Mohammed Naser | 4569e9b | 2024-07-19 01:08:18 -0400 | [diff] [blame] | 1 | # Default values for goldpinger. |
| 2 | # This is a YAML-formatted file. |
| 3 | # Declare variables to be passed into your templates. |
| 4 | image: |
| 5 | repository: bloomberg/goldpinger |
| 6 | # Overrides the image tag whose default is the chart appVersion. |
| 7 | tag: "" |
| 8 | pullPolicy: IfNotPresent |
| 9 | ## Optionally specify an array of imagePullSecrets. |
| 10 | ## Secrets must be manually created in the namespace. |
| 11 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ |
| 12 | ## |
| 13 | # pullSecrets: |
| 14 | # - myRegistryKeySecretName |
| 15 | |
| 16 | rbac: |
| 17 | create: true |
| 18 | clusterscoped: true |
| 19 | |
| 20 | serviceAccount: |
| 21 | create: true |
| 22 | name: |
| 23 | |
| 24 | goldpinger: |
| 25 | port: 8080 |
| 26 | zapConfig: | |
| 27 | { |
| 28 | "level": "info", |
| 29 | "encoding": "json", |
| 30 | "outputPaths": [ |
| 31 | "stdout" |
| 32 | ], |
| 33 | "errorOutputPaths": [ |
| 34 | "stderr" |
| 35 | ], |
| 36 | "initialFields": { |
| 37 | }, |
| 38 | "encoderConfig": { |
| 39 | "messageKey": "message", |
| 40 | "levelKey": "level", |
| 41 | "levelEncoder": "lowercase", |
| 42 | "timeKey": "ts", |
| 43 | "timeEncoder": "ISO8601", |
| 44 | "callerKey": "caller", |
| 45 | "callerEncoder": "Short" |
| 46 | } |
| 47 | } |
| 48 | |
| 49 | extraEnv: [] |
| 50 | |
| 51 | service: |
| 52 | type: ClusterIP |
| 53 | port: 8081 |
| 54 | annotations: {} |
| 55 | labels: {} |
| 56 | loadBalancerSourceRanges: {} |
| 57 | |
| 58 | ingress: |
| 59 | enabled: false |
| 60 | className: "" |
| 61 | annotations: {} |
| 62 | # kubernetes.io/ingress.class: nginx |
| 63 | # kubernetes.io/tls-acme: "true" |
| 64 | hosts: |
| 65 | - host: chart-example.local |
| 66 | paths: |
| 67 | - path: / |
| 68 | pathType: ImplementationSpecific |
| 69 | tls: [] |
| 70 | # - secretName: chart-example-tls |
| 71 | # hosts: |
| 72 | # - chart-example.local |
| 73 | |
| 74 | ## Set a priorityClassName for the pod. If left blank a default priority will be set. |
| 75 | priorityClassName: |
| 76 | |
| 77 | resources: {} |
| 78 | # We usually recommend not to specify default resources and to leave this as a conscious |
| 79 | # choice for the user. This also increases chances charts run on environments with little |
| 80 | # resources, such as Minikube. If you do want to specify resources, uncomment the following |
| 81 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. |
| 82 | # limits: |
| 83 | # cpu: 100m |
| 84 | # memory: 128Mi |
| 85 | # requests: |
| 86 | # cpu: 100m |
| 87 | # memory: 128Mi |
| 88 | |
| 89 | podAnnotations: {} |
| 90 | |
| 91 | podLabels: {} |
| 92 | |
| 93 | updateStrategy: {} |
| 94 | # type: RollingUpdate |
| 95 | # rollingUpdate: |
| 96 | # maxUnavailable: 1 |
| 97 | |
| 98 | ## Node labels for pod assignment |
| 99 | ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ |
| 100 | ## |
| 101 | nodeSelector: {} |
| 102 | |
| 103 | ## Tolerations for pod assignment |
| 104 | ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ |
| 105 | ## |
| 106 | tolerations: [] |
| 107 | |
| 108 | ## Affinity for pod assignment |
| 109 | ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity |
| 110 | ## |
| 111 | affinity: {} |
| 112 | |
| 113 | ## Enable this if pod security policy enabled in your cluster |
| 114 | ## It will bind ServiceAccount with unrestricted podSecurityPolicy |
| 115 | ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ |
| 116 | podSecurityPolicy: |
| 117 | enabled: false |
| 118 | policyName: unrestricted-psp |
| 119 | |
| 120 | ## Set security context of the goldpinger container |
| 121 | ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ |
| 122 | containerSecurityContext: |
| 123 | capabilities: |
| 124 | drop: |
| 125 | - ALL |
| 126 | allowPrivilegeEscalation: false |
| 127 | readOnlyRootFilesystem: true |
| 128 | runAsNonRoot: true |
| 129 | |
| 130 | ## Set security context of the pod |
| 131 | ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ |
| 132 | podSecurityContext: |
| 133 | runAsNonRoot: true |
| 134 | runAsUser: 1000 |
| 135 | fsGroup: 2000 |
| 136 | seccompProfile: |
| 137 | type: RuntimeDefault |
| 138 | |
| 139 | serviceMonitor: |
| 140 | enabled: false |
| 141 | selector: |
| 142 | prometheus: "kube-prometheus" |
| 143 | # namespace: monitoring |
| 144 | interval: 30s |
| 145 | # honorLabels: true |
| 146 | |
| 147 | ## Custom PrometheusRule to be defined |
| 148 | ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions |
| 149 | prometheusRule: |
| 150 | enabled: false |
| 151 | rules: |
| 152 | - alert: goldpinger_nodes_unhealthy |
| 153 | expr: | |
| 154 | sum(goldpinger_nodes_health_total{job="{{ template "goldpinger.fullname" . }}", status="unhealthy"}) |
| 155 | BY (instance, goldpinger_instance) > 0 |
| 156 | for: 5m |
| 157 | annotations: |
| 158 | description: | |
| 159 | Goldpinger instance {{ "{{ $labels.goldpinger_instance }}" }} has been reporting unhealthy nodes for at least 5 minutes. |
| 160 | summary: Instance {{ "{{ $labels.instance }}" }} down |
| 161 | labels: |
| 162 | severity: warning |