|
@@ -174,6 +174,10 @@ defaultRules:
|
|
|
## Prefix for runbook URLs. Use this to override the first part of the runbookURLs that is common to all rules.
|
|
|
runbookUrl: "https://runbooks.prometheus-operator.dev/runbooks"
|
|
|
|
|
|
+ node:
|
|
|
+ fsSelector: 'fstype!=""'
|
|
|
+ # fsSelector: 'fstype=~"ext[234]|btrfs|xfs|zfs"'
|
|
|
+
|
|
|
## Disabled PrometheusRule alerts
|
|
|
disabled: {}
|
|
|
# KubeAPIDown: true
|
|
@@ -275,6 +279,10 @@ alertmanager:
|
|
|
##
|
|
|
apiVersion: v2
|
|
|
|
|
|
+ ## @param alertmanager.enableFeatures Enable access to Alertmanager disabled features.
|
|
|
+ ##
|
|
|
+ enableFeatures: []
|
|
|
+
|
|
|
## Service account for Alertmanager to use.
|
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
|
|
|
##
|
|
@@ -286,8 +294,6 @@ alertmanager:
|
|
|
|
|
|
## Configure pod disruption budgets for Alertmanager
|
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
|
|
|
- ## This configuration is immutable once created and will require the PDB to be deleted to be changed
|
|
|
- ## https://github.com/kubernetes/kubernetes/issues/45398
|
|
|
##
|
|
|
podDisruptionBudget:
|
|
|
enabled: false
|
|
@@ -478,6 +484,10 @@ alertmanager:
|
|
|
annotations: {}
|
|
|
labels: {}
|
|
|
clusterIP: ""
|
|
|
+ ipDualStack:
|
|
|
+ enabled: false
|
|
|
+ ipFamilies: ["IPv6", "IPv4"]
|
|
|
+ ipFamilyPolicy: "PreferDualStack"
|
|
|
|
|
|
## Port for Alertmanager Service to listen on
|
|
|
##
|
|
@@ -752,8 +762,8 @@ alertmanager:
|
|
|
storage:
|
|
|
volumeClaimTemplate:
|
|
|
spec:
|
|
|
- storageClassName: nfs-client
|
|
|
- accessModes: ["ReadWriteOnce"]
|
|
|
+ storageClassName: nfs-vrt
|
|
|
+ accessModes: ["ReadWriteMany"]
|
|
|
resources:
|
|
|
requests:
|
|
|
storage: 50Gi
|
|
@@ -1021,10 +1031,10 @@ grafana:
|
|
|
persistence:
|
|
|
enabled: true
|
|
|
type: sts
|
|
|
- storageClassName: "nfs-client"
|
|
|
+ storageClassName: "nfs-vrt"
|
|
|
accessModes:
|
|
|
- - ReadWriteOnce
|
|
|
- size: 20Gi
|
|
|
+ - ReadWriteMany
|
|
|
+ size: 50Gi
|
|
|
finalizers:
|
|
|
- kubernetes.io/pvc-protection
|
|
|
|
|
@@ -1058,6 +1068,7 @@ grafana:
|
|
|
defaultDatasourceEnabled: true
|
|
|
isDefaultDatasource: true
|
|
|
|
|
|
+ name: Prometheus
|
|
|
uid: prometheus
|
|
|
|
|
|
## URL of prometheus datasource
|
|
@@ -1092,6 +1103,7 @@ grafana:
|
|
|
# traceIdLabelName: trace_id
|
|
|
alertmanager:
|
|
|
enabled: true
|
|
|
+ name: Alertmanager
|
|
|
uid: alertmanager
|
|
|
handleGrafanaManagedAlerts: false
|
|
|
implementation: prometheus
|
|
@@ -1122,10 +1134,17 @@ grafana:
|
|
|
# url: https://{{ printf "%s-prometheus.svc" .Release.Name }}:9090
|
|
|
# version: 1
|
|
|
|
|
|
+ # Flag to mark provisioned data sources for deletion if they are no longer configured.
|
|
|
+ # It takes no effect if data sources are already listed in the deleteDatasources section.
|
|
|
+ # ref: https://grafana.com/docs/grafana/latest/administration/provisioning/#example-data-source-config-file
|
|
|
+ prune: false
|
|
|
+
|
|
|
## Passed to grafana subchart and used by servicemonitor below
|
|
|
##
|
|
|
service:
|
|
|
portName: http-web
|
|
|
+ ipFamilies: []
|
|
|
+ ipFamilyPolicy: ""
|
|
|
|
|
|
serviceMonitor:
|
|
|
# If true, a ServiceMonitor CRD is created for a prometheus operator
|
|
@@ -1292,6 +1311,12 @@ kubelet:
|
|
|
##
|
|
|
https: true
|
|
|
|
|
|
+ ## Skip TLS certificate validation when scraping.
|
|
|
+ ## This is enabled by default because kubelet serving certificate deployed by kubeadm is by default self-signed
|
|
|
+ ## ref: https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/#kubelet-serving-certs
|
|
|
+ ##
|
|
|
+ insecureSkipVerify: true
|
|
|
+
|
|
|
## Enable scraping /metrics/cadvisor from kubelet's service
|
|
|
##
|
|
|
cAdvisor: true
|
|
@@ -1460,6 +1485,10 @@ kubeControllerManager:
|
|
|
##
|
|
|
port: null
|
|
|
targetPort: null
|
|
|
+ ipDualStack:
|
|
|
+ enabled: true
|
|
|
+ ipFamilies: ["IPv6", "IPv4"]
|
|
|
+ ipFamilyPolicy: "PreferDualStack"
|
|
|
# selector:
|
|
|
# component: kube-controller-manager
|
|
|
|
|
@@ -1546,6 +1575,11 @@ coreDns:
|
|
|
enabled: true
|
|
|
port: 9153
|
|
|
targetPort: 9153
|
|
|
+
|
|
|
+ ipDualStack:
|
|
|
+ enabled: false
|
|
|
+ ipFamilies: ["IPv6", "IPv4"]
|
|
|
+ ipFamilyPolicy: "PreferDualStack"
|
|
|
# selector:
|
|
|
# k8s-app: kube-dns
|
|
|
serviceMonitor:
|
|
@@ -1622,6 +1656,10 @@ kubeDns:
|
|
|
skydns:
|
|
|
port: 10055
|
|
|
targetPort: 10055
|
|
|
+ ipDualStack:
|
|
|
+ enabled: false
|
|
|
+ ipFamilies: ["IPv6", "IPv4"]
|
|
|
+ ipFamilyPolicy: "PreferDualStack"
|
|
|
# selector:
|
|
|
# k8s-app: kube-dns
|
|
|
serviceMonitor:
|
|
@@ -1719,6 +1757,10 @@ kubeEtcd:
|
|
|
enabled: true
|
|
|
port: 2381
|
|
|
targetPort: 2381
|
|
|
+ ipDualStack:
|
|
|
+ enabled: false
|
|
|
+ ipFamilies: ["IPv6", "IPv4"]
|
|
|
+ ipFamilyPolicy: "PreferDualStack"
|
|
|
# selector:
|
|
|
# component: etcd
|
|
|
|
|
@@ -1823,6 +1865,10 @@ kubeScheduler:
|
|
|
##
|
|
|
port: null
|
|
|
targetPort: null
|
|
|
+ ipDualStack:
|
|
|
+ enabled: false
|
|
|
+ ipFamilies: ["IPv6", "IPv4"]
|
|
|
+ ipFamilyPolicy: "PreferDualStack"
|
|
|
# selector:
|
|
|
# component: kube-scheduler
|
|
|
|
|
@@ -1916,6 +1962,10 @@ kubeProxy:
|
|
|
enabled: true
|
|
|
port: 10249
|
|
|
targetPort: 10249
|
|
|
+ ipDualStack:
|
|
|
+ enabled: false
|
|
|
+ ipFamilies: ["IPv6", "IPv4"]
|
|
|
+ ipFamilyPolicy: "PreferDualStack"
|
|
|
# selector:
|
|
|
# k8s-app: kube-proxy
|
|
|
|
|
@@ -2086,6 +2136,13 @@ prometheus-node-exporter:
|
|
|
- --collector.filesystem.fs-types-exclude=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$
|
|
|
service:
|
|
|
portName: http-metrics
|
|
|
+ ipDualStack:
|
|
|
+ enabled: false
|
|
|
+ ipFamilies: ["IPv6", "IPv4"]
|
|
|
+ ipFamilyPolicy: "PreferDualStack"
|
|
|
+ labels:
|
|
|
+ jobLabel: node-exporter
|
|
|
+
|
|
|
prometheus:
|
|
|
monitor:
|
|
|
enabled: true
|
|
@@ -2174,6 +2231,25 @@ prometheusOperator:
|
|
|
# The default webhook port is 10250 in order to work out-of-the-box in GKE private clusters and avoid adding firewall rules.
|
|
|
internalPort: 10250
|
|
|
|
|
|
+ ## Liveness probe for the prometheusOperator deployment
|
|
|
+ ##
|
|
|
+ livenessProbe:
|
|
|
+ enabled: true
|
|
|
+ failureThreshold: 3
|
|
|
+ initialDelaySeconds: 0
|
|
|
+ periodSeconds: 10
|
|
|
+ successThreshold: 1
|
|
|
+ timeoutSeconds: 1
|
|
|
+ ## Readiness probe for the prometheusOperator deployment
|
|
|
+ ##
|
|
|
+ readinessProbe:
|
|
|
+ enabled: true
|
|
|
+ failureThreshold: 3
|
|
|
+ initialDelaySeconds: 0
|
|
|
+ periodSeconds: 10
|
|
|
+ successThreshold: 1
|
|
|
+ timeoutSeconds: 1
|
|
|
+
|
|
|
## Admission webhook support for PrometheusRules resources added in Prometheus Operator 0.30 can be enabled to prevent incorrectly formatted
|
|
|
## rules from making their way into prometheus and potentially preventing the container from starting
|
|
|
admissionWebhooks:
|
|
@@ -2195,6 +2271,15 @@ prometheusOperator:
|
|
|
# argocd.argoproj.io/hook-delete-policy: HookSucceeded
|
|
|
|
|
|
namespaceSelector: {}
|
|
|
+ objectSelector: {}
|
|
|
+
|
|
|
+ mutatingWebhookConfiguration:
|
|
|
+ annotations: {}
|
|
|
+ # argocd.argoproj.io/hook: PreSync
|
|
|
+
|
|
|
+ validatingWebhookConfiguration:
|
|
|
+ annotations: {}
|
|
|
+ # argocd.argoproj.io/hook: PreSync
|
|
|
|
|
|
deployment:
|
|
|
enabled: false
|
|
@@ -2239,6 +2324,10 @@ prometheusOperator:
|
|
|
annotations: {}
|
|
|
labels: {}
|
|
|
clusterIP: ""
|
|
|
+ ipDualStack:
|
|
|
+ enabled: false
|
|
|
+ ipFamilies: ["IPv6", "IPv4"]
|
|
|
+ ipFamilyPolicy: "PreferDualStack"
|
|
|
|
|
|
## Port to expose on each node
|
|
|
## Only used if service.type is 'NodePort'
|
|
@@ -2422,6 +2511,7 @@ prometheusOperator:
|
|
|
## Provide a priority class name to the webhook patching job
|
|
|
##
|
|
|
priorityClassName: ""
|
|
|
+ ttlSecondsAfterFinished: 60
|
|
|
annotations: {}
|
|
|
# argocd.argoproj.io/hook: PreSync
|
|
|
# argocd.argoproj.io/hook-delete-policy: HookSucceeded
|
|
@@ -2440,6 +2530,12 @@ prometheusOperator:
|
|
|
runAsUser: 2000
|
|
|
seccompProfile:
|
|
|
type: RuntimeDefault
|
|
|
+ ## Service account for Prometheus Operator Webhook Job Patch to use.
|
|
|
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
|
|
|
+ ##
|
|
|
+ serviceAccount:
|
|
|
+ create: true
|
|
|
+ automountServiceAccountToken: true
|
|
|
|
|
|
# Security context for create job container
|
|
|
createSecretJob:
|
|
@@ -2527,6 +2623,10 @@ prometheusOperator:
|
|
|
annotations: {}
|
|
|
labels: {}
|
|
|
clusterIP: ""
|
|
|
+ ipDualStack:
|
|
|
+ enabled: false
|
|
|
+ ipFamilies: ["IPv6", "IPv4"]
|
|
|
+ ipFamilyPolicy: "PreferDualStack"
|
|
|
|
|
|
## Port to expose on each node
|
|
|
## Only used if service.type is 'NodePort'
|
|
@@ -2592,6 +2692,7 @@ prometheusOperator:
|
|
|
##
|
|
|
enabled: true
|
|
|
namespace: kube-system
|
|
|
+ selector: ""
|
|
|
## Use '{{ template "kube-prometheus-stack.fullname" . }}-kubelet' by default
|
|
|
name: ""
|
|
|
|
|
@@ -2809,7 +2910,7 @@ prometheusOperator:
|
|
|
thanosImage:
|
|
|
registry: quay.io
|
|
|
repository: thanos/thanos
|
|
|
- tag: v0.34.1
|
|
|
+ tag: v0.36.1
|
|
|
sha: ""
|
|
|
|
|
|
## Set a Label Selector to filter watched prometheus and prometheusAgent
|
|
@@ -2904,6 +3005,13 @@ prometheus:
|
|
|
##
|
|
|
type: ClusterIP
|
|
|
|
|
|
+ ## Service dual stack
|
|
|
+ ##
|
|
|
+ ipDualStack:
|
|
|
+ enabled: false
|
|
|
+ ipFamilies: ["IPv6", "IPv4"]
|
|
|
+ ipFamilyPolicy: "PreferDualStack"
|
|
|
+
|
|
|
## gRPC port config
|
|
|
portName: grpc
|
|
|
port: 10901
|
|
@@ -2986,6 +3094,10 @@ prometheus:
|
|
|
annotations: {}
|
|
|
labels: {}
|
|
|
clusterIP: ""
|
|
|
+ ipDualStack:
|
|
|
+ enabled: false
|
|
|
+ ipFamilies: ["IPv6", "IPv4"]
|
|
|
+ ipFamilyPolicy: "PreferDualStack"
|
|
|
|
|
|
## Port for Prometheus Service to listen on
|
|
|
##
|
|
@@ -3078,10 +3190,15 @@ prometheus:
|
|
|
##
|
|
|
type: ClusterIP
|
|
|
|
|
|
+ ## Service dual stack
|
|
|
+ ##
|
|
|
+ ipDualStack:
|
|
|
+ enabled: false
|
|
|
+ ipFamilies: ["IPv6", "IPv4"]
|
|
|
+ ipFamilyPolicy: "PreferDualStack"
|
|
|
+
|
|
|
## Configure pod disruption budgets for Prometheus
|
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
|
|
|
- ## This configuration is immutable once created and will require the PDB to be deleted to be changed
|
|
|
- ## https://github.com/kubernetes/kubernetes/issues/45398
|
|
|
##
|
|
|
podDisruptionBudget:
|
|
|
enabled: false
|
|
@@ -3296,8 +3413,23 @@ prometheus:
|
|
|
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#prometheusspec
|
|
|
##
|
|
|
prometheusSpec:
|
|
|
+ ## Statefulset's persistent volume claim retention policy
|
|
|
+ ## pvcDeleteOnStsDelete and pvcDeleteOnStsScale determine whether
|
|
|
+ ## statefulset's PVCs are deleted (true) or retained (false) on scaling down
|
|
|
+ ## and deleting statefulset, respectively. Requires 1.27.0+.
|
|
|
+ ## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
|
|
|
+ persistentVolumeClaimRetentionPolicy: {}
|
|
|
+ # whenDeleted: Retain
|
|
|
+ # whenScaled: Retain
|
|
|
+
|
|
|
## If true, pass --storage.tsdb.max-block-duration=2h to prometheus. This is already done if using Thanos
|
|
|
##
|
|
|
+ ## AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod,
|
|
|
+ ## If the field isn’t set, the operator mounts the service account token by default.
|
|
|
+ ## Warning: be aware that by default, Prometheus requires the service account token for Kubernetes service discovery,
|
|
|
+ ## It is possible to use strategic merge patch to project the service account token into the ‘prometheus’ container.
|
|
|
+ automountServiceAccountToken: true
|
|
|
+
|
|
|
disableCompaction: false
|
|
|
## APIServerConfig
|
|
|
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#apiserverconfig
|
|
@@ -3318,6 +3450,16 @@ prometheus:
|
|
|
##
|
|
|
scrapeTimeout: ""
|
|
|
|
|
|
+ ## List of scrape classes to expose to scraping objects such as
|
|
|
+ ## PodMonitors, ServiceMonitors, Probes and ScrapeConfigs.
|
|
|
+ ##
|
|
|
+ scrapeClasses: []
|
|
|
+ # - name: istio-mtls
|
|
|
+ # default: false
|
|
|
+ # tlsConfig:
|
|
|
+ # caFile: /etc/prometheus/secrets/istio.default/root-cert.pem
|
|
|
+ # certFile: /etc/prometheus/secrets/istio.default/cert-chain.pem
|
|
|
+
|
|
|
## Interval between consecutive evaluations.
|
|
|
##
|
|
|
evaluationInterval: ""
|
|
@@ -3358,7 +3500,7 @@ prometheus:
|
|
|
image:
|
|
|
registry: quay.io
|
|
|
repository: prometheus/prometheus
|
|
|
- tag: v2.50.1
|
|
|
+ tag: v2.54.1
|
|
|
sha: ""
|
|
|
|
|
|
## Tolerations for use with node taints
|
|
@@ -3679,8 +3821,8 @@ prometheus:
|
|
|
##
|
|
|
volumeClaimTemplate:
|
|
|
spec:
|
|
|
- storageClassName: nfs-client
|
|
|
- accessModes: ["ReadWriteOnce"]
|
|
|
+ storageClassName: nfs-vrt
|
|
|
+ accessModes: ["ReadWriteMany"]
|
|
|
resources:
|
|
|
requests:
|
|
|
storage: 50Gi
|
|
@@ -3984,6 +4126,10 @@ prometheus:
|
|
|
## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#prometheustracingconfig
|
|
|
tracingConfig: {}
|
|
|
|
|
|
+ ## Defines the service discovery role used to discover targets from ServiceMonitor objects and Alertmanager endpoints.
|
|
|
+ ## If set, the value should be either “Endpoints” or “EndpointSlice”. If unset, the operator assumes the “Endpoints” role.
|
|
|
+ serviceDiscoveryRole: ""
|
|
|
+
|
|
|
## Additional configuration which is not covered by the properties above. (passed through tpl)
|
|
|
additionalConfig: {}
|
|
|
|
|
@@ -3995,7 +4141,7 @@ prometheus:
|
|
|
## Defines the maximum time that the `prometheus` container's startup probe
|
|
|
## will wait before being considered failed. The startup probe will return
|
|
|
## success after the WAL replay is complete. If set, the value should be
|
|
|
- ## greater than 60 (seconds). Otherwise it will be equal to 600 seconds (15
|
|
|
+ ## greater than 60 (seconds). Otherwise it will be equal to 900 seconds (15
|
|
|
## minutes).
|
|
|
maximumStartupDurationSeconds: 0
|
|
|
|
|
@@ -4179,8 +4325,6 @@ thanosRuler:
|
|
|
|
|
|
## Configure pod disruption budgets for ThanosRuler
|
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
|
|
|
- ## This configuration is immutable once created and will require the PDB to be deleted to be changed
|
|
|
- ## https://github.com/kubernetes/kubernetes/issues/45398
|
|
|
##
|
|
|
podDisruptionBudget:
|
|
|
enabled: false
|
|
@@ -4226,6 +4370,10 @@ thanosRuler:
|
|
|
annotations: {}
|
|
|
labels: {}
|
|
|
clusterIP: ""
|
|
|
+ ipDualStack:
|
|
|
+ enabled: false
|
|
|
+ ipFamilies: ["IPv6", "IPv4"]
|
|
|
+ ipFamilyPolicy: "PreferDualStack"
|
|
|
|
|
|
## Port for ThanosRuler Service to listen on
|
|
|
##
|
|
@@ -4343,7 +4491,7 @@ thanosRuler:
|
|
|
image:
|
|
|
registry: quay.io
|
|
|
repository: thanos/thanos
|
|
|
- tag: v0.34.1
|
|
|
+ tag: v0.36.1
|
|
|
sha: ""
|
|
|
|
|
|
## Namespaces to be selected for PrometheusRules discovery.
|
|
@@ -4404,8 +4552,8 @@ thanosRuler:
|
|
|
storage:
|
|
|
volumeClaimTemplate:
|
|
|
spec:
|
|
|
- storageClassName: nfs-client
|
|
|
- accessModes: ["ReadWriteOnce"]
|
|
|
+ storageClassName: nfs-vrt
|
|
|
+ accessModes: ["ReadWriteMany"]
|
|
|
resources:
|
|
|
requests:
|
|
|
storage: 50Gi
|
|
@@ -4439,6 +4587,10 @@ thanosRuler:
|
|
|
##
|
|
|
externalPrefix:
|
|
|
|
|
|
+ ## If true, http://{{ template "kube-prometheus-stack.thanosRuler.name" . }}.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.thanosRuler.service.port }}
|
|
|
+ ## will be used as value for externalPrefix
|
|
|
+ externalPrefixNilUsesHelmValues: true
|
|
|
+
|
|
|
## The route prefix ThanosRuler registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true,
|
|
|
## but the server serves requests under a different route prefix. For example for use with kubectl proxy.
|
|
|
##
|
|
@@ -4461,6 +4613,10 @@ thanosRuler:
|
|
|
# access_key: ""
|
|
|
# secret_key: ""
|
|
|
|
|
|
+ ## Labels by name to drop before sending to alertmanager
|
|
|
+ ## Maps to the --alert.label-drop flag of thanos ruler.
|
|
|
+ alertDropLabels: []
|
|
|
+
|
|
|
## QueryEndpoints defines Thanos querier endpoints from which to query metrics.
|
|
|
## Maps to the --query flag of thanos ruler.
|
|
|
queryEndpoints: []
|
|
@@ -4601,6 +4757,17 @@ thanosRuler:
|
|
|
##
|
|
|
portName: "web"
|
|
|
|
|
|
+ ## WebTLSConfig defines the TLS parameters for HTTPS
|
|
|
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#thanosrulerwebspec
|
|
|
+ web: {}
|
|
|
+
|
|
|
+ ## Additional configuration which is not covered by the properties above. (passed through tpl)
|
|
|
+ additionalConfig: {}
|
|
|
+
|
|
|
+ ## Additional configuration which is not covered by the properties above.
|
|
|
+ ## Useful, if you need advanced templating
|
|
|
+ additionalConfigString: ""
|
|
|
+
|
|
|
## ExtraSecret can be used to store various data in an extra secret
|
|
|
## (use it for example to store hashed basic auth credentials)
|
|
|
extraSecret:
|