:
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ type: string
+ value:
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ scheme:
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ format: int32
+ type: integer
+ periodSeconds:
+ format: int32
+ type: integer
+ successThreshold:
+ format: int32
+ type: integer
+ tcpSocket:
+ properties:
+ host:
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ format: int64
+ type: integer
+ timeoutSeconds:
+ format: int32
+ type: integer
+ type: object
+ name:
+ type: string
+ ports:
+ items:
+ properties:
+ containerPort:
+ format: int32
+ type: integer
+ hostIP:
+ type: string
+ hostPort:
+ format: int32
+ type: integer
+ name:
+ type: string
+ protocol:
+ default: TCP
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ properties:
+ exec:
+ properties:
+ command:
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ format: int32
+ type: integer
+ grpc:
+ properties:
+ port:
+ format: int32
+ type: integer
+ service:
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ properties:
+ host:
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ type: string
+ value:
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ scheme:
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ format: int32
+ type: integer
+ periodSeconds:
+ format: int32
+ type: integer
+ successThreshold:
+ format: int32
+ type: integer
+ tcpSocket:
+ properties:
+ host:
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ format: int64
+ type: integer
+ timeoutSeconds:
+ format: int32
+ type: integer
+ type: object
+ resources:
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ type: object
+ securityContext:
+ properties:
+ allowPrivilegeEscalation:
+ type: boolean
+ capabilities:
+ properties:
+ add:
+ items:
+ type: string
+ type: array
+ drop:
+ items:
+ type: string
+ type: array
+ type: object
+ privileged:
+ type: boolean
+ procMount:
+ type: string
+ readOnlyRootFilesystem:
+ type: boolean
+ runAsGroup:
+ format: int64
+ type: integer
+ runAsNonRoot:
+ type: boolean
+ runAsUser:
+ format: int64
+ type: integer
+ seLinuxOptions:
+ properties:
+ level:
+ type: string
+ role:
+ type: string
+ type:
+ type: string
+ user:
+ type: string
+ type: object
+ seccompProfile:
+ properties:
+ localhostProfile:
+ type: string
+ type:
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ properties:
+ gmsaCredentialSpec:
+ type: string
+ gmsaCredentialSpecName:
+ type: string
+ hostProcess:
+ type: boolean
+ runAsUserName:
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ properties:
+ exec:
+ properties:
+ command:
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ format: int32
+ type: integer
+ grpc:
+ properties:
+ port:
+ format: int32
+ type: integer
+ service:
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ properties:
+ host:
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ type: string
+ value:
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ scheme:
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ format: int32
+ type: integer
+ periodSeconds:
+ format: int32
+ type: integer
+ successThreshold:
+ format: int32
+ type: integer
+ tcpSocket:
+ properties:
+ host:
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ format: int64
+ type: integer
+ timeoutSeconds:
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ type: boolean
+ stdinOnce:
+ type: boolean
+ terminationMessagePath:
+ type: string
+ terminationMessagePolicy:
+ type: string
+ tty:
+ type: boolean
+ volumeDevices:
+ items:
+ properties:
+ devicePath:
+ type: string
+ name:
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ items:
+ properties:
+ mountPath:
+ type: string
+ mountPropagation:
+ type: string
+ name:
+ type: string
+ readOnly:
+ type: boolean
+ subPath:
+ type: string
+ subPathExpr:
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ dnsConfig:
+ properties:
+ nameservers:
+ items:
+ type: string
+ type: array
+ options:
+ items:
+ properties:
+ name:
+ type: string
+ value:
+ type: string
+ type: object
+ type: array
+ searches:
+ items:
+ type: string
+ type: array
+ type: object
+ dnsPolicy:
+ type: string
+ enableServiceLinks:
+ type: boolean
+ ephemeralContainers:
+ items:
+ properties:
+ args:
+ items:
+ type: string
+ type: array
+ command:
+ items:
+ type: string
+ type: array
+ env:
+ items:
+ properties:
+ name:
+ type: string
+ value:
+ type: string
+ valueFrom:
+ properties:
+ configMapKeyRef:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ properties:
+ apiVersion:
+ type: string
+ fieldPath:
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ properties:
+ containerName:
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ items:
+ properties:
+ configMapRef:
+ properties:
+ name:
+ type: string
+ optional:
+ type: boolean
+ type: object
+ prefix:
+ type: string
+ secretRef:
+ properties:
+ name:
+ type: string
+ optional:
+ type: boolean
+ type: object
+ type: object
+ type: array
+ image:
+ type: string
+ imagePullPolicy:
+ type: string
+ lifecycle:
+ properties:
+ postStart:
+ properties:
+ exec:
+ properties:
+ command:
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ properties:
+ host:
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ type: string
+ value:
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ scheme:
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ properties:
+ host:
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ properties:
+ exec:
+ properties:
+ command:
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ properties:
+ host:
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ type: string
+ value:
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ scheme:
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ properties:
+ host:
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ properties:
+ exec:
+ properties:
+ command:
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ format: int32
+ type: integer
+ grpc:
+ properties:
+ port:
+ format: int32
+ type: integer
+ service:
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ properties:
+ host:
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ type: string
+ value:
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ scheme:
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ format: int32
+ type: integer
+ periodSeconds:
+ format: int32
+ type: integer
+ successThreshold:
+ format: int32
+ type: integer
+ tcpSocket:
+ properties:
+ host:
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ format: int64
+ type: integer
+ timeoutSeconds:
+ format: int32
+ type: integer
+ type: object
+ name:
+ type: string
+ ports:
+ items:
+ properties:
+ containerPort:
+ format: int32
+ type: integer
+ hostIP:
+ type: string
+ hostPort:
+ format: int32
+ type: integer
+ name:
+ type: string
+ protocol:
+ default: TCP
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ properties:
+ exec:
+ properties:
+ command:
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ format: int32
+ type: integer
+ grpc:
+ properties:
+ port:
+ format: int32
+ type: integer
+ service:
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ properties:
+ host:
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ type: string
+ value:
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ scheme:
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ format: int32
+ type: integer
+ periodSeconds:
+ format: int32
+ type: integer
+ successThreshold:
+ format: int32
+ type: integer
+ tcpSocket:
+ properties:
+ host:
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ format: int64
+ type: integer
+ timeoutSeconds:
+ format: int32
+ type: integer
+ type: object
+ resources:
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ type: object
+ securityContext:
+ properties:
+ allowPrivilegeEscalation:
+ type: boolean
+ capabilities:
+ properties:
+ add:
+ items:
+ type: string
+ type: array
+ drop:
+ items:
+ type: string
+ type: array
+ type: object
+ privileged:
+ type: boolean
+ procMount:
+ type: string
+ readOnlyRootFilesystem:
+ type: boolean
+ runAsGroup:
+ format: int64
+ type: integer
+ runAsNonRoot:
+ type: boolean
+ runAsUser:
+ format: int64
+ type: integer
+ seLinuxOptions:
+ properties:
+ level:
+ type: string
+ role:
+ type: string
+ type:
+ type: string
+ user:
+ type: string
+ type: object
+ seccompProfile:
+ properties:
+ localhostProfile:
+ type: string
+ type:
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ properties:
+ gmsaCredentialSpec:
+ type: string
+ gmsaCredentialSpecName:
+ type: string
+ hostProcess:
+ type: boolean
+ runAsUserName:
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ properties:
+ exec:
+ properties:
+ command:
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ format: int32
+ type: integer
+ grpc:
+ properties:
+ port:
+ format: int32
+ type: integer
+ service:
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ properties:
+ host:
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ type: string
+ value:
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ scheme:
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ format: int32
+ type: integer
+ periodSeconds:
+ format: int32
+ type: integer
+ successThreshold:
+ format: int32
+ type: integer
+ tcpSocket:
+ properties:
+ host:
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ format: int64
+ type: integer
+ timeoutSeconds:
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ type: boolean
+ stdinOnce:
+ type: boolean
+ targetContainerName:
+ type: string
+ terminationMessagePath:
+ type: string
+ terminationMessagePolicy:
+ type: string
+ tty:
+ type: boolean
+ volumeDevices:
+ items:
+ properties:
+ devicePath:
+ type: string
+ name:
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ items:
+ properties:
+ mountPath:
+ type: string
+ mountPropagation:
+ type: string
+ name:
+ type: string
+ readOnly:
+ type: boolean
+ subPath:
+ type: string
+ subPathExpr:
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ hostAliases:
+ items:
+ properties:
+ hostnames:
+ items:
+ type: string
+ type: array
+ ip:
+ type: string
+ type: object
+ type: array
+ hostIPC:
+ type: boolean
+ hostNetwork:
+ type: boolean
+ hostPID:
+ type: boolean
+ hostname:
+ type: string
+ imagePullSecrets:
+ items:
+ properties:
+ name:
+ type: string
+ type: object
+ type: array
+ initContainers:
+ items:
+ properties:
+ args:
+ items:
+ type: string
+ type: array
+ command:
+ items:
+ type: string
+ type: array
+ env:
+ items:
+ properties:
+ name:
+ type: string
+ value:
+ type: string
+ valueFrom:
+ properties:
+ configMapKeyRef:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ properties:
+ apiVersion:
+ type: string
+ fieldPath:
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ properties:
+ containerName:
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ items:
+ properties:
+ configMapRef:
+ properties:
+ name:
+ type: string
+ optional:
+ type: boolean
+ type: object
+ prefix:
+ type: string
+ secretRef:
+ properties:
+ name:
+ type: string
+ optional:
+ type: boolean
+ type: object
+ type: object
+ type: array
+ image:
+ type: string
+ imagePullPolicy:
+ type: string
+ lifecycle:
+ properties:
+ postStart:
+ properties:
+ exec:
+ properties:
+ command:
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ properties:
+ host:
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ type: string
+ value:
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ scheme:
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ properties:
+ host:
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ properties:
+ exec:
+ properties:
+ command:
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ properties:
+ host:
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ type: string
+ value:
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ scheme:
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ properties:
+ host:
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ properties:
+ exec:
+ properties:
+ command:
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ format: int32
+ type: integer
+ grpc:
+ properties:
+ port:
+ format: int32
+ type: integer
+ service:
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ properties:
+ host:
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ type: string
+ value:
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ scheme:
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ format: int32
+ type: integer
+ periodSeconds:
+ format: int32
+ type: integer
+ successThreshold:
+ format: int32
+ type: integer
+ tcpSocket:
+ properties:
+ host:
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ format: int64
+ type: integer
+ timeoutSeconds:
+ format: int32
+ type: integer
+ type: object
+ name:
+ type: string
+ ports:
+ items:
+ properties:
+ containerPort:
+ format: int32
+ type: integer
+ hostIP:
+ type: string
+ hostPort:
+ format: int32
+ type: integer
+ name:
+ type: string
+ protocol:
+ default: TCP
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ properties:
+ exec:
+ properties:
+ command:
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ format: int32
+ type: integer
+ grpc:
+ properties:
+ port:
+ format: int32
+ type: integer
+ service:
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ properties:
+ host:
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ type: string
+ value:
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ scheme:
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ format: int32
+ type: integer
+ periodSeconds:
+ format: int32
+ type: integer
+ successThreshold:
+ format: int32
+ type: integer
+ tcpSocket:
+ properties:
+ host:
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ format: int64
+ type: integer
+ timeoutSeconds:
+ format: int32
+ type: integer
+ type: object
+ resources:
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ type: object
+ securityContext:
+ properties:
+ allowPrivilegeEscalation:
+ type: boolean
+ capabilities:
+ properties:
+ add:
+ items:
+ type: string
+ type: array
+ drop:
+ items:
+ type: string
+ type: array
+ type: object
+ privileged:
+ type: boolean
+ procMount:
+ type: string
+ readOnlyRootFilesystem:
+ type: boolean
+ runAsGroup:
+ format: int64
+ type: integer
+ runAsNonRoot:
+ type: boolean
+ runAsUser:
+ format: int64
+ type: integer
+ seLinuxOptions:
+ properties:
+ level:
+ type: string
+ role:
+ type: string
+ type:
+ type: string
+ user:
+ type: string
+ type: object
+ seccompProfile:
+ properties:
+ localhostProfile:
+ type: string
+ type:
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ properties:
+ gmsaCredentialSpec:
+ type: string
+ gmsaCredentialSpecName:
+ type: string
+ hostProcess:
+ type: boolean
+ runAsUserName:
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ properties:
+ exec:
+ properties:
+ command:
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ format: int32
+ type: integer
+ grpc:
+ properties:
+ port:
+ format: int32
+ type: integer
+ service:
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ properties:
+ host:
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ type: string
+ value:
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ scheme:
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ format: int32
+ type: integer
+ periodSeconds:
+ format: int32
+ type: integer
+ successThreshold:
+ format: int32
+ type: integer
+ tcpSocket:
+ properties:
+ host:
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ format: int64
+ type: integer
+ timeoutSeconds:
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ type: boolean
+ stdinOnce:
+ type: boolean
+ terminationMessagePath:
+ type: string
+ terminationMessagePolicy:
+ type: string
+ tty:
+ type: boolean
+ volumeDevices:
+ items:
+ properties:
+ devicePath:
+ type: string
+ name:
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ items:
+ properties:
+ mountPath:
+ type: string
+ mountPropagation:
+ type: string
+ name:
+ type: string
+ readOnly:
+ type: boolean
+ subPath:
+ type: string
+ subPathExpr:
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ nodeName:
+ type: string
+ nodeSelector:
+ additionalProperties:
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ os:
+ properties:
+ name:
+ type: string
+ required:
+ - name
+ type: object
+ overhead:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ preemptionPolicy:
+ type: string
+ priority:
+ format: int32
+ type: integer
+ priorityClassName:
+ type: string
+ readinessGates:
+ items:
+ properties:
+ conditionType:
+ type: string
+ required:
+ - conditionType
+ type: object
+ type: array
+ restartPolicy:
+ type: string
+ runtimeClassName:
+ type: string
+ schedulerName:
+ type: string
+ securityContext:
+ properties:
+ fsGroup:
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ type: string
+ runAsGroup:
+ format: int64
+ type: integer
+ runAsNonRoot:
+ type: boolean
+ runAsUser:
+ format: int64
+ type: integer
+ seLinuxOptions:
+ properties:
+ level:
+ type: string
+ role:
+ type: string
+ type:
+ type: string
+ user:
+ type: string
+ type: object
+ seccompProfile:
+ properties:
+ localhostProfile:
+ type: string
+ type:
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ items:
+ properties:
+ name:
+ type: string
+ value:
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ properties:
+ gmsaCredentialSpec:
+ type: string
+ gmsaCredentialSpecName:
+ type: string
+ hostProcess:
+ type: boolean
+ runAsUserName:
+ type: string
+ type: object
+ type: object
+ serviceAccount:
+ type: string
+ serviceAccountName:
+ type: string
+ setHostnameAsFQDN:
+ type: boolean
+ shareProcessNamespace:
+ type: boolean
+ subdomain:
+ type: string
+ terminationGracePeriodSeconds:
+ format: int64
+ type: integer
+ tolerations:
+ items:
+ properties:
+ effect:
+ type: string
+ key:
+ type: string
+ operator:
+ type: string
+ tolerationSeconds:
+ format: int64
+ type: integer
+ value:
+ type: string
+ type: object
+ type: array
+ topologySpreadConstraints:
+ items:
+ properties:
+ labelSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ maxSkew:
+ format: int32
+ type: integer
+ topologyKey:
+ type: string
+ whenUnsatisfiable:
+ type: string
+ required:
+ - maxSkew
+ - topologyKey
+ - whenUnsatisfiable
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - topologyKey
+ - whenUnsatisfiable
+ x-kubernetes-list-type: map
+ volumes:
+ items:
+ properties:
+ awsElasticBlockStore:
+ properties:
+ fsType:
+ type: string
+ partition:
+ format: int32
+ type: integer
+ readOnly:
+ type: boolean
+ volumeID:
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ properties:
+ cachingMode:
+ type: string
+ diskName:
+ type: string
+ diskURI:
+ type: string
+ fsType:
+ type: string
+ kind:
+ type: string
+ readOnly:
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ properties:
+ readOnly:
+ type: boolean
+ secretName:
+ type: string
+ shareName:
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ properties:
+ monitors:
+ items:
+ type: string
+ type: array
+ path:
+ type: string
+ readOnly:
+ type: boolean
+ secretFile:
+ type: string
+ secretRef:
+ properties:
+ name:
+ type: string
+ type: object
+ user:
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ properties:
+ fsType:
+ type: string
+ readOnly:
+ type: boolean
+ secretRef:
+ properties:
+ name:
+ type: string
+ type: object
+ volumeID:
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ properties:
+ defaultMode:
+ format: int32
+ type: integer
+ items:
+ items:
+ properties:
+ key:
+ type: string
+ mode:
+ format: int32
+ type: integer
+ path:
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ type: string
+ optional:
+ type: boolean
+ type: object
+ csi:
+ properties:
+ driver:
+ type: string
+ fsType:
+ type: string
+ nodePublishSecretRef:
+ properties:
+ name:
+ type: string
+ type: object
+ readOnly:
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ properties:
+ defaultMode:
+ format: int32
+ type: integer
+ items:
+ items:
+ properties:
+ fieldRef:
+ properties:
+ apiVersion:
+ type: string
+ fieldPath:
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ format: int32
+ type: integer
+ path:
+ type: string
+ resourceFieldRef:
+ properties:
+ containerName:
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ properties:
+ medium:
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ properties:
+ volumeClaimTemplate:
+ properties:
+ metadata:
+ type: object
+ spec:
+ properties:
+ accessModes:
+ items:
+ type: string
+ type: array
+ dataSource:
+ properties:
+ apiGroup:
+ type: string
+ kind:
+ type: string
+ name:
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ dataSourceRef:
+ properties:
+ apiGroup:
+ type: string
+ kind:
+ type: string
+ name:
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ type: object
+ selector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ storageClassName:
+ type: string
+ volumeMode:
+ type: string
+ volumeName:
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ properties:
+ fsType:
+ type: string
+ lun:
+ format: int32
+ type: integer
+ readOnly:
+ type: boolean
+ targetWWNs:
+ items:
+ type: string
+ type: array
+ wwids:
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ properties:
+ driver:
+ type: string
+ fsType:
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ type: object
+ readOnly:
+ type: boolean
+ secretRef:
+ properties:
+ name:
+ type: string
+ type: object
+ required:
+ - driver
+ type: object
+ flocker:
+ properties:
+ datasetName:
+ type: string
+ datasetUUID:
+ type: string
+ type: object
+ gcePersistentDisk:
+ properties:
+ fsType:
+ type: string
+ partition:
+ format: int32
+ type: integer
+ pdName:
+ type: string
+ readOnly:
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ properties:
+ directory:
+ type: string
+ repository:
+ type: string
+ revision:
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ properties:
+ endpoints:
+ type: string
+ path:
+ type: string
+ readOnly:
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ properties:
+ path:
+ type: string
+ type:
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ properties:
+ chapAuthDiscovery:
+ type: boolean
+ chapAuthSession:
+ type: boolean
+ fsType:
+ type: string
+ initiatorName:
+ type: string
+ iqn:
+ type: string
+ iscsiInterface:
+ type: string
+ lun:
+ format: int32
+ type: integer
+ portals:
+ items:
+ type: string
+ type: array
+ readOnly:
+ type: boolean
+ secretRef:
+ properties:
+ name:
+ type: string
+ type: object
+ targetPortal:
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ type: string
+ nfs:
+ properties:
+ path:
+ type: string
+ readOnly:
+ type: boolean
+ server:
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ properties:
+ claimName:
+ type: string
+ readOnly:
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ properties:
+ fsType:
+ type: string
+ pdID:
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ properties:
+ fsType:
+ type: string
+ readOnly:
+ type: boolean
+ volumeID:
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ properties:
+ defaultMode:
+ format: int32
+ type: integer
+ sources:
+ items:
+ properties:
+ configMap:
+ properties:
+ items:
+ items:
+ properties:
+ key:
+ type: string
+ mode:
+ format: int32
+ type: integer
+ path:
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ type: string
+ optional:
+ type: boolean
+ type: object
+ downwardAPI:
+ properties:
+ items:
+ items:
+ properties:
+ fieldRef:
+ properties:
+ apiVersion:
+ type: string
+ fieldPath:
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ format: int32
+ type: integer
+ path:
+ type: string
+ resourceFieldRef:
+ properties:
+ containerName:
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ properties:
+ items:
+ items:
+ properties:
+ key:
+ type: string
+ mode:
+ format: int32
+ type: integer
+ path:
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ type: string
+ optional:
+ type: boolean
+ type: object
+ serviceAccountToken:
+ properties:
+ audience:
+ type: string
+ expirationSeconds:
+ format: int64
+ type: integer
+ path:
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ properties:
+ group:
+ type: string
+ readOnly:
+ type: boolean
+ registry:
+ type: string
+ tenant:
+ type: string
+ user:
+ type: string
+ volume:
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ properties:
+ fsType:
+ type: string
+ image:
+ type: string
+ keyring:
+ type: string
+ monitors:
+ items:
+ type: string
+ type: array
+ pool:
+ type: string
+ readOnly:
+ type: boolean
+ secretRef:
+ properties:
+ name:
+ type: string
+ type: object
+ user:
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ properties:
+ fsType:
+ type: string
+ gateway:
+ type: string
+ protectionDomain:
+ type: string
+ readOnly:
+ type: boolean
+ secretRef:
+ properties:
+ name:
+ type: string
+ type: object
+ sslEnabled:
+ type: boolean
+ storageMode:
+ type: string
+ storagePool:
+ type: string
+ system:
+ type: string
+ volumeName:
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ properties:
+ defaultMode:
+ format: int32
+ type: integer
+ items:
+ items:
+ properties:
+ key:
+ type: string
+ mode:
+ format: int32
+ type: integer
+ path:
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ type: boolean
+ secretName:
+ type: string
+ type: object
+ storageos:
+ properties:
+ fsType:
+ type: string
+ readOnly:
+ type: boolean
+ secretRef:
+ properties:
+ name:
+ type: string
+ type: object
+ volumeName:
+ type: string
+ volumeNamespace:
+ type: string
+ type: object
+ vsphereVolume:
+ properties:
+ fsType:
+ type: string
+ storagePolicyID:
+ type: string
+ storagePolicyName:
+ type: string
+ volumePath:
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ required:
+ - containers
+ type: object
+ type: object
+ updateStrategy:
+ properties:
+ rollingUpdate:
+ properties:
+ partition:
+ format: int32
+ type: integer
+ type: object
+ type:
+ type: string
+ type: object
+ volumeClaimTemplates:
+ items:
+ properties:
+ apiVersion:
+ type: string
+ kind:
+ type: string
+ metadata:
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ properties:
+ accessModes:
+ items:
+ type: string
+ type: array
+ dataSource:
+ properties:
+ apiGroup:
+ type: string
+ kind:
+ type: string
+ name:
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ dataSourceRef:
+ properties:
+ apiGroup:
+ type: string
+ kind:
+ type: string
+ name:
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ type: object
+ selector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ storageClassName:
+ type: string
+ volumeMode:
+ type: string
+ volumeName:
+ type: string
+ type: object
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ persistence:
+ default:
+ storage: 10Gi
+ description: The desired persistent storage configuration for each Pod in the cluster.
+ properties:
+ storage:
+ anyOf:
+ - type: integer
+ - type: string
+ default: 10Gi
+ description: The requested size of the persistent volume attached to each Pod in the RabbitmqCluster. The format of this field matches that defined by kubernetes/apimachinery. See https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity for more info on the format of this field.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ storageClassName:
+ description: The name of the StorageClass to claim a PersistentVolume from.
+ type: string
+ type: object
+ rabbitmq:
+ description: Configuration options for RabbitMQ Pods created in the cluster.
+ properties:
+ additionalConfig:
+ description: Modify to add to the rabbitmq.conf file in addition to default configurations set by the operator. Modifying this property on an existing RabbitmqCluster will trigger a StatefulSet rolling restart and will cause rabbitmq downtime. For more information on this config, see https://www.rabbitmq.com/configure.html#config-file
+ maxLength: 2000
+ type: string
+ additionalPlugins:
+ description: 'List of plugins to enable in addition to essential plugins: rabbitmq_management, rabbitmq_prometheus, and rabbitmq_peer_discovery_k8s.'
+ items:
+ description: A Plugin to enable on the RabbitmqCluster.
+ maxLength: 100
+ pattern: ^\w+$
+ type: string
+ maxItems: 100
+ type: array
+ advancedConfig:
+ description: Specify any rabbitmq advanced.config configurations to apply to the cluster. For more information on advanced config, see https://www.rabbitmq.com/configure.html#advanced-config-file
+ maxLength: 100000
+ type: string
+ envConfig:
+ description: Modify to add to the rabbitmq-env.conf file. Modifying this property on an existing RabbitmqCluster will trigger a StatefulSet rolling restart and will cause rabbitmq downtime. For more information on env config, see https://www.rabbitmq.com/man/rabbitmq-env.conf.5.html
+ maxLength: 100000
+ type: string
+ type: object
+ replicas:
+ default: 1
+ description: Replicas is the number of nodes in the RabbitMQ cluster. Each node is deployed as a Replica in a StatefulSet. Only 1, 3, 5 replicas clusters are tested. This value should be an odd number to ensure the resultant cluster can establish exactly one quorum of nodes in the event of a fragmenting network partition.
+ format: int32
+ minimum: 0
+ type: integer
+ resources:
+ default:
+ limits:
+ cpu: 2000m
+ memory: 2Gi
+ requests:
+ cpu: 1000m
+ memory: 2Gi
+ description: The desired compute resource requirements of Pods in the cluster.
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ secretBackend:
+ description: Secret backend configuration for the RabbitmqCluster. Enables to fetch default user credentials and certificates from K8s external secret stores.
+ properties:
+ vault:
+ description: VaultSpec will add Vault annotations (see https://www.vaultproject.io/docs/platform/k8s/injector/annotations) to RabbitMQ Pods. It requires a Vault Agent Sidecar Injector (https://www.vaultproject.io/docs/platform/k8s/injector) to be installed in the K8s cluster. The injector is a K8s Mutation Webhook Controller that alters RabbitMQ Pod specifications (based on the added Vault annotations) to include Vault Agent containers that render Vault secrets to the volume.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: Vault annotations that override the Vault annotations set by the cluster-operator. For a list of valid Vault annotations, see https://www.vaultproject.io/docs/platform/k8s/injector/annotations
+ type: object
+ defaultUserPath:
+ description: Path in Vault to access a KV (Key-Value) secret with the fields username and password for the default user. For example "secret/data/rabbitmq/config".
+ type: string
+ defaultUserUpdaterImage:
+ description: Sidecar container that updates the default user's password in RabbitMQ when it changes in Vault. Additionally, it updates /var/lib/rabbitmq/.rabbitmqadmin.conf (used by rabbitmqadmin CLI). Set to empty string to disable the sidecar container.
+ type: string
+ role:
+ description: Role in Vault. If vault.defaultUserPath is set, this role must have capability to read the pre-created default user credential in Vault. If vault.tls is set, this role must have capability to create and update certificates in the Vault PKI engine for the domains "<namespace>" and "<namespace>.svc".
+ type: string
+ tls:
+ properties:
+ altNames:
+ description: 'Specifies the requested Subject Alternative Names (SANs), in a comma-delimited list. These will be appended to the SANs added by the cluster-operator. The cluster-operator will add SANs: "<RabbitmqCluster name>-server-<index>.<RabbitmqCluster name>-nodes.<namespace>" for each pod, e.g. "myrabbit-server-0.myrabbit-nodes.default".'
+ type: string
+ commonName:
+ description: Specifies the requested certificate Common Name (CN). Defaults to <serviceName>.<namespace>.svc if not provided.
+ type: string
+ ipSans:
+ description: Specifies the requested IP Subject Alternative Names, in a comma-delimited list.
+ type: string
+ pkiIssuerPath:
+ description: Path in Vault PKI engine. For example "pki/issue/hashicorp-com". required
+ type: string
+ type: object
+ type: object
+ type: object
+ service:
+ default:
+ type: ClusterIP
+ description: The desired state of the Kubernetes Service to create for the cluster.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: Annotations to add to the Service.
+ type: object
+ type:
+ default: ClusterIP
+ description: 'Type of Service to create for the cluster. Must be one of: ClusterIP, LoadBalancer, NodePort. For more info see https://pkg.go.dev/k8s.io/api/core/v1#ServiceType'
+ enum:
+ - ClusterIP
+ - LoadBalancer
+ - NodePort
+ type: string
+ type: object
+ skipPostDeploySteps:
+ description: If unset, or set to false, the cluster will run `rabbitmq-queues rebalance all` whenever the cluster is updated. Set to true to prevent the operator rebalancing queue leaders after a cluster update. Has no effect if the cluster only consists of one node. For more information, see https://www.rabbitmq.com/rabbitmq-queues.8.html#rebalance
+ type: boolean
+ terminationGracePeriodSeconds:
+ default: 604800
+ description: 'TerminationGracePeriodSeconds is the timeout that each rabbitmqcluster pod will have to terminate gracefully. It defaults to 604800 seconds ( a week long) to ensure that the container preStop lifecycle hook can finish running. For more information, see: https://github.com/rabbitmq/cluster-operator/blob/main/docs/design/20200520-graceful-pod-termination.md'
+ format: int64
+ minimum: 0
+ type: integer
+ tls:
+ description: TLS-related configuration for the RabbitMQ cluster.
+ properties:
+ caSecretName:
+ description: Name of a Secret in the same Namespace as the RabbitmqCluster, containing the Certificate Authority's public certificate for TLS. The Secret must store this as ca.crt. This Secret can be created by running `kubectl create secret generic ca-secret --from-file=ca.crt=path/to/ca.cert` Used for mTLS, and TLS for rabbitmq_web_stomp and rabbitmq_web_mqtt.
+ type: string
+ disableNonTLSListeners:
+ description: 'When set to true, the RabbitmqCluster disables non-TLS listeners for RabbitMQ, management plugin and for any enabled plugins in the following list: stomp, mqtt, web_stomp, web_mqtt. Only TLS-enabled clients will be able to connect.'
+ type: boolean
+ secretName:
+ description: Name of a Secret in the same Namespace as the RabbitmqCluster, containing the server's private key & public certificate for TLS. The Secret must store these as tls.key and tls.crt, respectively. This Secret can be created by running `kubectl create secret tls tls-secret --cert=path/to/tls.cert --key=path/to/tls.key`
+ type: string
+ type: object
+ tolerations:
+ description: Tolerations is the list of Toleration resources attached to each Pod in the RabbitmqCluster.
+ items:
+ description: The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ status:
+ description: Status presents the observed state of RabbitmqCluster
+ properties:
+ binding:
+ description: 'Binding exposes a secret containing the binding information for this RabbitmqCluster. It implements the service binding Provisioned Service duck type. See: https://github.com/servicebinding/spec#provisioned-service'
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ conditions:
+ description: Set of Conditions describing the current state of the RabbitmqCluster
+ items:
+ properties:
+ lastTransitionTime:
+ description: The last time this Condition type changed.
+ format: date-time
+ type: string
+ message:
+ description: Full text reason for current status of the condition.
+ type: string
+ reason:
+ description: One word, camel-case reason for current status of the condition.
+ type: string
+ status:
+ description: True, False, or Unknown
+ type: string
+ type:
+ description: Type indicates the scope of RabbitmqCluster status addressed by the condition.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ defaultUser:
+ description: Identifying information on internal resources
+ properties:
+ secretReference:
+ description: Reference to the Kubernetes Secret containing the credentials of the default user.
+ properties:
+ keys:
+ additionalProperties:
+ type: string
+ description: Key-value pairs in the Secret corresponding to `username`, `password`, `host`, and `port`
+ type: object
+ name:
+ description: Name of the Secret containing the default user credentials
+ type: string
+ namespace:
+ description: Namespace of the Secret containing the default user credentials
+ type: string
+ required:
+ - keys
+ - name
+ - namespace
+ type: object
+ serviceReference:
+ description: Reference to the Kubernetes Service serving the cluster.
+ properties:
+ name:
+ description: Name of the Service serving the cluster
+ type: string
+ namespace:
+ description: Namespace of the Service serving the cluster
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ type: object
+ observedGeneration:
+ description: observedGeneration is the most recent successful generation observed for this RabbitmqCluster. It corresponds to the RabbitmqCluster's generation, which is updated on mutation by the API Server.
+ format: int64
+ type: integer
+ required:
+ - conditions
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/charts/rabbitmq-cluster-operator/crds/crds-messaging-topology-operator.yaml b/charts/rabbitmq-cluster-operator/crds/crds-messaging-topology-operator.yaml
new file mode 100644
index 0000000..7443fd9
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/crds/crds-messaging-topology-operator.yaml
@@ -0,0 +1,1593 @@
+# Source: https://github.com/rabbitmq/messaging-topology-operator/tree/main/config/crd
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.8.0
+ creationTimestamp: null
+ name: bindings.rabbitmq.com
+spec:
+ group: rabbitmq.com
+ names:
+ categories:
+ - all
+ - rabbitmq
+ kind: Binding
+ listKind: BindingList
+ plural: bindings
+ singular: binding
+ scope: Namespaced
+ versions:
+ - name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Binding is the Schema for the bindings API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: BindingSpec defines the desired state of Binding
+ properties:
+ arguments:
+ description: Cannot be updated
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ destination:
+ description: Cannot be updated
+ type: string
+ destinationType:
+ description: Cannot be updated
+ enum:
+ - exchange
+ - queue
+ type: string
+ rabbitmqClusterReference:
+ description: Reference to the RabbitmqCluster that the binding will
+ be created in. Required property.
+ properties:
+ connectionSecret:
+ description: Secret contains the http management uri for the RabbitMQ
+ cluster. The Secret must contain the key `uri`, `username` and
+ `password` or operator will error. Have to set either name or
+ connectionSecret, but not both.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ name:
+ description: The name of the RabbitMQ cluster to reference. Have
+ to set either name or connectionSecret, but not both.
+ type: string
+ namespace:
+ description: The namespace of the RabbitMQ cluster to reference.
+ Defaults to the namespace of the requested resource if omitted.
+ type: string
+ type: object
+ routingKey:
+ description: Cannot be updated
+ type: string
+ source:
+ description: Cannot be updated
+ type: string
+ vhost:
+ default: /
+ description: Default to vhost '/'; cannot be updated
+ type: string
+ required:
+ - rabbitmqClusterReference
+ type: object
+ status:
+ description: BindingStatus defines the observed state of Binding
+ properties:
+ conditions:
+ items:
+ properties:
+ lastTransitionTime:
+ description: The last time this Condition status changed.
+ format: date-time
+ type: string
+ message:
+ description: Full text reason for current status of the condition.
+ type: string
+ reason:
+ description: One word, camel-case reason for current status
+ of the condition.
+ type: string
+ status:
+ description: True, False, or Unknown
+ type: string
+ type:
+ description: Type indicates the scope of the custom resource
+ status addressed by the condition.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ observedGeneration:
+ description: observedGeneration is the most recent successful generation
+ observed for this Binding. It corresponds to the Binding's generation,
+ which is updated on mutation by the API Server.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.8.0
+ creationTimestamp: null
+ name: exchanges.rabbitmq.com
+spec:
+ group: rabbitmq.com
+ names:
+ categories:
+ - all
+ - rabbitmq
+ kind: Exchange
+ listKind: ExchangeList
+ plural: exchanges
+ singular: exchange
+ scope: Namespaced
+ versions:
+ - name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Exchange is the Schema for the exchanges API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ExchangeSpec defines the desired state of Exchange
+ properties:
+ arguments:
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ autoDelete:
+ description: Cannot be updated
+ type: boolean
+ durable:
+ description: Cannot be updated
+ type: boolean
+ name:
+ description: Required property; cannot be updated
+ type: string
+ rabbitmqClusterReference:
+ description: Reference to the RabbitmqCluster that the exchange will
+ be created in. Required property.
+ properties:
+ connectionSecret:
+ description: Secret contains the http management uri for the RabbitMQ
+ cluster. The Secret must contain the key `uri`, `username` and
+ `password` or operator will error. Have to set either name or
+ connectionSecret, but not both.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ name:
+ description: The name of the RabbitMQ cluster to reference. Have
+ to set either name or connectionSecret, but not both.
+ type: string
+ namespace:
+ description: The namespace of the RabbitMQ cluster to reference.
+ Defaults to the namespace of the requested resource if omitted.
+ type: string
+ type: object
+ type:
+ default: direct
+ description: Cannot be updated
+ type: string
+ vhost:
+ default: /
+ description: Default to vhost '/'; cannot be updated
+ type: string
+ required:
+ - name
+ - rabbitmqClusterReference
+ type: object
+ status:
+ description: ExchangeStatus defines the observed state of Exchange
+ properties:
+ conditions:
+ items:
+ properties:
+ lastTransitionTime:
+ description: The last time this Condition status changed.
+ format: date-time
+ type: string
+ message:
+ description: Full text reason for current status of the condition.
+ type: string
+ reason:
+ description: One word, camel-case reason for current status
+ of the condition.
+ type: string
+ status:
+ description: True, False, or Unknown
+ type: string
+ type:
+ description: Type indicates the scope of the custom resource
+ status addressed by the condition.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ observedGeneration:
+ description: observedGeneration is the most recent successful generation
+ observed for this Exchange. It corresponds to the Exchange's generation,
+ which is updated on mutation by the API Server.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.8.0
+ creationTimestamp: null
+ name: federations.rabbitmq.com
+spec:
+ group: rabbitmq.com
+ names:
+ categories:
+ - all
+ - rabbitmq
+ kind: Federation
+ listKind: FederationList
+ plural: federations
+ singular: federation
+ scope: Namespaced
+ versions:
+ - name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Federation is the Schema for the federations API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: 'FederationSpec defines the desired state of Federation For
+ how to configure federation upstreams, see: https://www.rabbitmq.com/federation-reference.html.'
+ properties:
+ ackMode:
+ enum:
+ - on-confirm
+ - on-publish
+ - no-ack
+ type: string
+ exchange:
+ type: string
+ expires:
+ type: integer
+ maxHops:
+ type: integer
+ messageTTL:
+ type: integer
+ name:
+ description: Required property; cannot be updated
+ type: string
+ prefetch-count:
+ type: integer
+ queue:
+ type: string
+ rabbitmqClusterReference:
+ description: Reference to the RabbitmqCluster that this federation
+ upstream will be created in. Required property.
+ properties:
+ connectionSecret:
+ description: Secret contains the http management uri for the RabbitMQ
+ cluster. The Secret must contain the key `uri`, `username` and
+ `password` or operator will error. Have to set either name or
+ connectionSecret, but not both.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ name:
+ description: The name of the RabbitMQ cluster to reference. Have
+ to set either name or connectionSecret, but not both.
+ type: string
+ namespace:
+ description: The namespace of the RabbitMQ cluster to reference.
+ Defaults to the namespace of the requested resource if omitted.
+ type: string
+ type: object
+ reconnectDelay:
+ type: integer
+ trustUserId:
+ type: boolean
+ uriSecret:
+ description: Secret contains the AMQP URI(s) for the upstream. The
+ Secret must contain the key `uri` or operator will error. `uri`
+ should be one or multiple uris separated by ','. Required property.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ vhost:
+ default: /
+ description: Default to vhost '/'; cannot be updated
+ type: string
+ required:
+ - name
+ - rabbitmqClusterReference
+ - uriSecret
+ type: object
+ status:
+ description: FederationStatus defines the observed state of Federation
+ properties:
+ conditions:
+ items:
+ properties:
+ lastTransitionTime:
+ description: The last time this Condition status changed.
+ format: date-time
+ type: string
+ message:
+ description: Full text reason for current status of the condition.
+ type: string
+ reason:
+ description: One word, camel-case reason for current status
+ of the condition.
+ type: string
+ status:
+ description: True, False, or Unknown
+ type: string
+ type:
+ description: Type indicates the scope of the custom resource
+ status addressed by the condition.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ observedGeneration:
+ description: observedGeneration is the most recent successful generation
+ observed for this Federation. It corresponds to the Federation's
+ generation, which is updated on mutation by the API Server.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.8.0
+ creationTimestamp: null
+ name: permissions.rabbitmq.com
+spec:
+ group: rabbitmq.com
+ names:
+ categories:
+ - all
+ - rabbitmq
+ kind: Permission
+ listKind: PermissionList
+ plural: permissions
+ singular: permission
+ scope: Namespaced
+ versions:
+ - name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Permission is the Schema for the permissions API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: PermissionSpec defines the desired state of Permission
+ properties:
+ permissions:
+ description: 'Permissions to grant to the user in the specific vhost;
+ required property. See RabbitMQ doc for more information: https://www.rabbitmq.com/access-control.html#user-management'
+ properties:
+ configure:
+ type: string
+ read:
+ type: string
+ write:
+ type: string
+ type: object
+ rabbitmqClusterReference:
+ description: Reference to the RabbitmqCluster that both the provided
+ user and vhost are. Required property.
+ properties:
+ connectionSecret:
+ description: Secret contains the http management uri for the RabbitMQ
+ cluster. The Secret must contain the key `uri`, `username` and
+ `password` or operator will error. Have to set either name or
+ connectionSecret, but not both.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ name:
+ description: The name of the RabbitMQ cluster to reference. Have
+ to set either name or connectionSecret, but not both.
+ type: string
+ namespace:
+ description: The namespace of the RabbitMQ cluster to reference.
+ Defaults to the namespace of the requested resource if omitted.
+ type: string
+ type: object
+ user:
+ description: Name of an existing user; must provide user or userReference,
+ else create/update will fail; cannot be updated
+ type: string
+ userReference:
+ description: Reference to an existing user.rabbitmq.com object; must
+ provide user or userReference, else create/update will fail; cannot
+ be updated
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ vhost:
+ description: Name of an existing vhost; required property; cannot
+ be updated
+ type: string
+ required:
+ - permissions
+ - rabbitmqClusterReference
+ - vhost
+ type: object
+ status:
+ description: PermissionStatus defines the observed state of Permission
+ properties:
+ conditions:
+ items:
+ properties:
+ lastTransitionTime:
+ description: The last time this Condition status changed.
+ format: date-time
+ type: string
+ message:
+ description: Full text reason for current status of the condition.
+ type: string
+ reason:
+ description: One word, camel-case reason for current status
+ of the condition.
+ type: string
+ status:
+ description: True, False, or Unknown
+ type: string
+ type:
+ description: Type indicates the scope of the custom resource
+ status addressed by the condition.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ observedGeneration:
+ description: observedGeneration is the most recent successful generation
+ observed for this Permission. It corresponds to the Permission's
+ generation, which is updated on mutation by the API Server.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.8.0
+ creationTimestamp: null
+ name: policies.rabbitmq.com
+spec:
+ group: rabbitmq.com
+ names:
+ categories:
+ - all
+ - rabbitmq
+ kind: Policy
+ listKind: PolicyList
+ plural: policies
+ singular: policy
+ scope: Namespaced
+ versions:
+ - name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Policy is the Schema for the policies API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: PolicySpec defines the desired state of Policy https://www.rabbitmq.com/parameters.html#policies
+ properties:
+ applyTo:
+ default: all
+ description: 'What this policy applies to: ''queues'', ''exchanges'',
+ or ''all''. Default to ''all''.'
+ enum:
+ - queues
+ - exchanges
+ - all
+ type: string
+ definition:
+ description: Policy definition. Required property.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ name:
+ description: Required property; cannot be updated
+ type: string
+ pattern:
+ description: Regular expression pattern used to match queues and exchanges,
+ e.g. "^amq.". Required property.
+ type: string
+ priority:
+ default: 0
+ description: Default to '0'. In the event that more than one policy
+ can match a given exchange or queue, the policy with the greatest
+ priority applies.
+ type: integer
+ rabbitmqClusterReference:
+ description: Reference to the RabbitmqCluster that the exchange will
+ be created in. Required property.
+ properties:
+ connectionSecret:
+ description: Secret contains the http management uri for the RabbitMQ
+ cluster. The Secret must contain the key `uri`, `username` and
+ `password` or operator will error. Have to set either name or
+ connectionSecret, but not both.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ name:
+ description: The name of the RabbitMQ cluster to reference. Have
+ to set either name or connectionSecret, but not both.
+ type: string
+ namespace:
+ description: The namespace of the RabbitMQ cluster to reference.
+ Defaults to the namespace of the requested resource if omitted.
+ type: string
+ type: object
+ vhost:
+ default: /
+ description: Default to vhost '/'; cannot be updated
+ type: string
+ required:
+ - definition
+ - name
+ - pattern
+ - rabbitmqClusterReference
+ type: object
+ status:
+ description: PolicyStatus defines the observed state of Policy
+ properties:
+ conditions:
+ items:
+ properties:
+ lastTransitionTime:
+ description: The last time this Condition status changed.
+ format: date-time
+ type: string
+ message:
+ description: Full text reason for current status of the condition.
+ type: string
+ reason:
+ description: One word, camel-case reason for current status
+ of the condition.
+ type: string
+ status:
+ description: True, False, or Unknown
+ type: string
+ type:
+ description: Type indicates the scope of the custom resource
+ status addressed by the condition.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ observedGeneration:
+ description: observedGeneration is the most recent successful generation
+ observed for this Policy. It corresponds to the Policy's generation,
+ which is updated on mutation by the API Server.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.8.0
+ creationTimestamp: null
+ name: queues.rabbitmq.com
+spec:
+ group: rabbitmq.com
+ names:
+ categories:
+ - all
+ - rabbitmq
+ kind: Queue
+ listKind: QueueList
+ plural: queues
+ singular: queue
+ scope: Namespaced
+ versions:
+ - name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Queue is the Schema for the queues API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: QueueSpec defines the desired state of Queue
+ properties:
+ arguments:
+ description: 'Queue arguments in the format of KEY: VALUE. e.g. x-delivery-limit:
+ 10000. Configuring queues through arguments is not recommended because
+ they cannot be updated once set; we recommend configuring queues
+ through policies instead.'
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ autoDelete:
+ description: when set to true, queues that have had at least one consumer
+ before are deleted after the last consumer unsubscribes.
+ type: boolean
+ durable:
+ description: When set to false queues does not survive server restart.
+ type: boolean
+ name:
+ description: Name of the queue; required property.
+ type: string
+ rabbitmqClusterReference:
+ description: Reference to the RabbitmqCluster that the queue will
+ be created in. Required property.
+ properties:
+ connectionSecret:
+ description: Secret contains the http management uri for the RabbitMQ
+ cluster. The Secret must contain the key `uri`, `username` and
+ `password` or operator will error. Have to set either name or
+ connectionSecret, but not both.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ name:
+ description: The name of the RabbitMQ cluster to reference. Have
+ to set either name or connectionSecret, but not both.
+ type: string
+ namespace:
+ description: The namespace of the RabbitMQ cluster to reference.
+ Defaults to the namespace of the requested resource if omitted.
+ type: string
+ type: object
+ type:
+ type: string
+ vhost:
+ default: /
+ description: Default to vhost '/'
+ type: string
+ required:
+ - name
+ - rabbitmqClusterReference
+ type: object
+ status:
+ description: QueueStatus defines the observed state of Queue
+ properties:
+ conditions:
+ items:
+ properties:
+ lastTransitionTime:
+ description: The last time this Condition status changed.
+ format: date-time
+ type: string
+ message:
+ description: Full text reason for current status of the condition.
+ type: string
+ reason:
+ description: One word, camel-case reason for current status
+ of the condition.
+ type: string
+ status:
+ description: True, False, or Unknown
+ type: string
+ type:
+ description: Type indicates the scope of the custom resource
+ status addressed by the condition.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ observedGeneration:
+ description: observedGeneration is the most recent successful generation
+ observed for this Queue. It corresponds to the Queue's generation,
+ which is updated on mutation by the API Server.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.8.0
+ creationTimestamp: null
+ name: schemareplications.rabbitmq.com
+spec:
+ group: rabbitmq.com
+ names:
+ kind: SchemaReplication
+ listKind: SchemaReplicationList
+ plural: schemareplications
+ singular: schemareplication
+ scope: Namespaced
+ versions:
+ - name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: 'SchemaReplication is the Schema for the schemareplications API
+ This feature requires Tanzu RabbitMQ with schema replication plugin. For
+ more information, see: https://tanzu.vmware.com/rabbitmq and https://www.rabbitmq.com/definitions-standby.html.'
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: SchemaReplicationSpec defines the desired state of SchemaReplication
+ properties:
+ endpoints:
+ description: endpoints should be one or multiple endpoints separated
+ by ','. Must provide either spec.endpoints or endpoints in spec.upstreamSecret.
+ When endpoints are provided in both spec.endpoints and spec.upstreamSecret,
+ spec.endpoints takes precedence.
+ type: string
+ rabbitmqClusterReference:
+ description: Reference to the RabbitmqCluster that schema replication
+ would be set for. Must be an existing cluster.
+ properties:
+ connectionSecret:
+ description: Secret contains the http management uri for the RabbitMQ
+ cluster. The Secret must contain the key `uri`, `username` and
+ `password` or operator will error. Have to set either name or
+ connectionSecret, but not both.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ name:
+ description: The name of the RabbitMQ cluster to reference. Have
+ to set either name or connectionSecret, but not both.
+ type: string
+ namespace:
+ description: The namespace of the RabbitMQ cluster to reference.
+ Defaults to the namespace of the requested resource if omitted.
+ type: string
+ type: object
+ upstreamSecret:
+ description: Defines a Secret which contains credentials to be used
+ for schema replication. The Secret must contain the keys `username`
+ and `password` in its Data field, or operator will error.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ required:
+ - rabbitmqClusterReference
+ type: object
+ status:
+ description: SchemaReplicationStatus defines the observed state of SchemaReplication
+ properties:
+ conditions:
+ items:
+ properties:
+ lastTransitionTime:
+ description: The last time this Condition status changed.
+ format: date-time
+ type: string
+ message:
+ description: Full text reason for current status of the condition.
+ type: string
+ reason:
+ description: One word, camel-case reason for current status
+ of the condition.
+ type: string
+ status:
+ description: True, False, or Unknown
+ type: string
+ type:
+ description: Type indicates the scope of the custom resource
+ status addressed by the condition.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ observedGeneration:
+ description: observedGeneration is the most recent successful generation
+ observed for this Queue. It corresponds to the Queue's generation,
+ which is updated on mutation by the API Server.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.8.0
+ creationTimestamp: null
+ name: shovels.rabbitmq.com
+spec:
+ group: rabbitmq.com
+ names:
+ categories:
+ - all
+ - rabbitmq
+ kind: Shovel
+ listKind: ShovelList
+ plural: shovels
+ singular: shovel
+ scope: Namespaced
+ versions:
+ - name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Shovel is the Schema for the shovels API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: 'ShovelSpec defines the desired state of Shovel For how to
+ configure Shovel, see: https://www.rabbitmq.com/shovel.html.'
+ properties:
+ ackMode:
+ enum:
+ - on-confirm
+ - on-publish
+ - no-ack
+ type: string
+ addForwardHeaders:
+ type: boolean
+ deleteAfter:
+ type: string
+ destAddForwardHeaders:
+ type: boolean
+ destAddTimestampHeader:
+ type: boolean
+ destAddress:
+ type: string
+ destApplicationProperties:
+ type: string
+ destExchange:
+ type: string
+ destExchangeKey:
+ type: string
+ destProperties:
+ type: string
+ destProtocol:
+ type: string
+ destPublishProperties:
+ type: string
+ destQueue:
+ type: string
+ name:
+ description: Required property; cannot be updated
+ type: string
+ prefetchCount:
+ type: integer
+ rabbitmqClusterReference:
+ description: Reference to the RabbitmqCluster that this Shovel will
+ be created in. Required property.
+ properties:
+ connectionSecret:
+ description: Secret contains the http management uri for the RabbitMQ
+ cluster. The Secret must contain the key `uri`, `username` and
+ `password` or operator will error. Have to set either name or
+ connectionSecret, but not both.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ name:
+ description: The name of the RabbitMQ cluster to reference. Have
+ to set either name or connectionSecret, but not both.
+ type: string
+ namespace:
+ description: The namespace of the RabbitMQ cluster to reference.
+ Defaults to the namespace of the requested resource if omitted.
+ type: string
+ type: object
+ reconnectDelay:
+ type: integer
+ srcAddress:
+ type: string
+ srcDeleteAfter:
+ type: string
+ srcExchange:
+ type: string
+ srcExchangeKey:
+ type: string
+ srcPrefetchCount:
+ type: integer
+ srcProtocol:
+ type: string
+ srcQueue:
+ type: string
+ uriSecret:
+ description: Secret contains the AMQP URI(s) to configure Shovel destination
+ and source. The Secret must contain the key `destUri` and `srcUri`
+ or operator will error. Both fields should be one or multiple uris
+ separated by ','. Required property.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ vhost:
+ default: /
+ description: Default to vhost '/'; cannot be updated
+ type: string
+ required:
+ - name
+ - rabbitmqClusterReference
+ - uriSecret
+ type: object
+ status:
+ description: ShovelStatus defines the observed state of Shovel
+ properties:
+ conditions:
+ items:
+ properties:
+ lastTransitionTime:
+ description: The last time this Condition status changed.
+ format: date-time
+ type: string
+ message:
+ description: Full text reason for current status of the condition.
+ type: string
+ reason:
+ description: One word, camel-case reason for current status
+ of the condition.
+ type: string
+ status:
+ description: True, False, or Unknown
+ type: string
+ type:
+ description: Type indicates the scope of the custom resource
+ status addressed by the condition.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ observedGeneration:
+ description: observedGeneration is the most recent successful generation
+ observed for this Shovel. It corresponds to the Shovel's generation,
+ which is updated on mutation by the API Server.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.8.0
+ creationTimestamp: null
+ name: superstreams.rabbitmq.com
+spec:
+ group: rabbitmq.com
+ names:
+ categories:
+ - all
+ - rabbitmq
+ kind: SuperStream
+ listKind: SuperStreamList
+ plural: superstreams
+ singular: superstream
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: SuperStream is the Schema for the queues API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: SuperStreamSpec defines the desired state of SuperStream
+ properties:
+ name:
+ description: Name of the queue; required property.
+ type: string
+ partitions:
+ default: 3
+ description: Number of partitions to create within this super stream.
+ Defaults to '3'.
+ type: integer
+ rabbitmqClusterReference:
+ description: Reference to the RabbitmqCluster that the SuperStream
+ will be created in. Required property.
+ properties:
+ connectionSecret:
+ description: Secret contains the http management uri for the RabbitMQ
+ cluster. The Secret must contain the key `uri`, `username` and
+ `password` or operator will error. Have to set either name or
+ connectionSecret, but not both.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ name:
+ description: The name of the RabbitMQ cluster to reference. Have
+ to set either name or connectionSecret, but not both.
+ type: string
+ namespace:
+ description: The namespace of the RabbitMQ cluster to reference.
+ Defaults to the namespace of the requested resource if omitted.
+ type: string
+ type: object
+ routingKeys:
+ description: Routing keys to use for each of the partitions in the
+ SuperStream If unset, the routing keys for the partitions will be
+ set to the index of the partitions
+ items:
+ type: string
+ type: array
+ vhost:
+ default: /
+ description: Default to vhost '/'; cannot be updated
+ type: string
+ required:
+ - name
+ - rabbitmqClusterReference
+ type: object
+ status:
+ description: SuperStreamStatus defines the observed state of SuperStream
+ properties:
+ conditions:
+ items:
+ properties:
+ lastTransitionTime:
+ description: The last time this Condition status changed.
+ format: date-time
+ type: string
+ message:
+ description: Full text reason for current status of the condition.
+ type: string
+ reason:
+ description: One word, camel-case reason for current status
+ of the condition.
+ type: string
+ status:
+ description: True, False, or Unknown
+ type: string
+ type:
+ description: Type indicates the scope of the custom resource
+ status addressed by the condition.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ observedGeneration:
+ description: observedGeneration is the most recent successful generation
+ observed for this SuperStream. It corresponds to the SuperStream's
+ generation, which is updated on mutation by the API Server.
+ format: int64
+ type: integer
+ partitions:
+ description: Partitions are a list of the stream queue names which
+ form the partitions of this SuperStream.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.8.0
+ creationTimestamp: null
+ name: users.rabbitmq.com
+spec:
+ group: rabbitmq.com
+ names:
+ categories:
+ - all
+ - rabbitmq
+ kind: User
+ listKind: UserList
+ plural: users
+ singular: user
+ scope: Namespaced
+ versions:
+ - name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: User is the Schema for the users API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec configures the desired state of the User object.
+ properties:
+ importCredentialsSecret:
+ description: Defines a Secret used to pre-define the username and
+ password set for this User. User objects created with this field
+ set will not have randomly-generated credentials, and will instead
+ import the username/password values from this Secret. The Secret
+ must contain the keys `username` and `password` in its Data field,
+ or the import will fail. Note that this import only occurs at creation
+ time, and is ignored once a password has been set on a User.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ rabbitmqClusterReference:
+ description: Reference to the RabbitmqCluster that the user will be
+ created for. This cluster must exist for the User object to be created.
+ properties:
+ connectionSecret:
+ description: Secret contains the http management uri for the RabbitMQ
+ cluster. The Secret must contain the key `uri`, `username` and
+ `password` or operator will error. Have to set either name or
+ connectionSecret, but not both.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ name:
+ description: The name of the RabbitMQ cluster to reference. Have
+ to set either name or connectionSecret, but not both.
+ type: string
+ namespace:
+ description: The namespace of the RabbitMQ cluster to reference.
+ Defaults to the namespace of the requested resource if omitted.
+ type: string
+ type: object
+ tags:
+ description: List of permissions tags to associate with the user.
+ This determines the level of access to the RabbitMQ management UI
+ granted to the user. Omitting this field will lead to a user than
+ can still connect to the cluster through messaging protocols, but
+ cannot perform any management actions. For more information, see
+ https://www.rabbitmq.com/management.html#permissions.
+ items:
+ description: UserTag defines the level of access to the management
+ UI allocated to the user. For more information, see https://www.rabbitmq.com/management.html#permissions.
+ enum:
+ - management
+ - policymaker
+ - monitoring
+ - administrator
+ type: string
+ type: array
+ required:
+ - rabbitmqClusterReference
+ type: object
+ status:
+ description: Status exposes the observed state of the User object.
+ properties:
+ conditions:
+ items:
+ properties:
+ lastTransitionTime:
+ description: The last time this Condition status changed.
+ format: date-time
+ type: string
+ message:
+ description: Full text reason for current status of the condition.
+ type: string
+ reason:
+ description: One word, camel-case reason for current status
+ of the condition.
+ type: string
+ status:
+ description: True, False, or Unknown
+ type: string
+ type:
+ description: Type indicates the scope of the custom resource
+ status addressed by the condition.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ credentials:
+ description: Provides a reference to a Secret object containing the
+ user credentials.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ observedGeneration:
+ description: observedGeneration is the most recent successful generation
+ observed for this User. It corresponds to the User's generation,
+ which is updated on mutation by the API Server.
+ format: int64
+ type: integer
+ username:
+ description: Provide rabbitmq Username
+ type: string
+ required:
+ - username
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.8.0
+ creationTimestamp: null
+ name: vhosts.rabbitmq.com
+spec:
+ group: rabbitmq.com
+ names:
+ categories:
+ - all
+ - rabbitmq
+ kind: Vhost
+ listKind: VhostList
+ plural: vhosts
+ singular: vhost
+ scope: Namespaced
+ versions:
+ - name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Vhost is the Schema for the vhosts API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: VhostSpec defines the desired state of Vhost
+ properties:
+ name:
+ description: Name of the vhost; see https://www.rabbitmq.com/vhosts.html.
+ type: string
+ rabbitmqClusterReference:
+ description: Reference to the RabbitmqCluster that the vhost will
+ be created in. Required property.
+ properties:
+ connectionSecret:
+ description: Secret contains the http management uri for the RabbitMQ
+ cluster. The Secret must contain the key `uri`, `username` and
+ `password` or operator will error. Have to set either name or
+ connectionSecret, but not both.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ name:
+ description: The name of the RabbitMQ cluster to reference. Have
+ to set either name or connectionSecret, but not both.
+ type: string
+ namespace:
+ description: The namespace of the RabbitMQ cluster to reference.
+ Defaults to the namespace of the requested resource if omitted.
+ type: string
+ type: object
+ tags:
+ items:
+ type: string
+ type: array
+ tracing:
+ type: boolean
+ required:
+ - name
+ - rabbitmqClusterReference
+ type: object
+ status:
+ description: VhostStatus defines the observed state of Vhost
+ properties:
+ conditions:
+ items:
+ properties:
+ lastTransitionTime:
+ description: The last time this Condition status changed.
+ format: date-time
+ type: string
+ message:
+ description: Full text reason for current status of the condition.
+ type: string
+ reason:
+ description: One word, camel-case reason for current status
+ of the condition.
+ type: string
+ status:
+ description: True, False, or Unknown
+ type: string
+ type:
+ description: Type indicates the scope of the custom resource
+ status addressed by the condition.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ observedGeneration:
+ description: observedGeneration is the most recent successful generation
+ observed for this Vhost. It corresponds to the Vhost's generation,
+ which is updated on mutation by the API Server.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/charts/rabbitmq-cluster-operator/templates/NOTES.txt b/charts/rabbitmq-cluster-operator/templates/NOTES.txt
new file mode 100644
index 0000000..c723b87
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/templates/NOTES.txt
@@ -0,0 +1,14 @@
+CHART NAME: {{ .Chart.Name }}
+CHART VERSION: {{ .Chart.Version }}
+APP VERSION: {{ .Chart.AppVersion }}
+
+** Please be patient while the chart is being deployed **
+
+Watch the RabbitMQ Cluster Operator and RabbitMQ Messaging Topology Operator Deployment status using the command:
+
+ kubectl get deploy -w --namespace {{ include "common.names.namespace" . }} -l app.kubernetes.io/name={{ include "common.names.name" . }},app.kubernetes.io/instance={{ .Release.Name }}
+
+{{ include "common.warnings.rollingTag" .Values.clusterOperator.image }}
+{{ include "common.warnings.rollingTag" .Values.msgTopologyOperator.image }}
+{{ include "common.warnings.rollingTag" .Values.credentialUpdaterImage }}
+{{ include "common.warnings.rollingTag" .Values.rabbitmqImage }}
diff --git a/charts/rabbitmq-cluster-operator/templates/_helpers.tpl b/charts/rabbitmq-cluster-operator/templates/_helpers.tpl
new file mode 100644
index 0000000..82aa0d0
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/templates/_helpers.tpl
@@ -0,0 +1,124 @@
+{{/*
+Return the proper RabbitMQ Cluster Operator fullname
+Note: We use the regular common function as the chart name already contains the
+the rabbitmq-cluster-operator name.
+*/}}
+{{- define "rmqco.clusterOperator.fullname" -}}
+{{- include "common.names.fullname" . -}}
+{{- end -}}
+
+{{/*
+Return the proper RabbitMQ Messaging Topology Operator fullname
+NOTE: Not using the common function to avoid generating too long names
+*/}}
+{{- define "rmqco.msgTopologyOperator.fullname" -}}
+{{- if .Values.msgTopologyOperator.fullnameOverride -}}
+ {{- .Values.msgTopologyOperator.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else if .Values.fullnameOverride -}}
+ {{- printf "%s-%s" .Values.fullnameOverride "messaging-topology-operator" | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+ {{- printf "%s-%s" .Release.Name "rabbitmq-messaging-topology-operator" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper RabbitMQ Messaging Topology Operator fullname
+NOTE: Not using the common function to avoid generating too long names
+*/}}
+{{- define "rmqco.msgTopologyOperator.webhook.fullname" -}}
+{{- if .Values.msgTopologyOperator.fullnameOverride -}}
+ {{- printf "%s-%s" .Values.msgTopologyOperator.fullnameOverride "webhook" | trunc 63 | trimSuffix "-" -}}
+{{- else if .Values.fullnameOverride -}}
+ {{- printf "%s-%s" .Values.fullnameOverride "messaging-topology-operator-webhook" | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+ {{- printf "%s-%s" .Release.Name "rabbitmq-messaging-topology-operator-webhook" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper RabbitMQ Messaging Topology Operator fullname
+*/}}
+{{- define "rmqco.msgTopologyOperator.webhook.secretName" -}}
+{{- if .Values.msgTopologyOperator.existingWebhookCertSecret -}}
+ {{- .Values.msgTopologyOperator.existingWebhookCertSecret -}}
+{{- else }}
+ {{- include "rmqco.msgTopologyOperator.webhook.fullname" . -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper RabbitMQ Default User Credential updater image name
+*/}}
+{{- define "rmqco.defaultCredentialUpdater.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.credentialUpdaterImage "global" .Values.global) }}
+{{- end -}}
+
+{{/*
+Return the proper RabbitMQ Cluster Operator image name
+*/}}
+{{- define "rmqco.clusterOperator.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.clusterOperator.image "global" .Values.global) }}
+{{- end -}}
+
+{{/*
+Return the proper RabbitMQ Cluster Operator image name
+*/}}
+{{- define "rmqco.msgTopologyOperator.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.msgTopologyOperator.image "global" .Values.global) }}
+{{- end -}}
+
+{{/*
+Return the proper RabbitMQ image name
+*/}}
+{{- define "rmqco.rabbitmq.image" -}}
+{{- include "common.images.image" ( dict "imageRoot" .Values.rabbitmqImage "global" .Values.global ) -}}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "rmqco.imagePullSecrets" -}}
+{{- include "common.images.pullSecrets" (dict "images" (list .Values.clusterOperator.image .Values.rabbitmqImage) "global" .Values.global) -}}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names as a comma separated string
+*/}}
+{{- define "rmqco.imagePullSecrets.string" -}}
+{{- $pullSecrets := list }}
+{{- if .Values.global }}
+ {{- range .Values.global.imagePullSecrets -}}
+ {{- $pullSecrets = append $pullSecrets . -}}
+ {{- end -}}
+{{- end -}}
+{{- range (list .Values.clusterOperator.image .Values.rabbitmqImage) -}}
+ {{- range .pullSecrets -}}
+ {{- $pullSecrets = append $pullSecrets . -}}
+ {{- end -}}
+{{- end -}}
+{{- if (not (empty $pullSecrets)) }}
+ {{- printf "%s" (join "," $pullSecrets) -}}
+{{- end }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use (Cluster Operator)
+*/}}
+{{- define "rmqco.clusterOperator.serviceAccountName" -}}
+{{- if .Values.clusterOperator.serviceAccount.create -}}
+ {{ default (printf "%s" (include "rmqco.clusterOperator.fullname" .)) .Values.clusterOperator.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.clusterOperator.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use (Messaging Topology Operator)
+*/}}
+{{- define "rmqco.msgTopologyOperator.serviceAccountName" -}}
+{{- if .Values.msgTopologyOperator.serviceAccount.create -}}
+ {{ default (printf "%s" (include "rmqco.msgTopologyOperator.fullname" .)) .Values.msgTopologyOperator.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.msgTopologyOperator.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
diff --git a/charts/rabbitmq-cluster-operator/templates/cluster-operator/clusterrole.yaml b/charts/rabbitmq-cluster-operator/templates/cluster-operator/clusterrole.yaml
new file mode 100644
index 0000000..9835407
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/templates/cluster-operator/clusterrole.yaml
@@ -0,0 +1,151 @@
+{{- if .Values.clusterOperator.rbac.create }}
+apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
+kind: ClusterRole
+metadata:
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/component: rabbitmq-operator
+ app.kubernetes.io/part-of: rabbitmq
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ name: {{ template "rmqco.clusterOperator.fullname" . }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - create
+ - get
+ - list
+ - update
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - endpoints
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - get
+ - patch
+ - apiGroups:
+ - ""
+ resources:
+ - persistentvolumeclaims
+ verbs:
+ - create
+ - get
+ - list
+ - update
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - get
+ - list
+ - update
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - pods/exec
+ verbs:
+ - create
+ - apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - create
+ - get
+ - list
+ - update
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - serviceaccounts
+ verbs:
+ - create
+ - get
+ - list
+ - update
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - services
+ verbs:
+ - create
+ - get
+ - list
+ - update
+ - watch
+ - apiGroups:
+ - apps
+ resources:
+ - statefulsets
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - update
+ - watch
+ - apiGroups:
+ - rabbitmq.com
+ resources:
+ - rabbitmqclusters
+ verbs:
+ - create
+ - get
+ - list
+ - update
+ - watch
+ - apiGroups:
+ - rabbitmq.com
+ resources:
+ - rabbitmqclusters/finalizers
+ verbs:
+ - update
+ - apiGroups:
+ - rabbitmq.com
+ resources:
+ - rabbitmqclusters/status
+ verbs:
+ - get
+ - update
+ - apiGroups:
+ - rbac.authorization.k8s.io
+ resources:
+ - rolebindings
+ verbs:
+ - create
+ - get
+ - list
+ - update
+ - watch
+ - apiGroups:
+ - rbac.authorization.k8s.io
+ resources:
+ - roles
+ verbs:
+ - create
+ - get
+ - list
+ - update
+ - watch
+{{- end }}
diff --git a/charts/rabbitmq-cluster-operator/templates/cluster-operator/clusterrolebinding.yaml b/charts/rabbitmq-cluster-operator/templates/cluster-operator/clusterrolebinding.yaml
new file mode 100644
index 0000000..fc863e9
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/templates/cluster-operator/clusterrolebinding.yaml
@@ -0,0 +1,23 @@
+{{- if .Values.clusterOperator.rbac.create }}
+apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
+kind: ClusterRoleBinding
+metadata:
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/component: rabbitmq-operator
+ app.kubernetes.io/part-of: rabbitmq
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ name: {{ template "rmqco.clusterOperator.fullname" . }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "rmqco.clusterOperator.fullname" . }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ template "rmqco.clusterOperator.serviceAccountName" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+{{- end }}
diff --git a/charts/rabbitmq-cluster-operator/templates/cluster-operator/deployment.yaml b/charts/rabbitmq-cluster-operator/templates/cluster-operator/deployment.yaml
new file mode 100644
index 0000000..b136c1f
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/templates/cluster-operator/deployment.yaml
@@ -0,0 +1,161 @@
+apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
+kind: Deployment
+metadata:
+ name: {{ template "rmqco.clusterOperator.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/component: rabbitmq-operator
+ app.kubernetes.io/part-of: rabbitmq
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+ replicas: {{ .Values.clusterOperator.replicaCount }}
+ {{- if .Values.clusterOperator.updateStrategy }}
+ strategy: {{- toYaml .Values.clusterOperator.updateStrategy | nindent 4 }}
+ {{- end }}
+ selector:
+ matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
+ app.kubernetes.io/component: rabbitmq-operator
+ template:
+ metadata:
+ {{- if .Values.clusterOperator.podAnnotations }}
+ annotations: {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.podAnnotations "context" $) | nindent 8 }}
+ {{- end }}
+ labels: {{- include "common.labels.standard" . | nindent 8 }}
+ app.kubernetes.io/component: rabbitmq-operator
+ app.kubernetes.io/part-of: rabbitmq
+ {{- if .Values.clusterOperator.podLabels }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.podLabels "context" $) | nindent 8 }}
+ {{- end }}
+ spec:
+ serviceAccountName: {{ template "rmqco.clusterOperator.serviceAccountName" . }}
+ {{- include "rmqco.imagePullSecrets" . | nindent 6 }}
+ {{- if .Values.clusterOperator.schedulerName }}
+ schedulerName: {{ .Values.clusterOperator.schedulerName | quote }}
+ {{- end }}
+ {{- if .Values.clusterOperator.hostAliases }}
+ hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.hostAliases "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.clusterOperator.topologySpreadConstraints }}
+ topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.topologySpreadConstraints "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.clusterOperator.affinity }}
+ affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.clusterOperator.affinity "context" $) | nindent 8 }}
+ {{- else }}
+ affinity:
+ podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.clusterOperator.podAffinityPreset "component" "rabbitmq-operator" "context" $) | nindent 10 }}
+ podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.clusterOperator.podAntiAffinityPreset "component" "rabbitmq-operator" "context" $) | nindent 10 }}
+ nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.clusterOperator.nodeAffinityPreset.type "key" .Values.clusterOperator.nodeAffinityPreset.key "values" .Values.clusterOperator.nodeAffinityPreset.values) | nindent 10 }}
+ {{- end }}
+ {{- if .Values.clusterOperator.nodeSelector }}
+ nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.clusterOperator.nodeSelector "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.clusterOperator.tolerations }}
+ tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.tolerations "context" .) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.clusterOperator.priorityClassName }}
+ priorityClassName: {{ .Values.clusterOperator.priorityClassName | quote }}
+ {{- end }}
+ {{- if .Values.clusterOperator.podSecurityContext.enabled }}
+ securityContext: {{- omit .Values.clusterOperator.podSecurityContext "enabled" | toYaml | nindent 8 }}
+ {{- end }}
+ {{- if .Values.clusterOperator.terminationGracePeriodSeconds }}
+ terminationGracePeriodSeconds: {{ .Values.clusterOperator.terminationGracePeriodSeconds }}
+ {{- end }}
+ initContainers:
+ {{- if .Values.clusterOperator.initContainers }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.initContainers "context" $) | nindent 8 }}
+ {{- end }}
+ containers:
+ - name: rabbitmq-cluster-operator
+ image: {{ template "rmqco.clusterOperator.image" . }}
+ imagePullPolicy: {{ .Values.clusterOperator.image.pullPolicy }}
+ {{- if .Values.clusterOperator.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.clusterOperator.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ {{- if .Values.clusterOperator.command }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.command "context" $) | nindent 12 }}
+ {{- else }}
+ command:
+ - /manager
+ {{- end }}
+ {{- if .Values.clusterOperator.args }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.args "context" $) | nindent 12 }}
+ {{- else }}
+ args:
+ - --metrics-bind-address=:{{ .Values.clusterOperator.containerPorts.metrics }}
+ {{- end }}
+ env:
+ - name: OPERATOR_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: DEFAULT_RABBITMQ_IMAGE
+ value: {{ include "rmqco.rabbitmq.image" . }}
+ - name: DEFAULT_USER_UPDATER_IMAGE
+ value: {{ include "rmqco.defaultCredentialUpdater.image" . }}
+ {{- if (include "rmqco.imagePullSecrets.string" .) }}
+ - name: DEFAULT_IMAGE_PULL_SECRETS
+ value: {{ include "rmqco.imagePullSecrets.string" . | quote }}
+ {{- end }}
+ {{- if .Values.clusterOperator.extraEnvVars }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.extraEnvVars "context" $) | nindent 12 }}
+ {{- end }}
+ envFrom:
+ {{- if .Values.clusterOperator.extraEnvVarsCM }}
+ - configMapRef:
+ name: {{ include "common.tplvalues.render" (dict "value" .Values.clusterOperator.extraEnvVarsCM "context" $) }}
+ {{- end }}
+ {{- if .Values.clusterOperator.extraEnvVarsSecret }}
+ - secretRef:
+ name: {{ include "common.tplvalues.render" (dict "value" .Values.clusterOperator.extraEnvVarsSecret "context" $) }}
+ {{- end }}
+ {{- if .Values.clusterOperator.resources }}
+ resources: {{- toYaml .Values.clusterOperator.resources | nindent 12 }}
+ {{- end }}
+ {{- if not .Values.diagnosticMode.enabled }}
+ {{- if .Values.clusterOperator.livenessProbe.enabled }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.clusterOperator.livenessProbe "enabled") "context" $) | nindent 12 }}
+ httpGet:
+ path: /metrics
+ port: http
+ {{- else if .Values.clusterOperator.customLivenessProbe }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.customLivenessProbe "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.clusterOperator.readinessProbe.enabled }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.clusterOperator.readinessProbe "enabled") "context" $) | nindent 12 }}
+ httpGet:
+ path: /metrics
+ port: http
+ {{- else if .Values.clusterOperator.customReadinessProbe }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.customReadinessProbe "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.clusterOperator.startupProbe.enabled }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.clusterOperator.startupProbe "enabled") "context" $) | nindent 12 }}
+ httpGet:
+ path: /metrics
+ port: http
+ {{- else if .Values.clusterOperator.customStartupProbe }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.customStartupProbe "context" $) | nindent 12 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.clusterOperator.lifecycleHooks }}
+ lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.lifecycleHooks "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.clusterOperator.extraVolumeMounts }}
+ volumeMounts: {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.extraVolumeMounts "context" $) | nindent 12 }}
+ {{- end }}
+ ports:
+ - name: http
+ containerPort: {{ .Values.clusterOperator.containerPorts.metrics }}
+ protocol: TCP
+ {{- if .Values.clusterOperator.sidecars }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.clusterOperator.sidecars "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.clusterOperator.extraVolumes }}
+ volumes: {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.extraVolumes "context" $) | nindent 8 }}
+ {{- end }}
diff --git a/charts/rabbitmq-cluster-operator/templates/cluster-operator/metrics-service.yaml b/charts/rabbitmq-cluster-operator/templates/cluster-operator/metrics-service.yaml
new file mode 100644
index 0000000..0cca6e3
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/templates/cluster-operator/metrics-service.yaml
@@ -0,0 +1,57 @@
+{{- if .Values.clusterOperator.metrics.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/component: rabbitmq-operator
+ app.kubernetes.io/part-of: rabbitmq
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ name: {{ printf "%s-metrics" (include "rmqco.clusterOperator.fullname" .) }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ {{- if or .Values.commonAnnotations .Values.clusterOperator.metrics.service.annotations }}
+ annotations:
+ {{- if .Values.clusterOperator.metrics.service.annotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.clusterOperator.metrics.service.annotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- end }}
+spec:
+ type: {{ .Values.clusterOperator.metrics.service.type }}
+ {{- if (or (eq .Values.clusterOperator.metrics.service.type "LoadBalancer") (eq .Values.clusterOperator.metrics.service.type "NodePort")) }}
+ externalTrafficPolicy: {{ .Values.clusterOperator.metrics.service.externalTrafficPolicy | quote }}
+ {{- end }}
+ {{- if .Values.clusterOperator.metrics.service.clusterIP }}
+ clusterIP: {{ .Values.clusterOperator.metrics.service.clusterIP }}
+ {{- end }}
+ {{- if eq .Values.clusterOperator.metrics.service.type "LoadBalancer" }}
+ loadBalancerSourceRanges: {{ .Values.clusterOperator.metrics.service.loadBalancerSourceRanges }}
+ {{- end }}
+ {{- if (and (eq .Values.clusterOperator.metrics.service.type "LoadBalancer") (not (empty .Values.clusterOperator.metrics.service.loadBalancerIP))) }}
+ loadBalancerIP: {{ .Values.clusterOperator.metrics.service.loadBalancerIP }}
+ {{- end }}
+ {{- if .Values.clusterOperator.metrics.service.sessionAffinity }}
+ sessionAffinity: {{ .Values.clusterOperator.metrics.service.sessionAffinity }}
+ {{- end }}
+ {{- if .Values.clusterOperator.metrics.service.sessionAffinityConfig }}
+ sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.metrics.service.sessionAffinityConfig "context" $) | nindent 4 }}
+ {{- end }}
+ ports:
+ - name: http
+ port: {{ .Values.clusterOperator.metrics.service.ports.http }}
+ targetPort: http
+ protocol: TCP
+ {{- if (and (or (eq .Values.clusterOperator.metrics.service.type "NodePort") (eq .Values.clusterOperator.metrics.service.type "LoadBalancer")) (not (empty .Values.clusterOperator.metrics.service.nodePorts.http))) }}
+ nodePort: {{ .Values.clusterOperator.metrics.service.nodePorts.http }}
+ {{- else if eq .Values.clusterOperator.metrics.service.type "ClusterIP" }}
+ nodePort: null
+ {{- end }}
+ {{- if .Values.clusterOperator.metrics.service.extraPorts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.metrics.service.extraPorts "context" $) | nindent 4 }}
+ {{- end }}
+ selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
+ app.kubernetes.io/component: rabbitmq-operator
+{{- end }}
diff --git a/charts/rabbitmq-cluster-operator/templates/cluster-operator/role.yaml b/charts/rabbitmq-cluster-operator/templates/cluster-operator/role.yaml
new file mode 100644
index 0000000..92bb731
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/templates/cluster-operator/role.yaml
@@ -0,0 +1,35 @@
+{{- if .Values.clusterOperator.rbac.create }}
+apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
+kind: Role
+metadata:
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/component: rabbitmq-operator
+ app.kubernetes.io/part-of: rabbitmq
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ name: {{ template "rmqco.clusterOperator.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+rules:
+ - apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+ - apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+{{- end }}
diff --git a/charts/rabbitmq-cluster-operator/templates/cluster-operator/rolebinding.yaml b/charts/rabbitmq-cluster-operator/templates/cluster-operator/rolebinding.yaml
new file mode 100644
index 0000000..d439e87
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/templates/cluster-operator/rolebinding.yaml
@@ -0,0 +1,24 @@
+{{- if .Values.clusterOperator.rbac.create }}
+apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
+kind: RoleBinding
+metadata:
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/component: rabbitmq-operator
+ app.kubernetes.io/part-of: rabbitmq
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ name: {{ template "rmqco.clusterOperator.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ template "rmqco.clusterOperator.fullname" . }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ template "rmqco.clusterOperator.serviceAccountName" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+{{- end }}
diff --git a/charts/rabbitmq-cluster-operator/templates/cluster-operator/service-account.yaml b/charts/rabbitmq-cluster-operator/templates/cluster-operator/service-account.yaml
new file mode 100644
index 0000000..f14dc73
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/templates/cluster-operator/service-account.yaml
@@ -0,0 +1,23 @@
+{{- if .Values.clusterOperator.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/component: rabbitmq-operator
+ app.kubernetes.io/part-of: rabbitmq
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ name: {{ template "rmqco.clusterOperator.serviceAccountName" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ {{- if or .Values.commonAnnotations .Values.clusterOperator.serviceAccount.annotations }}
+ annotations:
+ {{- if .Values.clusterOperator.serviceAccount.annotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.clusterOperator.serviceAccount.annotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- end }}
+automountServiceAccountToken: {{ .Values.clusterOperator.serviceAccount.automountServiceAccountToken }}
+{{- end }}
diff --git a/charts/rabbitmq-cluster-operator/templates/cluster-operator/servicemonitor.yaml b/charts/rabbitmq-cluster-operator/templates/cluster-operator/servicemonitor.yaml
new file mode 100644
index 0000000..ed1997c
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/templates/cluster-operator/servicemonitor.yaml
@@ -0,0 +1,50 @@
+{{- if and .Values.clusterOperator.metrics.serviceMonitor.enabled .Values.clusterOperator.metrics.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ template "rmqco.clusterOperator.fullname" . }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/component: rabbitmq-operator
+ app.kubernetes.io/part-of: rabbitmq
+ {{- if .Values.clusterOperator.metrics.serviceMonitor.additionalLabels }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.clusterOperator.metrics.serviceMonitor.labels }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.clusterOperator.metrics.serviceMonitor.labels "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ namespace: {{ default (include "common.names.namespace" .) .Values.clusterOperator.metrics.serviceMonitor.namespace | quote }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+ jobLabel: {{ .Values.clusterOperator.metrics.serviceMonitor.jobLabel }}
+ selector:
+ matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
+ app.kubernetes.io/component: rabbitmq-operator
+ {{- if .Values.clusterOperator.metrics.serviceMonitor.selector }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.clusterOperator.metrics.serviceMonitor.selector "context" $ ) | nindent 6 }}
+ {{- end }}
+ namespaceSelector:
+ matchNames:
+ - {{ include "common.names.namespace" . | quote }}
+ endpoints:
+ - port: http
+ {{- if .Values.clusterOperator.metrics.serviceMonitor.interval }}
+ interval: {{ .Values.clusterOperator.metrics.serviceMonitor.interval }}
+ {{- end }}
+ {{- if .Values.clusterOperator.metrics.serviceMonitor.honorLabels }}
+ honorLabels: {{ .Values.clusterOperator.metrics.serviceMonitor.honorLabels }}
+ {{- end }}
+ {{- if .Values.clusterOperator.metrics.serviceMonitor.scrapeTimeout }}
+ scrapeTimeout: {{ .Values.clusterOperator.metrics.serviceMonitor.scrapeTimeout }}
+ {{- end }}
+ {{- if .Values.clusterOperator.metrics.serviceMonitor.metricRelabelings }}
+ metricRelabelings: {{ toYaml .Values.clusterOperator.metrics.serviceMonitor.metricRelabelings | nindent 8 }}
+ {{- end }}
+ {{- if .Values.clusterOperator.metrics.serviceMonitor.relabelings }}
+ relabelings: {{ toYaml .Values.clusterOperator.metrics.serviceMonitor.relabelings | nindent 8 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/rabbitmq-cluster-operator/templates/extra-list.yaml b/charts/rabbitmq-cluster-operator/templates/extra-list.yaml
new file mode 100644
index 0000000..9ac65f9
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/templates/extra-list.yaml
@@ -0,0 +1,4 @@
+{{- range .Values.extraDeploy }}
+---
+{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
+{{- end }}
diff --git a/charts/rabbitmq-cluster-operator/templates/issuer.yaml b/charts/rabbitmq-cluster-operator/templates/issuer.yaml
new file mode 100644
index 0000000..12ba1fa
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/templates/issuer.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.useCertManager }}
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/part-of: rabbitmq
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ name: {{ template "common.names.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+spec:
+ selfSigned: {}
+{{- end }}
diff --git a/charts/rabbitmq-cluster-operator/templates/messaging-topology-operator/certificate.yaml b/charts/rabbitmq-cluster-operator/templates/messaging-topology-operator/certificate.yaml
new file mode 100644
index 0000000..56381da
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/templates/messaging-topology-operator/certificate.yaml
@@ -0,0 +1,24 @@
+{{- if and (.Values.useCertManager) (not .Values.msgTopologyOperator.existingWebhookCertSecret) }}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/component: messaging-topology-operator
+ app.kubernetes.io/part-of: rabbitmq
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+ dnsNames:
+ - {{ printf "%s.%s.svc" (include "rmqco.msgTopologyOperator.webhook.fullname" .) (include "common.names.namespace" .) }}
+ - {{ printf "%s.%s.svc.%s" (include "rmqco.msgTopologyOperator.webhook.fullname" .) (include "common.names.namespace" .) .Values.clusterDomain }}
+ issuerRef:
+ kind: Issuer
+ name: {{ template "common.names.fullname" . }}
+ secretName: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }}
+{{- end }}
diff --git a/charts/rabbitmq-cluster-operator/templates/messaging-topology-operator/clusterrole.yaml b/charts/rabbitmq-cluster-operator/templates/messaging-topology-operator/clusterrole.yaml
new file mode 100644
index 0000000..9984199
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/templates/messaging-topology-operator/clusterrole.yaml
@@ -0,0 +1,275 @@
+{{- if .Values.msgTopologyOperator.rbac.create }}
+apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
+kind: ClusterRole
+metadata:
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/component: messaging-topology-operator
+ app.kubernetes.io/part-of: rabbitmq
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ name: {{ template "rmqco.msgTopologyOperator.fullname" . }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - get
+ - patch
+ - apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - create
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - services
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - rabbitmq.com
+ resources:
+ - bindings
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - rabbitmq.com
+ resources:
+ - bindings/status
+ verbs:
+ - get
+ - patch
+ - update
+ - apiGroups:
+ - rabbitmq.com
+ resources:
+ - exchanges
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - rabbitmq.com
+ resources:
+ - exchanges/status
+ verbs:
+ - get
+ - patch
+ - update
+ - apiGroups:
+ - rabbitmq.com
+ resources:
+ - federations
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - rabbitmq.com
+ resources:
+ - federations/status
+ verbs:
+ - get
+ - patch
+ - update
+ - apiGroups:
+ - rabbitmq.com
+ resources:
+ - permissions
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - rabbitmq.com
+ resources:
+ - permissions/status
+ verbs:
+ - get
+ - patch
+ - update
+ - apiGroups:
+ - rabbitmq.com
+ resources:
+ - policies
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - rabbitmq.com
+ resources:
+ - policies/status
+ verbs:
+ - get
+ - patch
+ - update
+ - apiGroups:
+ - rabbitmq.com
+ resources:
+ - queues
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - rabbitmq.com
+ resources:
+ - queues/status
+ verbs:
+ - get
+ - patch
+ - update
+ - apiGroups:
+ - rabbitmq.com
+ resources:
+ - rabbitmqclusters
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - rabbitmq.com
+ resources:
+ - rabbitmqclusters/status
+ verbs:
+ - get
+ - apiGroups:
+ - rabbitmq.com
+ resources:
+ - schemareplications
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - rabbitmq.com
+ resources:
+ - schemareplications/status
+ verbs:
+ - get
+ - patch
+ - update
+ - apiGroups:
+ - rabbitmq.com
+ resources:
+ - shovels
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - rabbitmq.com
+ resources:
+ - shovels/status
+ verbs:
+ - get
+ - patch
+ - update
+ - apiGroups:
+ - rabbitmq.com
+ resources:
+ - superstreams
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - rabbitmq.com
+ resources:
+ - superstreams/status
+ verbs:
+ - get
+ - patch
+ - update
+ - apiGroups:
+ - rabbitmq.com
+ resources:
+ - users
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - rabbitmq.com
+ resources:
+ - users/status
+ verbs:
+ - get
+ - patch
+ - update
+ - apiGroups:
+ - rabbitmq.com
+ resources:
+ - vhosts
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - rabbitmq.com
+ resources:
+ - vhosts/status
+ verbs:
+ - get
+ - patch
+ - update
+{{- end }}
diff --git a/charts/rabbitmq-cluster-operator/templates/messaging-topology-operator/clusterrolebinding.yaml b/charts/rabbitmq-cluster-operator/templates/messaging-topology-operator/clusterrolebinding.yaml
new file mode 100644
index 0000000..9af144c
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/templates/messaging-topology-operator/clusterrolebinding.yaml
@@ -0,0 +1,23 @@
+{{- if .Values.msgTopologyOperator.rbac.create }}
+apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
+kind: ClusterRoleBinding
+metadata:
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/component: messaging-topology-operator
+ app.kubernetes.io/part-of: rabbitmq
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ name: {{ template "rmqco.msgTopologyOperator.fullname" . }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "rmqco.msgTopologyOperator.fullname" . }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ template "rmqco.msgTopologyOperator.serviceAccountName" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+{{- end }}
diff --git a/charts/rabbitmq-cluster-operator/templates/messaging-topology-operator/deployment.yaml b/charts/rabbitmq-cluster-operator/templates/messaging-topology-operator/deployment.yaml
new file mode 100644
index 0000000..795bfc7
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/templates/messaging-topology-operator/deployment.yaml
@@ -0,0 +1,165 @@
+apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
+kind: Deployment
+metadata:
+ name: {{ template "rmqco.msgTopologyOperator.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/component: messaging-topology-operator
+ app.kubernetes.io/part-of: rabbitmq
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+ replicas: {{ .Values.msgTopologyOperator.replicaCount }}
+ {{- if .Values.msgTopologyOperator.updateStrategy }}
+ strategy: {{- toYaml .Values.msgTopologyOperator.updateStrategy | nindent 4 }}
+ {{- end }}
+ selector:
+ matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
+ app.kubernetes.io/component: messaging-topology-operator
+ template:
+ metadata:
+ {{- if .Values.msgTopologyOperator.podAnnotations }}
+ annotations: {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.podAnnotations "context" $) | nindent 8 }}
+ {{- end }}
+ labels: {{- include "common.labels.standard" . | nindent 8 }}
+ app.kubernetes.io/component: messaging-topology-operator
+ app.kubernetes.io/part-of: rabbitmq
+ {{- if .Values.msgTopologyOperator.podLabels }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.podLabels "context" $) | nindent 8 }}
+ {{- end }}
+ spec:
+ serviceAccountName: {{ template "rmqco.msgTopologyOperator.serviceAccountName" . }}
+ {{- include "rmqco.imagePullSecrets" . | nindent 6 }}
+ {{- if .Values.msgTopologyOperator.hostAliases }}
+ hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.hostAliases "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.msgTopologyOperator.topologySpreadConstraints }}
+ topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.topologySpreadConstraints "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.msgTopologyOperator.schedulerName }}
+ schedulerName: {{ .Values.msgTopologyOperator.schedulerName | quote }}
+ {{- end }}
+ {{- if .Values.msgTopologyOperator.affinity }}
+ affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.msgTopologyOperator.affinity "context" $) | nindent 8 }}
+ {{- else }}
+ affinity:
+ podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.msgTopologyOperator.podAffinityPreset "component" "messaging-topology-operator" "context" $) | nindent 10 }}
+ podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.msgTopologyOperator.podAntiAffinityPreset "component" "messaging-topology-operator" "context" $) | nindent 10 }}
+ nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.msgTopologyOperator.nodeAffinityPreset.type "key" .Values.msgTopologyOperator.nodeAffinityPreset.key "values" .Values.msgTopologyOperator.nodeAffinityPreset.values) | nindent 10 }}
+ {{- end }}
+ {{- if .Values.msgTopologyOperator.nodeSelector }}
+ nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.msgTopologyOperator.nodeSelector "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.msgTopologyOperator.tolerations }}
+ tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.tolerations "context" .) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.msgTopologyOperator.priorityClassName }}
+ priorityClassName: {{ .Values.msgTopologyOperator.priorityClassName | quote }}
+ {{- end }}
+ {{- if .Values.msgTopologyOperator.podSecurityContext.enabled }}
+ securityContext: {{- omit .Values.msgTopologyOperator.podSecurityContext "enabled" | toYaml | nindent 8 }}
+ {{- end }}
+ {{- if .Values.msgTopologyOperator.terminationGracePeriodSeconds }}
+ terminationGracePeriodSeconds: {{ .Values.msgTopologyOperator.terminationGracePeriodSeconds }}
+ {{- end }}
+ initContainers:
+ {{- if .Values.msgTopologyOperator.initContainers }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.initContainers "context" $) | nindent 8 }}
+ {{- end }}
+ containers:
+ - name: rabbitmq-cluster-operator
+ image: {{ template "rmqco.msgTopologyOperator.image" . }}
+ imagePullPolicy: {{ .Values.msgTopologyOperator.image.pullPolicy }}
+ {{- if .Values.msgTopologyOperator.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.msgTopologyOperator.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ {{- if .Values.msgTopologyOperator.command }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.command "context" $) | nindent 12 }}
+ {{- else }}
+ command:
+ - /manager
+ {{- end }}
+ {{- if .Values.msgTopologyOperator.args }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.args "context" $) | nindent 12 }}
+ {{- else }}
+ args:
+ - --metrics-bind-address=:{{ .Values.msgTopologyOperator.containerPorts.metrics }}
+ {{- end }}
+ env:
+ - name: OPERATOR_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ {{- if .Values.msgTopologyOperator.extraEnvVars }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.extraEnvVars "context" $) | nindent 12 }}
+ {{- end }}
+ envFrom:
+ {{- if .Values.msgTopologyOperator.extraEnvVarsCM }}
+ - configMapRef:
+ name: {{ include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.extraEnvVarsCM "context" $) }}
+ {{- end }}
+ {{- if .Values.msgTopologyOperator.extraEnvVarsSecret }}
+ - secretRef:
+ name: {{ include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.extraEnvVarsSecret "context" $) }}
+ {{- end }}
+ {{- if .Values.msgTopologyOperator.resources }}
+ resources: {{- toYaml .Values.msgTopologyOperator.resources | nindent 12 }}
+ {{- end }}
+ ports:
+ - name: http-webhook
+ containerPort: 9443
+ protocol: TCP
+ - name: http-metrics
+ containerPort: {{ .Values.msgTopologyOperator.containerPorts.metrics }}
+ protocol: TCP
+ {{- if not .Values.diagnosticMode.enabled }}
+ {{- if .Values.msgTopologyOperator.livenessProbe.enabled }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.msgTopologyOperator.livenessProbe "enabled") "context" $) | nindent 12 }}
+ httpGet:
+ path: /metrics
+ port: http-metrics
+ {{- else if .Values.msgTopologyOperator.customLivenessProbe }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.customLivenessProbe "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.msgTopologyOperator.readinessProbe.enabled }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.msgTopologyOperator.readinessProbe "enabled") "context" $) | nindent 12 }}
+ httpGet:
+ path: /metrics
+ port: http-metrics
+ {{- else if .Values.msgTopologyOperator.customReadinessProbe }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.customReadinessProbe "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.msgTopologyOperator.startupProbe.enabled }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.msgTopologyOperator.startupProbe "enabled") "context" $) | nindent 12 }}
+ httpGet:
+ path: /metrics
+ port: http-metrics
+ {{- else if .Values.msgTopologyOperator.customStartupProbe }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.customStartupProbe "context" $) | nindent 12 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.msgTopologyOperator.lifecycleHooks }}
+ lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.lifecycleHooks "context" $) | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ - mountPath: /tmp/k8s-webhook-server/serving-certs
+ name: cert
+ readOnly: true
+ {{- if .Values.msgTopologyOperator.extraVolumeMounts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.extraVolumeMounts "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.msgTopologyOperator.sidecars }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.msgTopologyOperator.sidecars "context" $) | nindent 8 }}
+ {{- end }}
+ volumes:
+ - name: cert
+ secret:
+ defaultMode: 420
+ secretName: {{ template "rmqco.msgTopologyOperator.webhook.secretName" . }}
+ {{- if .Values.msgTopologyOperator.extraVolumes }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.extraVolumes "context" $) | nindent 8 }}
+ {{- end }}
diff --git a/charts/rabbitmq-cluster-operator/templates/messaging-topology-operator/metrics-service.yaml b/charts/rabbitmq-cluster-operator/templates/messaging-topology-operator/metrics-service.yaml
new file mode 100644
index 0000000..a59115f
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/templates/messaging-topology-operator/metrics-service.yaml
@@ -0,0 +1,58 @@
+{{- if .Values.msgTopologyOperator.metrics.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/component: messaging-topology-operator
+ app.kubernetes.io/part-of: rabbitmq
+ type: metrics
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ name: {{ printf "%s-metrics" (include "rmqco.msgTopologyOperator.fullname" .) }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ {{- if or .Values.commonAnnotations .Values.msgTopologyOperator.metrics.service.annotations }}
+ annotations:
+ {{- if .Values.msgTopologyOperator.metrics.service.annotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.msgTopologyOperator.metrics.service.annotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- end }}
+spec:
+ type: {{ .Values.msgTopologyOperator.metrics.service.type }}
+ {{- if (or (eq .Values.msgTopologyOperator.metrics.service.type "LoadBalancer") (eq .Values.msgTopologyOperator.metrics.service.type "NodePort")) }}
+ externalTrafficPolicy: {{ .Values.msgTopologyOperator.metrics.service.externalTrafficPolicy | quote }}
+ {{- end }}
+ {{- if .Values.msgTopologyOperator.metrics.service.clusterIP }}
+ clusterIP: {{ .Values.msgTopologyOperator.metrics.service.clusterIP }}
+ {{- end }}
+ {{- if eq .Values.msgTopologyOperator.metrics.service.type "LoadBalancer" }}
+ loadBalancerSourceRanges: {{ .Values.msgTopologyOperator.metrics.service.loadBalancerSourceRanges }}
+ {{- end }}
+ {{- if (and (eq .Values.msgTopologyOperator.metrics.service.type "LoadBalancer") (not (empty .Values.msgTopologyOperator.metrics.service.loadBalancerIP))) }}
+ loadBalancerIP: {{ .Values.msgTopologyOperator.metrics.service.loadBalancerIP }}
+ {{- end }}
+ {{- if .Values.msgTopologyOperator.metrics.service.sessionAffinity }}
+ sessionAffinity: {{ .Values.msgTopologyOperator.metrics.service.sessionAffinity }}
+ {{- end }}
+ {{- if .Values.msgTopologyOperator.metrics.service.sessionAffinityConfig }}
+ sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.metrics.service.sessionAffinityConfig "context" $) | nindent 4 }}
+ {{- end }}
+ ports:
+ - name: http
+ port: {{ .Values.msgTopologyOperator.metrics.service.ports.http }}
+ targetPort: http-metrics
+ protocol: TCP
+ {{- if (and (or (eq .Values.msgTopologyOperator.metrics.service.type "NodePort") (eq .Values.msgTopologyOperator.metrics.service.type "LoadBalancer")) (not (empty .Values.msgTopologyOperator.metrics.service.nodePorts.http))) }}
+ nodePort: {{ .Values.msgTopologyOperator.metrics.service.nodePorts.http }}
+ {{- else if eq .Values.msgTopologyOperator.metrics.service.type "ClusterIP" }}
+ nodePort: null
+ {{- end }}
+ {{- if .Values.msgTopologyOperator.metrics.service.extraPorts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.metrics.service.extraPorts "context" $) | nindent 4 }}
+ {{- end }}
+ selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
+ app.kubernetes.io/component: messaging-topology-operator
+{{- end }}
diff --git a/charts/rabbitmq-cluster-operator/templates/messaging-topology-operator/role.yaml b/charts/rabbitmq-cluster-operator/templates/messaging-topology-operator/role.yaml
new file mode 100644
index 0000000..e629efb
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/templates/messaging-topology-operator/role.yaml
@@ -0,0 +1,47 @@
+{{- if .Values.msgTopologyOperator.rbac.create }}
+apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
+kind: Role
+metadata:
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/component: messaging-topology-operator
+ app.kubernetes.io/part-of: rabbitmq
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ name: {{ template "rmqco.msgTopologyOperator.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+rules:
+ - apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+ - apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+{{- end }}
diff --git a/charts/rabbitmq-cluster-operator/templates/messaging-topology-operator/rolebinding.yaml b/charts/rabbitmq-cluster-operator/templates/messaging-topology-operator/rolebinding.yaml
new file mode 100644
index 0000000..f4b94e4
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/templates/messaging-topology-operator/rolebinding.yaml
@@ -0,0 +1,24 @@
+{{- if .Values.msgTopologyOperator.rbac.create }}
+apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
+kind: RoleBinding
+metadata:
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/component: messaging-topology-operator
+ app.kubernetes.io/part-of: rabbitmq
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ name: {{ template "rmqco.msgTopologyOperator.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ template "rmqco.msgTopologyOperator.fullname" . }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ template "rmqco.msgTopologyOperator.serviceAccountName" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+{{- end }}
diff --git a/charts/rabbitmq-cluster-operator/templates/messaging-topology-operator/service-account.yaml b/charts/rabbitmq-cluster-operator/templates/messaging-topology-operator/service-account.yaml
new file mode 100644
index 0000000..cbaf5cd
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/templates/messaging-topology-operator/service-account.yaml
@@ -0,0 +1,23 @@
+{{- if .Values.msgTopologyOperator.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/component: messaging-topology-operator
+ app.kubernetes.io/part-of: rabbitmq
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ name: {{ template "rmqco.msgTopologyOperator.serviceAccountName" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ {{- if or .Values.commonAnnotations .Values.msgTopologyOperator.serviceAccount.annotations }}
+ annotations:
+ {{- if .Values.msgTopologyOperator.serviceAccount.annotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.msgTopologyOperator.serviceAccount.annotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- end }}
+automountServiceAccountToken: {{ .Values.msgTopologyOperator.serviceAccount.automountServiceAccountToken }}
+{{- end }}
diff --git a/charts/rabbitmq-cluster-operator/templates/messaging-topology-operator/servicemonitor.yaml b/charts/rabbitmq-cluster-operator/templates/messaging-topology-operator/servicemonitor.yaml
new file mode 100644
index 0000000..c022007
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/templates/messaging-topology-operator/servicemonitor.yaml
@@ -0,0 +1,52 @@
+{{- if and .Values.msgTopologyOperator.metrics.serviceMonitor.enabled .Values.msgTopologyOperator.metrics.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ template "rmqco.msgTopologyOperator.fullname" . }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/component: messaging-topology-operator
+ app.kubernetes.io/part-of: rabbitmq
+ {{- if .Values.msgTopologyOperator.metrics.serviceMonitor.additionalLabels }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.msgTopologyOperator.metrics.serviceMonitor.labels }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.metrics.serviceMonitor.labels "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ namespace: {{ default (include "common.names.namespace" .) .Values.msgTopologyOperator.metrics.serviceMonitor.namespace | quote }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+ jobLabel: {{ .Values.msgTopologyOperator.metrics.serviceMonitor.jobLabel }}
+ selector:
+ matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
+ app.kubernetes.io/component: messaging-topology-operator
+ # We need an extra label for the ServiceMonitor to scrape it correctly
+ type: metrics
+ {{- if .Values.msgTopologyOperator.metrics.serviceMonitor.selector }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.msgTopologyOperator.metrics.serviceMonitor.selector "context" $ ) | nindent 6 }}
+ {{- end }}
+ namespaceSelector:
+ matchNames:
+ - {{ include "common.names.namespace" . | quote }}
+ endpoints:
+ - port: http
+ {{- if .Values.msgTopologyOperator.metrics.serviceMonitor.interval }}
+ interval: {{ .Values.msgTopologyOperator.metrics.serviceMonitor.interval }}
+ {{- end }}
+ {{- if .Values.msgTopologyOperator.metrics.serviceMonitor.honorLabels }}
+ honorLabels: {{ .Values.msgTopologyOperator.metrics.serviceMonitor.honorLabels }}
+ {{- end }}
+ {{- if .Values.msgTopologyOperator.metrics.serviceMonitor.scrapeTimeout }}
+ scrapeTimeout: {{ .Values.msgTopologyOperator.metrics.serviceMonitor.scrapeTimeout }}
+ {{- end }}
+ {{- if .Values.msgTopologyOperator.metrics.serviceMonitor.metricRelabelings }}
+ metricRelabelings: {{ toYaml .Values.msgTopologyOperator.metrics.serviceMonitor.metricRelabelings | nindent 8 }}
+ {{- end }}
+ {{- if .Values.msgTopologyOperator.metrics.serviceMonitor.relabelings }}
+ relabelings: {{ toYaml .Values.msgTopologyOperator.metrics.serviceMonitor.relabelings | nindent 8 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/rabbitmq-cluster-operator/templates/messaging-topology-operator/validating-webhook-configuration.yaml b/charts/rabbitmq-cluster-operator/templates/messaging-topology-operator/validating-webhook-configuration.yaml
new file mode 100644
index 0000000..1543a1a
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/templates/messaging-topology-operator/validating-webhook-configuration.yaml
@@ -0,0 +1,297 @@
+{{/*
+ If the user does not have cert-manager and is not providing a secret with the certificates, the chart needs to generate the secret
+ */}}
+{{- $ca := genCA "rmq-msg-topology-ca" 365 }}
+{{- $cert := genSignedCert (include "rmqco.msgTopologyOperator.fullname" .) nil (list (printf "%s.%s.svc" (include "rmqco.msgTopologyOperator.webhook.fullname" .) (include "common.names.namespace" .)) (printf "%s.%s.svc.%s" (include "rmqco.msgTopologyOperator.webhook.fullname" .) (include "common.names.namespace" .) .Values.clusterDomain)) 365 $ca }}
+
+{{- if and (not .Values.useCertManager) (not .Values.msgTopologyOperator.existingWebhookCertSecret) }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+type: kubernetes.io/tls
+data:
+ tls.crt: {{ $cert.Cert | b64enc | quote }}
+ tls.key: {{ $cert.Key | b64enc | quote }}
+ ca.crt: {{ $ca.Cert | b64enc | quote }}
+{{- end }}
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/component: messaging-topology-operator
+ app.kubernetes.io/part-of: rabbitmq
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ annotations:
+ {{- if .Values.useCertManager }}
+ cert-manager.io/inject-ca-from: {{ printf "%s/%s" (include "common.names.namespace" .) ( include "rmqco.msgTopologyOperator.webhook.secretName" . ) }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }}
+webhooks:
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ {{- if not .Values.useCertManager }}
+ caBundle: {{ default $ca.Cert .Values.msgTopologyOperator.existingWebhookCertCABundle | b64enc | quote }}
+ {{- end }}
+ service:
+ name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ path: /validate-rabbitmq-com-v1beta1-binding
+ failurePolicy: Fail
+ name: vbinding.kb.io
+ rules:
+ - apiGroups:
+ - rabbitmq.com
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - bindings
+ sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ {{- if not .Values.useCertManager }}
+ caBundle: {{ default $ca.Cert .Values.msgTopologyOperator.existingWebhookCertCABundle | b64enc | quote }}
+ {{- end }}
+ service:
+ name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ path: /validate-rabbitmq-com-v1beta1-exchange
+ failurePolicy: Fail
+ name: vexchange.kb.io
+ rules:
+ - apiGroups:
+ - rabbitmq.com
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - exchanges
+ sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ {{- if not .Values.useCertManager }}
+ caBundle: {{ default $ca.Cert .Values.msgTopologyOperator.existingWebhookCertCABundle | b64enc | quote }}
+ {{- end }}
+ service:
+ name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ path: /validate-rabbitmq-com-v1beta1-federation
+ failurePolicy: Fail
+ name: vfederation.kb.io
+ rules:
+ - apiGroups:
+ - rabbitmq.com
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - federations
+ sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ {{- if not .Values.useCertManager }}
+ caBundle: {{ default $ca.Cert .Values.msgTopologyOperator.existingWebhookCertCABundle | b64enc | quote }}
+ {{- end }}
+ service:
+ name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ path: /validate-rabbitmq-com-v1alpha1-superstream
+ failurePolicy: Fail
+ name: vsuperstream.kb.io
+ rules:
+ - apiGroups:
+ - rabbitmq.com
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - superstreams
+ sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ {{- if not .Values.useCertManager }}
+ caBundle: {{ default $ca.Cert .Values.msgTopologyOperator.existingWebhookCertCABundle | b64enc | quote }}
+ {{- end }}
+ service:
+ name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ path: /validate-rabbitmq-com-v1beta1-permission
+ failurePolicy: Fail
+ name: vpermission.kb.io
+ rules:
+ - apiGroups:
+ - rabbitmq.com
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - permissions
+ sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ {{- if not .Values.useCertManager }}
+ caBundle: {{ default $ca.Cert .Values.msgTopologyOperator.existingWebhookCertCABundle | b64enc | quote }}
+ {{- end }}
+ service:
+ name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ path: /validate-rabbitmq-com-v1beta1-policy
+ failurePolicy: Fail
+ name: vpolicy.kb.io
+ rules:
+ - apiGroups:
+ - rabbitmq.com
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - policies
+ sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ {{- if not .Values.useCertManager }}
+ caBundle: {{ default $ca.Cert .Values.msgTopologyOperator.existingWebhookCertCABundle | b64enc | quote }}
+ {{- end }}
+ service:
+ name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ path: /validate-rabbitmq-com-v1beta1-queue
+ failurePolicy: Fail
+ name: vqueue.kb.io
+ rules:
+ - apiGroups:
+ - rabbitmq.com
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - queues
+ sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ {{- if not .Values.useCertManager }}
+ caBundle: {{ default $ca.Cert .Values.msgTopologyOperator.existingWebhookCertCABundle | b64enc | quote }}
+ {{- end }}
+ service:
+ name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ path: /validate-rabbitmq-com-v1beta1-schemareplication
+ failurePolicy: Fail
+ name: vschemareplication.kb.io
+ rules:
+ - apiGroups:
+ - rabbitmq.com
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - schemareplications
+ sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ {{- if not .Values.useCertManager }}
+ caBundle: {{ default $ca.Cert .Values.msgTopologyOperator.existingWebhookCertCABundle | b64enc | quote }}
+ {{- end }}
+ service:
+ name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ path: /validate-rabbitmq-com-v1beta1-shovel
+ failurePolicy: Fail
+ name: vshovel.kb.io
+ rules:
+ - apiGroups:
+ - rabbitmq.com
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - shovels
+ sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ {{- if not .Values.useCertManager }}
+ caBundle: {{ default $ca.Cert .Values.msgTopologyOperator.existingWebhookCertCABundle | b64enc | quote }}
+ {{- end }}
+ service:
+ name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ path: /validate-rabbitmq-com-v1beta1-user
+ failurePolicy: Fail
+ name: vuser.kb.io
+ rules:
+ - apiGroups:
+ - rabbitmq.com
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - users
+ sideEffects: None
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ {{- if not .Values.useCertManager }}
+ caBundle: {{ default $ca.Cert .Values.msgTopologyOperator.existingWebhookCertCABundle | b64enc | quote }}
+ {{- end }}
+ service:
+ name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ path: /validate-rabbitmq-com-v1beta1-vhost
+ failurePolicy: Fail
+ name: vvhost.kb.io
+ rules:
+ - apiGroups:
+ - rabbitmq.com
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - vhosts
+ sideEffects: None
diff --git a/charts/rabbitmq-cluster-operator/templates/messaging-topology-operator/webhook-service.yaml b/charts/rabbitmq-cluster-operator/templates/messaging-topology-operator/webhook-service.yaml
new file mode 100644
index 0000000..e48706e
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/templates/messaging-topology-operator/webhook-service.yaml
@@ -0,0 +1,55 @@
+apiVersion: v1
+kind: Service
+metadata:
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/component: messaging-topology-operator
+ app.kubernetes.io/part-of: rabbitmq
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ name: {{ template "rmqco.msgTopologyOperator.webhook.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ {{- if or .Values.commonAnnotations .Values.msgTopologyOperator.service.annotations }}
+ annotations:
+ {{- if .Values.msgTopologyOperator.service.annotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.msgTopologyOperator.service.annotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- end }}
+spec:
+ type: {{ .Values.msgTopologyOperator.service.type }}
+ {{- if (or (eq .Values.msgTopologyOperator.service.type "LoadBalancer") (eq .Values.msgTopologyOperator.service.type "NodePort")) }}
+ externalTrafficPolicy: {{ .Values.msgTopologyOperator.service.externalTrafficPolicy | quote }}
+ {{- end }}
+ {{- if .Values.msgTopologyOperator.service.clusterIP }}
+ clusterIP: {{ .Values.msgTopologyOperator.service.clusterIP }}
+ {{- end }}
+ {{- if eq .Values.msgTopologyOperator.service.type "LoadBalancer" }}
+ loadBalancerSourceRanges: {{ .Values.msgTopologyOperator.service.loadBalancerSourceRanges }}
+ {{- end }}
+ {{- if (and (eq .Values.msgTopologyOperator.service.type "LoadBalancer") (not (empty .Values.msgTopologyOperator.service.loadBalancerIP))) }}
+ loadBalancerIP: {{ .Values.msgTopologyOperator.service.loadBalancerIP }}
+ {{- end }}
+ {{- if .Values.msgTopologyOperator.service.sessionAffinity }}
+ sessionAffinity: {{ .Values.msgTopologyOperator.service.sessionAffinity }}
+ {{- end }}
+ {{- if .Values.msgTopologyOperator.service.sessionAffinityConfig }}
+ sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.service.sessionAffinityConfig "context" $) | nindent 4 }}
+ {{- end }}
+ ports:
+ - name: http
+ port: {{ .Values.msgTopologyOperator.service.ports.webhook }}
+ targetPort: http-webhook
+ protocol: TCP
+ {{- if (and (or (eq .Values.msgTopologyOperator.service.type "NodePort") (eq .Values.msgTopologyOperator.service.type "LoadBalancer")) (not (empty .Values.msgTopologyOperator.service.nodePorts.http))) }}
+ nodePort: {{ .Values.msgTopologyOperator.service.nodePorts.http }}
+ {{- else if eq .Values.msgTopologyOperator.service.type "ClusterIP" }}
+ nodePort: null
+ {{- end }}
+ {{- if .Values.msgTopologyOperator.service.extraPorts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.msgTopologyOperator.service.extraPorts "context" $) | nindent 4 }}
+ {{- end }}
+ selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
+ app.kubernetes.io/component: messaging-topology-operator
diff --git a/charts/rabbitmq-cluster-operator/values.yaml b/charts/rabbitmq-cluster-operator/values.yaml
new file mode 100644
index 0000000..41c0bfc
--- /dev/null
+++ b/charts/rabbitmq-cluster-operator/values.yaml
@@ -0,0 +1,919 @@
+## @section Global parameters
+## Global Docker image parameters
+## Please, note that this will override the image parameters, including dependencies, configured to use the global value
+## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
+##
+
+## @param global.imageRegistry Global Docker image registry
+## @param global.imagePullSecrets Global Docker registry secret names as an array
+## @param global.storageClass Global StorageClass for Persistent Volume(s)
+##
+global:
+ imageRegistry: ""
+ ## E.g.
+ ## imagePullSecrets:
+ ## - myRegistryKeySecretName
+ ##
+ imagePullSecrets: []
+ storageClass: ""
+
+## @section Common parameters
+##
+
+## @param kubeVersion Override Kubernetes version
+##
+kubeVersion: ""
+## @param nameOverride String to partially override common.names.fullname
+##
+nameOverride: ""
+## @param fullnameOverride String to fully override common.names.fullname
+##
+fullnameOverride: ""
+## @param commonLabels Labels to add to all deployed objects
+##
+commonLabels: {}
+## @param commonAnnotations Annotations to add to all deployed objects
+##
+commonAnnotations: {}
+## @param clusterDomain Kubernetes cluster domain name
+##
+clusterDomain: cluster.local
+## @param extraDeploy Array of extra objects to deploy with the release
+##
+extraDeploy: []
+## Enable diagnostic mode in the deployment(s)/statefulset(s)
+##
+diagnosticMode:
+ ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled)
+ ##
+ enabled: false
+
+## @section RabbitMQ Cluster Operator Parameters
+##
+
+## Bitnami RabbitMQ Image
+## ref: https://hub.docker.com/r/bitnami/rabbitmq/tags/
+## @param rabbitmqImage.registry RabbitMQ Image registry
+## @param rabbitmqImage.repository RabbitMQ Image repository
+## @param rabbitmqImage.tag RabbitMQ Image tag (immutable tags are recommended)
+## @param rabbitmqImage.pullSecrets RabbitMQ Image pull secrets
+##
+rabbitmqImage:
+ registry: docker.io
+ repository: bitnami/rabbitmq
+ tag: 3.10.5-debian-11-r2
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-rabbitmqImage-private-registry/
+ ## e.g:
+ ## pullSecrets:
+ ## - myRegistryKeySecretName
+ ##
+ pullSecrets: []
+
+## Bitnami RabbitMQ Default User Credential Updater Image
+## ref: https://hub.docker.com/r/bitnami/rmq-default-credential-updater/tags/
+## @param credentialUpdaterImage.registry RabbitMQ Default User Credential Updater Image registry
+## @param credentialUpdaterImage.repository RabbitMQ Default User Credential Updater Image repository
+## @param credentialUpdaterImage.tag RabbitMQ Default User Credential Updater Image tag (immutable tags are recommended)
+## @param credentialUpdaterImage.pullSecrets RabbitMQ Default User Credential Updater Image pull secrets
+##
+credentialUpdaterImage:
+ registry: docker.io
+ repository: bitnami/rmq-default-credential-updater
+ tag: 1.0.2-scratch-r2
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-credentialUpdaterImage-private-registry/
+ ## e.g:
+ ## pullSecrets:
+ ## - myRegistryKeySecretName
+ ##
+ pullSecrets: []
+
+clusterOperator:
+ ## Bitnami RabbitMQ Cluster Operator image
+ ## ref: https://hub.docker.com/r/bitnami/rabbitmq-cluster-operator/tags/
+ ## @param clusterOperator.image.registry RabbitMQ Cluster Operator image registry
+ ## @param clusterOperator.image.repository RabbitMQ Cluster Operator image repository
+ ## @param clusterOperator.image.tag RabbitMQ Cluster Operator image tag (immutable tags are recommended)
+ ## @param clusterOperator.image.pullPolicy RabbitMQ Cluster Operator image pull policy
+ ## @param clusterOperator.image.pullSecrets RabbitMQ Cluster Operator image pull secrets
+ ##
+ image:
+ registry: docker.io
+ repository: bitnami/rabbitmq-cluster-operator
+ tag: 1.13.1-scratch-r3
+ ## Specify a imagePullPolicy
+ ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+ ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+ ##
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ## e.g:
+ ## pullSecrets:
+ ## - myRegistryKeySecretName
+ ##
+ pullSecrets: []
+
+ ## @param clusterOperator.replicaCount Number of RabbitMQ Cluster Operator replicas to deploy
+ ##
+ replicaCount: 1
+ ## @param clusterOperator.schedulerName Alternative scheduler
+ ##
+ schedulerName: ""
+ ## @param clusterOperator.topologySpreadConstraints Topology Spread Constraints for pod assignment
+ ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+ ## The value is evaluated as a template
+ ##
+ topologySpreadConstraints: []
+ ## @param clusterOperator.terminationGracePeriodSeconds In seconds, time the given to the %%MAIN_CONTAINER_NAME%% pod needs to terminate gracefully
+ ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
+ ##
+ terminationGracePeriodSeconds: ""
+ ## Configure extra options for RabbitMQ Cluster Operator containers' liveness and readiness probes
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
+ ## @param clusterOperator.livenessProbe.enabled Enable livenessProbe on RabbitMQ Cluster Operator nodes
+ ## @param clusterOperator.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
+ ## @param clusterOperator.livenessProbe.periodSeconds Period seconds for livenessProbe
+ ## @param clusterOperator.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
+ ## @param clusterOperator.livenessProbe.failureThreshold Failure threshold for livenessProbe
+ ## @param clusterOperator.livenessProbe.successThreshold Success threshold for livenessProbe
+ ##
+ livenessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 30
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 5
+ ## @param clusterOperator.readinessProbe.enabled Enable readinessProbe on RabbitMQ Cluster Operator nodes
+ ## @param clusterOperator.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
+ ## @param clusterOperator.readinessProbe.periodSeconds Period seconds for readinessProbe
+ ## @param clusterOperator.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
+ ## @param clusterOperator.readinessProbe.failureThreshold Failure threshold for readinessProbe
+ ## @param clusterOperator.readinessProbe.successThreshold Success threshold for readinessProbe
+ ##
+ readinessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 30
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 5
+ ## @param clusterOperator.startupProbe.enabled Enable startupProbe on RabbitMQ Cluster Operator nodes
+ ## @param clusterOperator.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
+ ## @param clusterOperator.startupProbe.periodSeconds Period seconds for startupProbe
+ ## @param clusterOperator.startupProbe.timeoutSeconds Timeout seconds for startupProbe
+ ## @param clusterOperator.startupProbe.failureThreshold Failure threshold for startupProbe
+ ## @param clusterOperator.startupProbe.successThreshold Success threshold for startupProbe
+ ##
+ startupProbe:
+ enabled: false
+ initialDelaySeconds: 5
+ periodSeconds: 30
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 5
+
+ ## @param clusterOperator.customLivenessProbe Custom livenessProbe that overrides the default one
+ ##
+ customLivenessProbe: {}
+ ## @param clusterOperator.customReadinessProbe Custom readinessProbe that overrides the default one
+ ##
+ customReadinessProbe: {}
+ ## @param clusterOperator.customStartupProbe Custom startupProbe that overrides the default one
+ ##
+ customStartupProbe: {}
+
+ ## RabbitMQ Cluster Operator resource requests and limits
+ ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
+ ## @param clusterOperator.resources.limits The resources limits for the RabbitMQ Cluster Operator containers
+ ## @param clusterOperator.resources.requests The requested resources for the RabbitMQ Cluster Operator containers
+ ##
+ resources:
+ limits: {}
+ requests: {}
+
+ ## Configure Pods Security Context
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+ ## @param clusterOperator.podSecurityContext.enabled Enabled RabbitMQ Cluster Operator pods' Security Context
+ ## @param clusterOperator.podSecurityContext.fsGroup Set RabbitMQ Cluster Operator pod's Security Context fsGroup
+ ##
+ podSecurityContext:
+ enabled: true
+ fsGroup: 1001
+ ## Configure Container Security Context
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+ ## @param clusterOperator.containerSecurityContext.enabled Enabled RabbitMQ Cluster Operator containers' Security Context
+ ## @param clusterOperator.containerSecurityContext.runAsUser Set RabbitMQ Cluster Operator containers' Security Context runAsUser
+ ## @param clusterOperator.containerSecurityContext.runAsNonRoot Force running the container as non root
+ ## @param clusterOperator.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem on cluster operator containers
+ ##
+ containerSecurityContext:
+ enabled: true
+ runAsUser: 1001
+ runAsNonRoot: true
+ readOnlyRootFilesystem: true
+
+ ## @param clusterOperator.command Override default container command (useful when using custom images)
+ ##
+ command: []
+ ## @param clusterOperator.args Override default container args (useful when using custom images)
+ ##
+ args: []
+ ## @param clusterOperator.hostAliases RabbitMQ Cluster Operator pods host aliases
+ ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+ ##
+ hostAliases: []
+ ## @param clusterOperator.podLabels Extra labels for RabbitMQ Cluster Operator pods
+ ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+ ##
+ podLabels: {}
+ ## @param clusterOperator.podAnnotations Annotations for RabbitMQ Cluster Operator pods
+ ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+ ##
+ podAnnotations: {}
+ ## @param clusterOperator.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+ ##
+ podAffinityPreset: ""
+ ## @param clusterOperator.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+ ##
+ podAntiAffinityPreset: soft
+ ## Node affinity preset
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
+ ##
+ nodeAffinityPreset:
+ ## @param clusterOperator.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
+ ##
+ type: ""
+ ## @param clusterOperator.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set
+ ##
+ key: ""
+ ## @param clusterOperator.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set
+ ## E.g.
+ ## values:
+ ## - e2e-az1
+ ## - e2e-az2
+ ##
+ values: []
+ ## @param clusterOperator.affinity Affinity for RabbitMQ Cluster Operator pods assignment
+ ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+ ## NOTE: `podAffinityPreset`, `podAntiAffinityPreset`, and `nodeAffinityPreset` will be ignored when it's set
+ ##
+ affinity: {}
+ ## @param clusterOperator.nodeSelector Node labels for RabbitMQ Cluster Operator pods assignment
+ ## ref: https://kubernetes.io/docs/user-guide/node-selection/
+ ##
+ nodeSelector: {}
+ ## @param clusterOperator.tolerations Tolerations for RabbitMQ Cluster Operator pods assignment
+ ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+ ##
+ tolerations: []
+ ## @param clusterOperator.updateStrategy.type RabbitMQ Cluster Operator statefulset strategy type
+ ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+ ##
+ updateStrategy:
+ ## StrategyType
+ ## Can be set to RollingUpdate or OnDelete
+ ##
+ type: RollingUpdate
+ ## @param clusterOperator.priorityClassName RabbitMQ Cluster Operator pods' priorityClassName
+ ##
+ priorityClassName: ""
+ ## @param clusterOperator.lifecycleHooks for the RabbitMQ Cluster Operator container(s) to automate configuration before or after startup
+ ##
+ lifecycleHooks: {}
+
+ ## @param clusterOperator.containerPorts.metrics RabbitMQ Cluster Operator container port (used for metrics)
+ ##
+ containerPorts:
+ metrics: 9782
+
+ ## @param clusterOperator.extraEnvVars Array with extra environment variables to add to RabbitMQ Cluster Operator nodes
+ ## e.g:
+ ## extraEnvVars:
+ ## - name: FOO
+ ## value: "bar"
+ ##
+ extraEnvVars: []
+ ## @param clusterOperator.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for RabbitMQ Cluster Operator nodes
+ ##
+ extraEnvVarsCM: ""
+ ## @param clusterOperator.extraEnvVarsSecret Name of existing Secret containing extra env vars for RabbitMQ Cluster Operator nodes
+ ##
+ extraEnvVarsSecret: ""
+ ## @param clusterOperator.extraVolumes Optionally specify extra list of additional volumes for the RabbitMQ Cluster Operator pod(s)
+ ##
+ extraVolumes: []
+ ## @param clusterOperator.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the RabbitMQ Cluster Operator container(s)
+ ##
+ extraVolumeMounts: []
+ ## @param clusterOperator.sidecars Add additional sidecar containers to the RabbitMQ Cluster Operator pod(s)
+ ## e.g:
+ ## sidecars:
+ ## - name: your-image-name
+ ## image: your-image
+ ## imagePullPolicy: Always
+ ## ports:
+ ## - name: portname
+ ## containerPort: 1234
+ ##
+ sidecars: []
+ ## @param clusterOperator.initContainers Add additional init containers to the RabbitMQ Cluster Operator pod(s)
+ ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+ ## e.g:
+ ## initContainers:
+ ## - name: your-image-name
+ ## image: your-image
+ ## imagePullPolicy: Always
+ ## command: ['sh', '-c', 'echo "hello world"']
+ ##
+ initContainers: []
+
+ ## RBAC configuration
+ ##
+ rbac:
+ ## @param clusterOperator.rbac.create Specifies whether RBAC resources should be created
+ ##
+ create: true
+
+ ## ServiceAccount configuration
+ ##
+ serviceAccount:
+ ## @param clusterOperator.serviceAccount.create Specifies whether a ServiceAccount should be created
+ ##
+ create: true
+ ## @param clusterOperator.serviceAccount.name The name of the ServiceAccount to use.
+ ## If not set and create is true, a name is generated using the common.names.fullname template
+ ##
+ name: ""
+ ## @param clusterOperator.serviceAccount.annotations Add annotations
+ ##
+ annotations: {}
+ ## @param clusterOperator.serviceAccount.automountServiceAccountToken Automount API credentials for a service account.
+ ##
+ automountServiceAccountToken: true
+
+ ## @section RabbitMQ Cluster Operator Metrics parameters
+ ##
+ metrics:
+ ## @param clusterOperator.metrics.enabled Create a service for accessing the metrics endpoint
+ ##
+ enabled: false
+ ## Metrics service parameters
+ ##
+ service:
+ ## @param clusterOperator.metrics.service.type RabbitMQ Cluster Operator metrics service type
+ ##
+ type: ClusterIP
+ ## @param clusterOperator.metrics.service.ports.http RabbitMQ Cluster Operator metrics service HTTP port
+ ##
+ ports:
+ http: 80
+ ## Node ports to expose
+ ## @param clusterOperator.metrics.service.nodePorts.http Node port for HTTP
+ ## NOTE: choose port between <30000-32767>
+ ##
+ nodePorts:
+ http: ""
+ ## @param clusterOperator.metrics.service.clusterIP RabbitMQ Cluster Operator metrics service Cluster IP
+ ## e.g.:
+ ## clusterIP: None
+ ##
+ clusterIP: ""
+ ## @param clusterOperator.metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
+ ##
+ extraPorts: []
+ ## @param clusterOperator.metrics.service.loadBalancerIP RabbitMQ Cluster Operator metrics service Load Balancer IP
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
+ ##
+ loadBalancerIP: ""
+ ## @param clusterOperator.metrics.service.loadBalancerSourceRanges RabbitMQ Cluster Operator metrics service Load Balancer sources
+ ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
+ ## e.g:
+ ## loadBalancerSourceRanges:
+ ## - 10.10.10.0/24
+ ##
+ loadBalancerSourceRanges: []
+ ## @param clusterOperator.metrics.service.externalTrafficPolicy RabbitMQ Cluster Operator metrics service external traffic policy
+ ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+ ##
+ externalTrafficPolicy: Cluster
+ ## @param clusterOperator.metrics.service.annotations [object] Additional custom annotations for RabbitMQ Cluster Operator metrics service
+ ##
+ annotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/port: "{{ .Values.clusterOperator.metrics.service.ports.http }}"
+ ## @param clusterOperator.metrics.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
+ ## If "ClientIP", consecutive client requests will be directed to the same Pod
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ ##
+ sessionAffinity: None
+ ## @param clusterOperator.metrics.service.sessionAffinityConfig Additional settings for the sessionAffinity
+ ## sessionAffinityConfig:
+ ## clientIP:
+ ## timeoutSeconds: 300
+ ##
+ sessionAffinityConfig: {}
+ serviceMonitor:
+ ## @param clusterOperator.metrics.serviceMonitor.enabled Specify if a servicemonitor will be deployed for prometheus-operator
+ ##
+ enabled: false
+ ## @param clusterOperator.metrics.serviceMonitor.namespace Namespace which Prometheus is running in
+ ## e.g:
+ ## namespace: monitoring
+ ##
+ namespace: ""
+ ## @param clusterOperator.metrics.serviceMonitor.jobLabel Specify the jobLabel to use for the prometheus-operator
+ ##
+ jobLabel: app.kubernetes.io/name
+ ## @param clusterOperator.metrics.serviceMonitor.honorLabels Honor metrics labels
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+ ##
+ honorLabels: false
+ ## @param clusterOperator.metrics.serviceMonitor.selector Prometheus instance selector labels
+ ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration
+ ## e.g:
+ ## selector:
+ ## prometheus: my-prometheus
+ ##
+ selector: {}
+ ## @param clusterOperator.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+ ## e.g:
+ ## scrapeTimeout: 10s
+ ##
+ scrapeTimeout: ""
+ ## @param clusterOperator.metrics.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used
+ ##
+ interval: ""
+
+ ## DEPRECATED: Use clusterOperator.metrics.serviceMonitor.labels instead
+ ## This value will be removed in a future release
+ ## additionalLabels: {}
+
+ ## @param clusterOperator.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics
+ ##
+ metricRelabelings: []
+ ## @param clusterOperator.metrics.serviceMonitor.relabelings Specify general relabeling
+ ##
+ relabelings: []
+ ## @param clusterOperator.metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
+ ##
+ labels: {}
+
+## @section RabbitMQ Messaging Topology Operator Parameters
+##
+msgTopologyOperator:
+ ## Bitnami RabbitMQ Messaging Topology Operator image
+ ## ref: https://hub.docker.com/r/bitnami/rmq-messaging-topology-operator/tags/
+ ## @param msgTopologyOperator.image.registry RabbitMQ Messaging Topology Operator image registry
+ ## @param msgTopologyOperator.image.repository RabbitMQ Messaging Topology Operator image repository
+ ## @param msgTopologyOperator.image.tag RabbitMQ Messaging Topology Operator image tag (immutable tags are recommended)
+ ## @param msgTopologyOperator.image.pullPolicy RabbitMQ Messaging Topology Operator image pull policy
+ ## @param msgTopologyOperator.image.pullSecrets RabbitMQ Messaging Topology Operator image pull secrets
+ ##
+ image:
+ registry: docker.io
+ repository: bitnami/rmq-messaging-topology-operator
+ tag: 1.6.0-scratch-r0
+ ## Specify a imagePullPolicy
+ ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+ ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+ ##
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ## e.g:
+ ## pullSecrets:
+ ## - myRegistryKeySecretName
+ ##
+ pullSecrets: []
+
+ ## @param msgTopologyOperator.replicaCount Number of RabbitMQ Messaging Topology Operator replicas to deploy
+ ##
+ replicaCount: 1
+ ## @param msgTopologyOperator.topologySpreadConstraints Topology Spread Constraints for pod assignment
+ ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+ ## The value is evaluated as a template
+ ##
+ topologySpreadConstraints: []
+ ## @param msgTopologyOperator.schedulerName Alternative scheduler
+ ##
+ schedulerName: ""
+ ## @param msgTopologyOperator.terminationGracePeriodSeconds In seconds, time the given to the %%MAIN_CONTAINER_NAME%% pod needs to terminate gracefully
+ ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
+ ##
+ terminationGracePeriodSeconds: ""
+ ## Configure extra options for RabbitMQ Messaging Topology Operator containers' liveness and readiness probes
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
+ ## @param msgTopologyOperator.livenessProbe.enabled Enable livenessProbe on RabbitMQ Messaging Topology Operator nodes
+ ## @param msgTopologyOperator.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
+ ## @param msgTopologyOperator.livenessProbe.periodSeconds Period seconds for livenessProbe
+ ## @param msgTopologyOperator.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
+ ## @param msgTopologyOperator.livenessProbe.failureThreshold Failure threshold for livenessProbe
+ ## @param msgTopologyOperator.livenessProbe.successThreshold Success threshold for livenessProbe
+ ##
+ livenessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 30
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 5
+ ## @param msgTopologyOperator.readinessProbe.enabled Enable readinessProbe on RabbitMQ Messaging Topology Operator nodes
+ ## @param msgTopologyOperator.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
+ ## @param msgTopologyOperator.readinessProbe.periodSeconds Period seconds for readinessProbe
+ ## @param msgTopologyOperator.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
+ ## @param msgTopologyOperator.readinessProbe.failureThreshold Failure threshold for readinessProbe
+ ## @param msgTopologyOperator.readinessProbe.successThreshold Success threshold for readinessProbe
+ ##
+ readinessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 30
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 5
+ ## @param msgTopologyOperator.startupProbe.enabled Enable startupProbe on RabbitMQ Messaging Topology Operator nodes
+ ## @param msgTopologyOperator.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
+ ## @param msgTopologyOperator.startupProbe.periodSeconds Period seconds for startupProbe
+ ## @param msgTopologyOperator.startupProbe.timeoutSeconds Timeout seconds for startupProbe
+ ## @param msgTopologyOperator.startupProbe.failureThreshold Failure threshold for startupProbe
+ ## @param msgTopologyOperator.startupProbe.successThreshold Success threshold for startupProbe
+ ##
+ startupProbe:
+ enabled: false
+ initialDelaySeconds: 5
+ periodSeconds: 30
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 5
+
+ ## @param msgTopologyOperator.customLivenessProbe Custom livenessProbe that overrides the default one
+ ##
+ customLivenessProbe: {}
+ ## @param msgTopologyOperator.customReadinessProbe Custom readinessProbe that overrides the default one
+ ##
+ customReadinessProbe: {}
+ ## @param msgTopologyOperator.customStartupProbe Custom startupProbe that overrides the default one
+ ##
+ customStartupProbe: {}
+
+ ## @param msgTopologyOperator.existingWebhookCertSecret name of a secret containing the certificates (use it to avoid certManager creating one)
+ ##
+ existingWebhookCertSecret: ""
+
+ ## @param msgTopologyOperator.existingWebhookCertCABundle PEM-encoded CA Bundle of the existing secret provided in existingWebhookCertSecret (only if useCertManager=false)
+ ##
+ existingWebhookCertCABundle: ""
+
+ ## RabbitMQ Messaging Topology Operator resource requests and limits
+ ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
+ ## @param msgTopologyOperator.resources.limits The resources limits for the RabbitMQ Messaging Topology Operator containers
+ ## @param msgTopologyOperator.resources.requests The requested resources for the RabbitMQ Messaging Topology Operator containers
+ ##
+ resources:
+ limits: {}
+ requests: {}
+
+ ## Configure Pods Security Context
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+ ## @param msgTopologyOperator.podSecurityContext.enabled Enabled RabbitMQ Messaging Topology Operator pods' Security Context
+ ## @param msgTopologyOperator.podSecurityContext.fsGroup Set RabbitMQ Messaging Topology Operator pod's Security Context fsGroup
+ ##
+ podSecurityContext:
+ enabled: true
+ fsGroup: 1001
+ ## Configure Container Security Context
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+ ## @param msgTopologyOperator.containerSecurityContext.enabled Enabled RabbitMQ Messaging Topology Operator containers' Security Context
+ ## @param msgTopologyOperator.containerSecurityContext.runAsUser Set RabbitMQ Messaging Topology Operator containers' Security Context runAsUser
+ ## @param msgTopologyOperator.containerSecurityContext.runAsNonRoot Force running the container as non root
+ ## @param msgTopologyOperator.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem on Messaging Topology Operator
+ ##
+ containerSecurityContext:
+ enabled: true
+ runAsUser: 1001
+ runAsNonRoot: true
+ readOnlyRootFilesystem: true
+
+ ## @param msgTopologyOperator.fullnameOverride String to fully override rmqco.msgTopologyOperator.fullname template
+ ##
+ fullnameOverride: ""
+
+ ## @param msgTopologyOperator.command Override default container command (useful when using custom images)
+ ##
+ command: []
+ ## @param msgTopologyOperator.args Override default container args (useful when using custom images)
+ ##
+ args: []
+ ## @param msgTopologyOperator.hostAliases RabbitMQ Messaging Topology Operator pods host aliases
+ ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+ ##
+ hostAliases: []
+ ## @param msgTopologyOperator.podLabels Extra labels for RabbitMQ Messaging Topology Operator pods
+ ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+ ##
+ podLabels: {}
+ ## @param msgTopologyOperator.podAnnotations Annotations for RabbitMQ Messaging Topology Operator pods
+ ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+ ##
+ podAnnotations: {}
+ ## @param msgTopologyOperator.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+ ##
+ podAffinityPreset: ""
+ ## @param msgTopologyOperator.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+ ##
+ podAntiAffinityPreset: soft
+ ## Node affinity preset
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
+ ##
+ nodeAffinityPreset:
+ ## @param msgTopologyOperator.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
+ ##
+ type: ""
+ ## @param msgTopologyOperator.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set
+ ##
+ key: ""
+ ## @param msgTopologyOperator.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set
+ ## E.g.
+ ## values:
+ ## - e2e-az1
+ ## - e2e-az2
+ ##
+ values: []
+ ## @param msgTopologyOperator.affinity Affinity for RabbitMQ Messaging Topology Operator pods assignment
+ ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+ ## NOTE: `podAffinityPreset`, `podAntiAffinityPreset`, and `nodeAffinityPreset` will be ignored when it's set
+ ##
+ affinity: {}
+ ## @param msgTopologyOperator.nodeSelector Node labels for RabbitMQ Messaging Topology Operator pods assignment
+ ## ref: https://kubernetes.io/docs/user-guide/node-selection/
+ ##
+ nodeSelector: {}
+ ## @param msgTopologyOperator.tolerations Tolerations for RabbitMQ Messaging Topology Operator pods assignment
+ ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+ ##
+ tolerations: []
+ ## @param msgTopologyOperator.updateStrategy.type RabbitMQ Messaging Topology Operator statefulset strategy type
+ ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+ ##
+ updateStrategy:
+ ## StrategyType
+ ## Can be set to RollingUpdate or OnDelete
+ ##
+ type: RollingUpdate
+ ## @param msgTopologyOperator.priorityClassName RabbitMQ Messaging Topology Operator pods' priorityClassName
+ ##
+ priorityClassName: ""
+ ## @param msgTopologyOperator.lifecycleHooks for the RabbitMQ Messaging Topology Operator container(s) to automate configuration before or after startup
+ ##
+ lifecycleHooks: {}
+
+ ## @param msgTopologyOperator.containerPorts.metrics RabbitMQ Messaging Topology Operator container port (used for metrics)
+ ##
+ containerPorts:
+ metrics: 8080
+
+ ## @param msgTopologyOperator.extraEnvVars Array with extra environment variables to add to RabbitMQ Messaging Topology Operator nodes
+ ## e.g:
+ ## extraEnvVars:
+ ## - name: FOO
+ ## value: "bar"
+ ##
+ extraEnvVars: []
+ ## @param msgTopologyOperator.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for RabbitMQ Messaging Topology Operator nodes
+ ##
+ extraEnvVarsCM: ""
+ ## @param msgTopologyOperator.extraEnvVarsSecret Name of existing Secret containing extra env vars for RabbitMQ Messaging Topology Operator nodes
+ ##
+ extraEnvVarsSecret: ""
+ ## @param msgTopologyOperator.extraVolumes Optionally specify extra list of additional volumes for the RabbitMQ Messaging Topology Operator pod(s)
+ ##
+ extraVolumes: []
+ ## @param msgTopologyOperator.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the RabbitMQ Messaging Topology Operator container(s)
+ ##
+ extraVolumeMounts: []
+ ## @param msgTopologyOperator.sidecars Add additional sidecar containers to the RabbitMQ Messaging Topology Operator pod(s)
+ ## e.g:
+ ## sidecars:
+ ## - name: your-image-name
+ ## image: your-image
+ ## imagePullPolicy: Always
+ ## ports:
+ ## - name: portname
+ ## containerPort: 1234
+ ##
+ sidecars: []
+ ## @param msgTopologyOperator.initContainers Add additional init containers to the RabbitMQ Messaging Topology Operator pod(s)
+ ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+ ## e.g:
+ ## initContainers:
+ ## - name: your-image-name
+ ## image: your-image
+ ## imagePullPolicy: Always
+ ## command: ['sh', '-c', 'echo "hello world"']
+ ##
+ initContainers: []
+
+ ## Webhook service parameters
+ ##
+ service:
+ ## @param msgTopologyOperator.service.type RabbitMQ Messaging Topology Operator webhook service type
+ ##
+ type: ClusterIP
+ ## @param msgTopologyOperator.service.ports.webhook RabbitMQ Messaging Topology Operator webhook service HTTP port
+ ##
+ ports:
+ webhook: 443
+ ## Node ports to expose
+ ## @param msgTopologyOperator.service.nodePorts.http Node port for HTTP
+ ## NOTE: choose port between <30000-32767>
+ ##
+ nodePorts:
+ http: ""
+ ## @param msgTopologyOperator.service.clusterIP RabbitMQ Messaging Topology Operator webhook service Cluster IP
+ ## e.g.:
+ ## clusterIP: None
+ ##
+ clusterIP: ""
+ ## @param msgTopologyOperator.service.loadBalancerIP RabbitMQ Messaging Topology Operator webhook service Load Balancer IP
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
+ ##
+ loadBalancerIP: ""
+ ## @param msgTopologyOperator.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
+ ##
+ extraPorts: []
+ ## @param msgTopologyOperator.service.loadBalancerSourceRanges RabbitMQ Messaging Topology Operator webhook service Load Balancer sources
+ ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
+ ## e.g:
+ ## loadBalancerSourceRanges:
+ ## - 10.10.10.0/24
+ ##
+ loadBalancerSourceRanges: []
+ ## @param msgTopologyOperator.service.externalTrafficPolicy RabbitMQ Messaging Topology Operator webhook service external traffic policy
+ ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+ ##
+ externalTrafficPolicy: Cluster
+ ## @param msgTopologyOperator.service.annotations Additional custom annotations for RabbitMQ Messaging Topology Operator webhook service
+ ##
+ annotations: {}
+ ## @param msgTopologyOperator.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
+ ## If "ClientIP", consecutive client requests will be directed to the same Pod
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ ##
+ sessionAffinity: None
+ ## @param msgTopologyOperator.service.sessionAffinityConfig Additional settings for the sessionAffinity
+ ## sessionAffinityConfig:
+ ## clientIP:
+ ## timeoutSeconds: 300
+ ##
+ sessionAffinityConfig: {}
+
+ ## RBAC configuration
+ ##
+ rbac:
+ ## @param msgTopologyOperator.rbac.create Specifies whether RBAC resources should be created
+ ##
+ create: true
+
+ ## ServiceAccount configuration
+ ##
+ serviceAccount:
+ ## @param msgTopologyOperator.serviceAccount.create Specifies whether a ServiceAccount should be created
+ ##
+ create: true
+ ## @param msgTopologyOperator.serviceAccount.name The name of the ServiceAccount to use.
+ ## If not set and create is true, a name is generated using the common.names.fullname template
+ ##
+ name: ""
+ ## @param msgTopologyOperator.serviceAccount.annotations Add annotations
+ ##
+ annotations: {}
+ ## @param msgTopologyOperator.serviceAccount.automountServiceAccountToken Automount API credentials for a service account.
+ ##
+ automountServiceAccountToken: true
+
+ ## @section RabbitMQ Messaging Topology Operator parameters
+ ##
+ metrics:
+ ## @param msgTopologyOperator.metrics.enabled Create a service for accessing the metrics endpoint
+ ##
+ enabled: false
+ ## Metrics service parameters
+ ##
+ service:
+ ## @param msgTopologyOperator.metrics.service.type RabbitMQ Cluster Operator metrics service type
+ ##
+ type: ClusterIP
+ ## @param msgTopologyOperator.metrics.service.ports.http RabbitMQ Cluster Operator metrics service HTTP port
+ ##
+ ports:
+ http: 80
+ ## Node ports to expose
+ ## @param msgTopologyOperator.metrics.service.nodePorts.http Node port for HTTP
+ ## NOTE: choose port between <30000-32767>
+ ##
+ nodePorts:
+ http: ""
+ ## @param msgTopologyOperator.metrics.service.clusterIP RabbitMQ Cluster Operator metrics service Cluster IP
+ ## e.g.:
+ ## clusterIP: None
+ ##
+ clusterIP: ""
+ ## @param msgTopologyOperator.metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
+ ##
+ extraPorts: []
+ ## @param msgTopologyOperator.metrics.service.loadBalancerIP RabbitMQ Cluster Operator metrics service Load Balancer IP
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
+ ##
+ loadBalancerIP: ""
+ ## @param msgTopologyOperator.metrics.service.loadBalancerSourceRanges RabbitMQ Cluster Operator metrics service Load Balancer sources
+ ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
+ ## e.g:
+ ## loadBalancerSourceRanges:
+ ## - 10.10.10.0/24
+ ##
+ loadBalancerSourceRanges: []
+ ## @param msgTopologyOperator.metrics.service.externalTrafficPolicy RabbitMQ Cluster Operator metrics service external traffic policy
+ ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+ ##
+ externalTrafficPolicy: Cluster
+ ## @param msgTopologyOperator.metrics.service.annotations [object] Additional custom annotations for RabbitMQ Cluster Operator metrics service
+ ##
+ annotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/port: "{{ .Values.msgTopologyOperator.metrics.service.ports.http }}"
+ ## @param msgTopologyOperator.metrics.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
+ ## If "ClientIP", consecutive client requests will be directed to the same Pod
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ ##
+ sessionAffinity: None
+ ## @param msgTopologyOperator.metrics.service.sessionAffinityConfig Additional settings for the sessionAffinity
+ ## sessionAffinityConfig:
+ ## clientIP:
+ ## timeoutSeconds: 300
+ ##
+ sessionAffinityConfig: {}
+ serviceMonitor:
+ ## @param msgTopologyOperator.metrics.serviceMonitor.enabled Specify if a servicemonitor will be deployed for prometheus-operator
+ ##
+ enabled: false
+ ## @param msgTopologyOperator.metrics.serviceMonitor.namespace Namespace which Prometheus is running in
+ ## e.g:
+ ## namespace: monitoring
+ ##
+ namespace: ""
+ ## @param msgTopologyOperator.metrics.serviceMonitor.jobLabel Specify the jobLabel to use for the prometheus-operator
+ ##
+ jobLabel: app.kubernetes.io/name
+
+ ## DEPRECATED: Use msgTopologyOperator.metrics.serviceMonitor.labels instead.
+ ## This value will be removed in a future release
+ ## additionalLabels: {}
+
+ ## @param msgTopologyOperator.metrics.serviceMonitor.selector Prometheus instance selector labels
+ ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration
+ ## e.g:
+ ## selector:
+ ## prometheus: my-prometheus
+ ##
+ selector: {}
+ ## @param msgTopologyOperator.metrics.serviceMonitor.honorLabels Honor metrics labels
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+ ##
+ honorLabels: false
+ ## @param msgTopologyOperator.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+ ## e.g:
+ ## scrapeTimeout: 10s
+ ##
+ scrapeTimeout: ""
+ ## @param msgTopologyOperator.metrics.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used
+ ##
+ interval: ""
+ ## @param msgTopologyOperator.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics
+ ##
+ metricRelabelings: []
+ ## @param msgTopologyOperator.metrics.serviceMonitor.relabelings Specify general relabeling
+ ##
+ relabelings: []
+ ## @param msgTopologyOperator.metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
+ ##
+ labels: {}
+
+## @section cert-manager parameters
+##
+
+## @param useCertManager Deploy cert-manager objects (Issuer and Certificate) for webhooks
+##
+useCertManager: false
diff --git a/hack/sync-charts.sh b/hack/sync-charts.sh
index 29b4a4d..1f473b6 100755
--- a/hack/sync-charts.sh
+++ b/hack/sync-charts.sh
@@ -36,9 +36,45 @@
# Switch to folder where we will be syncing charts
pushd ${WORKDIR}
-PERCONA_REF="25d8099e1e1f807b6bc90d8d92b6a31a6dff082b"
-curl -LO https://github.com/percona/percona-helm-charts/archive/${PERCONA_REF}.tar.gz
-tar --strip-components=2 -C ${ATMOSPHERE}/charts -xvzf ${PERCONA_REF}.tar.gz percona-helm-charts-${PERCONA_REF}/charts/pxc-operator
+CILIUM_VERSION=1.10.7
+curl -sL https://helm.cilium.io/cilium-${CILIUM_VERSION}.tgz \
+ | tar -xz -C ${ATMOSPHERE}/charts
+
+CEPH_CSI_RBD_VERSION=3.5.1
+curl -sL https://ceph.github.io/csi-charts/rbd/ceph-csi-rbd-${CEPH_CSI_RBD_VERSION}.tgz \
+ | tar -xz -C ${ATMOSPHERE}/charts
+
+NODE_FEATURE_DISCOVERY_VERSION=0.11.2
+curl -sL https://github.com/kubernetes-sigs/node-feature-discovery/releases/download/v${NODE_FEATURE_DISCOVERY_VERSION}/node-feature-discovery-chart-${NODE_FEATURE_DISCOVERY_VERSION}.tgz \
+ | tar -xz -C ${ATMOSPHERE}/charts
+
+KUBE_PROMETHEUS_STACK_VERSION=41.7.3
+curl -sL https://github.com/prometheus-community/helm-charts/releases/download/kube-prometheus-stack-${KUBE_PROMETHEUS_STACK_VERSION}/kube-prometheus-stack-${KUBE_PROMETHEUS_STACK_VERSION}.tgz \
+ | tar -xz -C ${ATMOSPHERE}/charts
+
+PROMETHEUS_PUSHGATEWAY_VERSION=1.16.0
+curl -sL https://github.com/prometheus-community/helm-charts/releases/download/prometheus-pushgateway-${PROMETHEUS_PUSHGATEWAY_VERSION}/prometheus-pushgateway-${PROMETHEUS_PUSHGATEWAY_VERSION}.tgz \
+ | tar -xz -C ${ATMOSPHERE}/charts
+
+INGRESS_NGINX_VERSION=4.0.17
+curl -sL https://github.com/kubernetes/ingress-nginx/releases/download/helm-chart-${INGRESS_NGINX_VERSION}/ingress-nginx-${INGRESS_NGINX_VERSION}.tgz \
+ | tar -xz -C ${ATMOSPHERE}/charts
+
+CERT_MANAGER_VERSION=v1.7.1
+curl -sL https://charts.jetstack.io/charts/cert-manager-${CERT_MANAGER_VERSION}.tgz \
+ | tar -xz -C ${ATMOSPHERE}/charts
+
+RABBITMQ_CLUSTER_OPERATOR_VERSION=2.6.6
+curl -sL https://charts.bitnami.com/bitnami/rabbitmq-cluster-operator-${RABBITMQ_CLUSTER_OPERATOR_VERSION}.tgz \
+ | tar -xz -C ${ATMOSPHERE}/charts
+
+PXC_OPERATOR_VERSION=1.10.0
+curl -sL https://github.com/Percona-Lab/percona-helm-charts/releases/download/pxc-operator-${PXC_OPERATOR_VERSION}/pxc-operator-${PXC_OPERATOR_VERSION}.tgz \
+ | tar -xz -C ${ATMOSPHERE}/charts
+
+COREDNS_VERSION=1.19.4
+curl -sL https://github.com/coredns/helm/releases/download/coredns-${COREDNS_VERSION}/coredns-${COREDNS_VERSION}.tgz \
+ | tar -xz -C ${ATMOSPHERE}/charts
# Switch back to original directory
popd